-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consistently getting BadAuthentication #48
Comments
A test login just worked for me. I also tried that version of urllib3. |
Hmmm...maybe something odd is going on with both repro accounts then. If you don't mind, I'll leave this issue open for a bit longer and try to do some more investigation. |
i didn't have time to look into the cause, but i had this exact same problem when i was trying to use the library on ubuntu. |
Were they two different machines? Sometimes Google will do a mandatory mfa step when it sees a new device, which I think results in BadAuth (I can't remember). |
I have only tried this from my Ubuntu 22.04 machine, and I just get the |
There's no logging of the responses or anything (since they might be sensitive) but you could hack that into your local code and hopefully get more information on why the request is failing. The code is pretty simple: https://github.com/simon-weber/gpsoauth/blob/master/gpsoauth/__init__.py |
sorry, it was the same machine. i use my google account regularly on both linux and windows on that computer, so not sure. |
I tried again on my non-work laptop with an account that does not have 2-factor enabled, and the login worked. Before when I was testing it I was traveling, so it's entirely possible that Google was blocking access because the traffic looked suspicious. @kaddkaka I think your best bet is Simon's suggestion to add more logging to gpsoauth and see if you can find more information. Initially I thought this could be a gpsoauth issue since it was happening to me as well (it's worked without issue for a long time), but now it seems more likely that it's some account-specific problem. |
Same issue when I tried to login with app password (my account has 2FA enabled). Update: |
Unfortunately, it doesn't work for me |
We are facing the same problem with the package that relies on Seems that I was just able to replicate the issue. |
Cool, I can repro with openssl 3. Switching from EncryptedPasswd to Passwd works on the old openssl but not the new one, so my guess is urllib3 is doing something different with the tls that Google doesn't like. This happened once before in urllib3/urllib3#2101. |
Does this script work as of May, 2023? Or Google has changed something that makes this script not working? I have tried the steps that are posted in this issue and none of them have worked for me |
It worked for me just now on openssl 1. |
so what did you do? |
In my case it finally worked with OpenSSL 1. I used Kali Linux 2021.2 (in which OpenSSL 1 is not changed by OpenSSL 3 and has Python 3.9.2 by default). I tried to change from OpenSSL 3 to OpenSSL 1 in another virtual machine (the last version of Kali) but none of the guides published out there worked for me. It was easier to just install an older distribution that came with OpenSSL 1. |
Still the same:
So, maybe it's time to fix DEFAULT_CIPHERS issue #52? |
Hi All! I'd like to hijack this issue as i had the BadAuthentication problem myself on Linux but not on Windows. As Google in their infinite wisdom decided to kill the integration to custom shopping list providers I had a huge motivation to get my sync running so i sunk a few hours into that problem. What I noticed is that on linux the EncryptedPasswd string was terminated with a \n while on windows it wasn't. Easy but ugly fix: within init.py modify _perform_auth_request and just strip it off if it is there session.headers = {
"User-Agent": USER_AGENT,
"Content-type": "application/x-www-form-urlencoded",
}
if data["EncryptedPasswd"].endswith("\n"):
data["EncryptedPasswd"]=data["EncryptedPasswd"][:-1]
print("RemovedNewline")
res = session.post(AUTH_URL, data=data, verify=True) Done that and it just works every time now. I hope that helps some of you best regards Michael |
Can someone with the openssl v3 issue try this and see if it helps? |
Sorry, I checked on both versions by adding a new test into pytest "test_48.py" (I didn't commit anything, because I did not see a value in it):
Works well as is for urllib3==1.26.5 with OpenSSL 1.1.1:
But still failing with
Tests are giving the same result on Jun 1 commit without any additional changes:
And with changes based on @miccico suggestion give the same BadAuthentication result:
|
Thanks for testing it out! It looks like that fixes a separate issue from the openssl one. |
