Closed Bug 993823 Opened 11 years ago Closed 7 years ago

[Sora]Unable to configure Google account with 2-step verification activated

Categories

(Firefox OS Graveyard :: Gaia::E-Mail, enhancement)

Product:
Firefox OS Graveyard
Component:
Gaia::E-Mail
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: sync-1, Unassigned)

References

Details

(Whiteboard: [feature])

Attachments

(2 files)

logcat log
1021.33 KB, application/octet-stream
Details
Screenshot Gmail config message
18.96 KB, image/png
Details
the latest id: Mozilla build ID: 20140323004002 FFOS: 1.3 Defect description: =================== Unable to configure Google account with 2-step verification activated. Steps to reproduce: =================== 1. User already has a Gmail account with 2-step verification activated 2. launch E-mail app 3. Fill in all fields with Gamil account indicated at step 1 above 4. Press Next Expected result: ================ When gmail credentials (gmail address and password) are entered and we press Next, device tries to configure it but it returns to credentials screen indicating "You must use an application specific password for two-factor Gmail accounts". As per Android devices behaviour browser is launched and credendials are entered again, then an SMS is received indicating code to be used to finish gmail configuration on our device. See attached logcat logs.
Attached file logcat log
When I attempt to use the stock e-mail client on an Android 4.4 Nexus 4 device to login to my 2-factor authenticated gmail account that already has credentials on the phone, I just get a modal error with title "Couldn't finish" and "Username or password is incorrect" with only a button "Edit details" available. My 2-step verification mode is set to "Google Authenticator app" as my primary means of receiving codes. This raises a few questions: - What version of Android are you using? - Is it stock Android or modified Android? - What e-mail app are you using? - What 2-step verification mode are you using for the account in question as primary? (SMS/voice?) - Is the gmail account you are trying to setup email for (on the Android device) already an authenticated account on the device? - When the browser is launched, are you getting kicked over to a local Android activity to assist in the authentication, or is it purely done via the google website? - What kind of code are you getting? Is it one of the long passwords like "abcd efgh ijkl mnop" or a shorter numeric code? Do you have to name the device and then does the device show up udner the list of "app-specific passwords" tab in the google 2-step verification settings page? - If it's not an app code like the former, then it's probably an XOAUTH2 authorization. This would show up under the "Account permissions" list on the account "Security" tab. Also, feature expectation wise, are you expecting that any SMS involved in the process would automatically be processed by the system, or that the user would need to view the SMS, write down the code, then manually re-enter the code in the e-mail app again?
Severity: normal → enhancement
Flags: needinfo?(sync-1)
Priority: P2 → --
Whiteboard: [feature]
(In reply to comment #1) > Comment from Mozilla:When I attempt to use the stock e-mail client on an > Android 4.4 Nexus 4 device to login to my 2-factor authenticated gmail account > that already has credentials on the phone, I just get a modal error with title > "Couldn't finish" and "Username or password is incorrect" with only a button > "Edit details" available. My 2-step verification mode is set to "Google > Authenticator app" as my primary means of receiving codes. > > This raises a few questions: > - What version of Android are you using? > - Is it stock Android or modified Android? > - What e-mail app are you using? > - What 2-step verification mode are you using for the account in question as > primary? (SMS/voice?) > - Is the gmail account you are trying to setup email for (on the Android > device) already an authenticated account on the device? > - When the browser is launched, are you getting kicked over to a local Android > activity to assist in the authentication, or is it purely done via the google > website? > - What kind of code are you getting? Is it one of the long passwords like > "abcd efgh ijkl mnop" or a shorter numeric code? Do you have to name the > device and then does the device show up udner the list of "app-specific > passwords" tab in the google 2-step verification settings page? > - If it's not an app code like the former, then it's probably an XOAUTH2 > authorization. This would show up under the "Account permissions" list on the > account "Security" tab. > > Also, feature expectation wise, are you expecting that any SMS involved in the > process would automatically be processed by the system, or that the user would > need to view the SMS, write down the code, then manually re-enter the code in > the e-mail app again? > After long analysis on this issue we saw that also Android devices can't configure gamil account with 2-step verification, the behaviour is almost the same as on FF. Our mistake was to mix Gmail account configuration setup for GOOGLE account as EMAIL. This PR can be CLOSED.
According to this doc, it looks like if the user sets up an application-specific password ahead of time, and that password is used, that may work: https://support.google.com/accounts/answer/185833?hl=en
(In reply to James Burke [:jrburke] from comment #5) > According to this doc, it looks like if the user sets up an > application-specific password ahead of time, and that password is used, that > may work: > > https://support.google.com/accounts/answer/185833?hl=en That definitely works. A
Flags: needinfo?(sync-1)
(In reply to James Burke [:jrburke] from comment #5) > According to this doc, it looks like if the user sets up an > application-specific password ahead of time, and that password is used, that > may work: > > https://support.google.com/accounts/answer/185833?hl=en Whoops, let's try again. Yeah, that definitely works, the question in my mind is whether we can do better by using XOAUTH2, because I could see us being able to improve things by following that path. Specifically, I would expect the user to still need to use 2-factor auth to perform the authorization, but presumably that avoids the user needing to type in the long password and restricts the credential we save off to only be able to manipulate the user's gmail account instead of their entire account. It would be good to have an existing open-source client implementation known to do this and to be able to check against it to accelerate such a thing and make sure we're all on board for the required UX flow. (On Android, Google's magic authenticator hooks in the browser will of course make such things much easier for users...) It looks like k9 does not have this support https://github.com/k9mail/k-9/wiki/Manual-AccountSetup#imap. Our existing imap layer does support xoauth2, as does browserbox; I just don't think they demonstrate the entire dance or provide any guarantees about how it interacts with 2-factor auth.
Filed bug 1059100 on explicit XOAUTH2 support for gmail.
See Also: → 1059100
link all Fire C (codename: Sora) bugs to a meta one.
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: