Google Authentication does not work for some people

[daipom]

Feature request story or issue

Screenshot

Url

• Url where you took the screenshot:
• URL: https://www.ourboard.io/

A sentence description of the problem

Short DESCRIPTION: I can't sign in. (I could about a month ago, but recently I can't)

1. Press sign in.
2. Signing in... message is displayed.
3. Then the same window is displayed again.

I expect that my account name is displayed and sign in button changes to sign out button at 3.

I can't access boards with access control because of this problem.

1. This board is for authorized users only. Click here to sign in. message is displayed.
2. Press here.
3. singing in... message is displayed.
4. This board is for authorized users only. Click here to sign in. message is displayed again.

I tried this in some environments, but I couldn't in any of them, so it doesn't seem to have anything to do with the environment or the browser.

I tried the following combination:

• OS
  • Windows 10
  • macOS Monterey
  • Ubuntu 20.04
• Browser
  • Firefox
  • Chrome

Maybe it's not an environmental issue, maybe it's an account issue...

Some people around me have been unable to sign in recently.

That's it! Thanks.

[raimohanska]

Hi! Thanks for letting me know!

The Google Auth library used earlierly was obsolete so I re-implemented Google Auth just recentrly and this may be related. It works for me of course, but that's clearly not good enough :(

I'll look into this. Meanwhile, there are some things I'd like to ask from you, in order to speed this up:

1. Did I understand correctly that on the front page you click Sign in, and as a result you're redirected back to the front page, and the "sign in" link is still visible after that?
2. Could you do the login sequence with the browser's developer tools open and paste here what's shown on the Console and a screenshot of the Network tab?
3. Could you try and clean all the Cookies related to www.ourboard.io on your browser and see if that fixes the problem for you?
4. It would help to know which email you're using so I could check if there's any log messages that would give me a hint on what's wrong.

Thanks!

[daipom]

Thanks so much!!

Let me answer the questions that I can answer right away first.

1. Yes. I can press sign in again and again.
3. I cleaned the Cookies related to the site, but the problem still occurs.

I cleaned the Cookies in Firefox.

Then, my recent board lists are removed, but the same problem still occurs.

Screencast.from.2023.02.07.16.57.07.webm

[daipom]

2. Could you do the login sequence with the browser's developer tools open and paste here what's shown on the Console and a screenshot of the Network tab?

Console:

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. login
Cookie “returnTo” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite login
GEThttps://www.ourboard.io/favicon.ico
[HTTP/1.1 404 Not Found 0ms]

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. www.ourboard.io
Storage access automatically granted for First-Party isolation “https://accounts.google.com” on “https://www.ourboard.io”. www.ourboard.io
Connecting to wss://www.ourboard.io/socket/lobby server-connection.ts:65:16
Token parsing failed ******************************* DOMException: String contains an invalid character user-session-store.ts:160:20
Session status anonymous observable.ts:29:82
Board id undefined board-store.ts:450:16
ui.board.join.request -> reset board-store.ts:266:20
GEThttps://www.ourboard.io/favicon.ico
[HTTP/1.1 404 Not Found 0ms]

Socket connected server-connection.ts:74:20
Document hidden, closing socket server-connection.ts:48:20
Document shown, reconnecting. server-connection.ts:58:20
Connecting to wss://www.ourboard.io/socket/lobby server-connection.ts:65:16
Socket connected server-connection.ts:74:20

Network:

[daipom]

4. It would help to know which email you're using so I could check if there's any log messages that would give me a hint on what's wrong.

My email is ***********************

[raimohanska]

Thanks for your quick replies! I edited your reply above by masking your email to protect you from possible scrapers/spammers. I'll try to figure out what's going on here. Do you happen to have any privacy plugins in your browser that might have an effect here btw?

[raimohanska]

I con confirm that your login attempt just a while ago was successful on the server side - the console.log on google-auth.ts was triggered and shows you name+email.

After that it sets the user cookie JWT and redirects you back to the front page. With the JWT cookie in place, you should be authenticated. However, you your console log it says Session status anonymous which indicates that the cookie was not observed on the client side.

Here's the real finding though: in your console log there is this line

Token parsing failed ********************* DOMException: String contains an invalid character user-session-store.ts:160:20

I masked the token in your comment and removed the screenshot for privacy.

So there's something wrong with the token or token parsing on the client side. I'll dig deeper.

[daipom]

Thanks! Please let me know if there is anything I can help with.

Do you happen to have any privacy plugins in your browser that might have an effect here btw?

I can't think of any plugins in my browser that would affect this.
I tried some environments, but I couldn't sign-in in any of them, so I don't think it's a browser or environment issue.

Some people around me can sign in. Some can't.
I don't know what the difference is...

[raimohanska]

Hi! The problem is now hopefully fixed in 2807e77. The earlier implementation was based on an incorrect suggestion in Stack Overflow. One must understand that in JWT the encoding is base64url instead of standard base64.

Lemme know if it's fixed for you now!

[daipom]

The problem is fixed!! I can sign in!!
Thanks so much for your kind and quick response!!

[raimohanska]

No problem! Thanks for helping me out - this helps a lot of other users as well.