Bug 1592407 Comment 17 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Looking at the docs at https://developers.google.com/identity/protocols/OAuth2InstalledApp we should probably update the urls as so.

-      "https://accounts.google.com/o/oauth2/auth",
-      "https://www.googleapis.com/oauth2/v3/token",
+      "https://accounts.google.com/o/oauth2/v2/auth",
+      "https://oauth2.googleapis.com/token",

Unfortunately, that doesn't help any :(

These are the relevant network requests. For the AccountChooser for whatever reason we end with a param to get sent to the legacy auth (https://accounts.google.com/signin/oauth/legacy/consent). I'd imagine that's the root of the problem.

curl 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1'

curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&Email=example@gmail.com&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'

curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&Email=example@gmail.com&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'

curl 'https://accounts.google.com/AccountChooser?oauth=1&continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJi8hAP_NCRJtKpGW84MoNR_ltqVjGRuVys1ie0r3UyClXR5iskmXA3AvkNOVmPpFQ3iLzzHjApPhYeoo9SgwTuTLgtOaHE4qhcpqVkCjNqjEQWuV30xTzu1hyEwxH45I3JYe5fGIgn0SPU8P912AklFPgq_Nx4gBsgugTKAbVZ7R0wPKJJis302QEb_sDQ2XobkQdG5B3Xjt18t-SWZIxz8iElJdSQ6XOs5AhrqLRsImXVdwsQOAIlLz75bd5bfHLTpqd4RkvXsS1b7EgBsSc0X8l00Rpdn3vKbi3tdRHGPb7-q1YN5vG_LFpVo5rL8mp_oeEsPw9IHc0vdixIsB3SaN9QHhVoXiS6UHszRZhkbBsnlfeqF5nBSbiYs6UdxH3pjtcnNmCTvq0BPnXqcip8RqLkym9-AxcZ-9hD8MgHw3o_523pML4w%26as%3DraOi9ApwBeyZIud8WPVzhg%23' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw; GAPS=1:VErCzlQH5r0KkWvwZjsi5_lWb08Aag:iGBDQu8UQ1COgpda' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
Looking at the docs at https://developers.google.com/identity/protocols/OAuth2InstalledApp we should probably update the urls as so.
```
 -      "https://accounts.google.com/o/oauth2/auth",
 -      "https://www.googleapis.com/oauth2/v3/token",
 +      "https://accounts.google.com/o/oauth2/v2/auth",
 +      "https://oauth2.googleapis.com/token",
```

Unfortunately, that doesn't help any :(

These are the relevant network requests. For the AccountChooser for whatever reason we end with a param to get sent to the legacy auth (https://accounts.google.com/signin/oauth/legacy/consent). I'd imagine that's the root of the problem.

curl 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1'

curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&Email=example@gmail.com&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'

curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&Email=example@gmail.com&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'

curl 'https://accounts.google.com/AccountChooser?oauth=1&continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJi8hAP_NCRJtKpGW84MoNR_ltqVjGRuVys1ie0r3UyClXR5iskmXA3AvkNOVmPpFQ3iLzzHjApPhYeoo9SgwTuTLgtOaHE4qhcpqVkCjNqjEQWuV30xTzu1hyEwxH45I3JYe5fGIgn0SPU8P912AklFPgq_Nx4gBsgugTKAbVZ7R0wPKJJis302QEb_sDQ2XobkQdG5B3Xjt18t-SWZIxz8iElJdSQ6XOs5AhrqLRsImXVdwsQOAIlLz75bd5bfHLTpqd4RkvXsS1b7EgBsSc0X8l00Rpdn3vKbi3tdRHGPb7-q1YN5vG_LFpVo5rL8mp_oeEsPw9IHc0vdixIsB3SaN9QHhVoXiS6UHszRZhkbBsnlfeqF5nBSbiYs6UdxH3pjtcnNmCTvq0BPnXqcip8RqLkym9-AxcZ-9hD8MgHw3o_523pML4w%26as%3DraOi9ApwBeyZIud8WPVzhg%23' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw; GAPS=1:VErCzlQH5r0KkWvwZjsi5_lWb08Aag:iGBDQu8UQ1COgpda' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'

Back to Bug 1592407 Comment 17