Google Logins have usually favored mainstream browsers, and so until now, to get it to work on Electron you would need to change the userAgent
string to Chrome. However, after getting reports from users last week, I found that this no longer works.
Opening a Google signin URL using the following code:
const win = new BrowserWindow({
height: 600,
width: 800
})
const client = new google.auth.OAuth2(
clientId, clientSecret, "urn:ietf:wg:oauth:2.0:oob"
)
const url = client.generateAuthUrl({
access_type: "offline",
scope: scopes
})
win.loadURL(url, {
userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 Edg/93.0.961.52"
})
This still yields the This browser or app may not be secure
error and prevents Google signin from working.
I'm hoping there is a solution to getting Google signin working on Electron again.
There might be some tricks to work this around, but they will most likely be blocked by Google, eventually. They did give head-ups about this in Google Developer blog:
The proper solution is to use the user's default browser for OAuth2 authorization flow UI (rather than a custom WebView popup), as required by "RFC8252: OAuth 2.0 for Native Apps":
OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser. This specification details the security and usability reasons why this is the case and how native apps and authorization servers can implement this best practice.
One good reason for this is that the user might already be authenticated with Google in their default browser, so they don't have to enter the password / go through MFA flow once again. They would only see the authorization request for your specific app, which they may decide to approve or reject.
One other good reason is that they could use a password manager of their choice, which most likely works with their default browser but not with your Electron app.