Hi all, I'm having the same issue. It's a bummer because there are a bunch of downstream projects getting hit with the same problem as well and this is clearly a project used by a lot of other libraries. @simon-weber would it be possible to get a summary of the state of the world on this bug? What you think the root cause is and any possible fixes? I'm running this in Home Assistant so fixes that can be done in an environment where I have a shared OS with other dependencies would also be appreciated. Eric |
My guess is that this is something like urllib3/urllib3#2101, where a) Google is picky about tls params and b) using openssl v3 shifts them to something Google doesn't like. If someone wants to test that, they can set up a debugging https proxy and compare a working request to a non-working one. As a workaround you can use a pre-v3 openssl version. |
Here's my solution for the moment: gpsoauth_login.Dockerfile FROM alpine:3.16
RUN apk upgrade --update-cache --available && \
apk add python3 py3-pip && \
pip install gpsoauth 'urllib3<=1.25.11'
RUN echo $'import gpsoauth; import json\n\
ret = gpsoauth.perform_master_login(input(), input(), input())\n\
print(json.dumps(ret))' > /glogin.py
ENTRYPOINT ["python3", "/glogin.py"] Usage:
Save your token somewhere, and get your application to use that instead of calling Here's an example of saving the token directly into your keyring: (Python) https://gist.github.com/jkitching/57baead775f6773848d2e334cc950999 |
Can't get it to work without androidid. If only the script would pause and let me do the URL thing. |
@jkitching your solution is brilliant, but it does not work (anymore?) unfortunately. Instead of the token, I get this: I tried to make it work by opening the url with a browser, it seems to work as it asks me to confirm my login details, but then I get a static page telling me to "wait a moment", which doesn't lead anywhere (i.e. it waits forever). Any suggestions? |
@Cris70 I can't seem to reproduce on my end... it still happily hands me a valid token. Are you using 2FA? Perhaps you need to set up an App Password as suggested here? |
@jkitching I am using 2FA and I am using an app password. p.s. If you have read my previous reply, that was meant for another thread. I am writing on multiple issues and I am messing things up a bit 😅 |
I spent some time debugging it and the only difference in working and broken environments was E.g. in Python 3.8 it works with OpenSSL 1.1.1o but in Python 3.11 which adds |
Nice find! That seems like something we should be able to configure. |
I can confirm this. I also need to sign in via the browser and it does not wait - even though i use 2FA + App Password or without 2FA + normal password. |
I'm getting the same problem as Cris--the browser hangs on "One moment please..." I checked my account settings, and I have 2FA disabled, but Google asks me to verify on my phone everytime regardless. If I don't use the script provided, I get a "BadAuthentication" error. I'm getting these errors in the browser's console: Update It actually worked when I tried it through Google Collab with a project that uses gpsoauth (link). It uses another project (link, which uses gpsoauth. Actually, the script uses a fork of the project, which is actually behind in commits, and perhaps uses an older version of gpsoauth, which is included). I had already tried working with the original project directly and was getting the errors described in this thread. I have no idea why it worked in Collab. Perhaps it has something to do with a different origin (Google's own Collab servers), or the dependencies/older version of gpsoauth. |
After getting the BadAuthentication error I tried @jkitching's Docker approach and then got the broken NeedsBrowser response. Reading up it seems like the consensus was that the underlying issue was caused by something introduced into some version of gpsoauth or urllib3, so I continued to play with versions in the container and arrived at the combination of gpsoauth 1.0.2 and urllib3 <= 1.25.7 working for me with the following Dockerfile:
This includes the workaround for CERTIFICATE_VERIFY_FAILED reported by @edx-sayed-salem for get_tokens.py. |
The same effect as #24, though possibly a different cause. Every time I do
gpsoauth.perform_master_login()
I receive aBadAuthentication
error. This happens for a normal password protected account as well as 2FA using an app password. This is also happening to @kaddkaka , so slightly less chance that it's just something weird with my account. Has Google changed something in their API recently?OS: linux
Python: 3.10.4
pip freeze:
The text was updated successfully, but these errors were encountered: