Issue metadata
Sign in to add a comment
|
Chromium Anrdoid - Sign-in / sync not working
Reported by
devinlam...@gmail.com,
Jan 3 2017
|
||||||||||||||||||||||
Issue descriptionSteps to reproduce the problem: 1. Build Chromium for Android from source with API keys (either current stable or canary/master) 2. Attempt to sign into your Google account What is the expected behavior? You should be signed into your Google account and data should sync to browser What went wrong? Sign in will appear to work however it will eventually give you an error asking you to "update your sign-in details" even though they are correct. Checking logs on Android, you will see: cr_sync_Signin Failed to perform auth task cr_sync_Signin org.chromium.components.signin.AuthException: com.google.android.gms.auth.a: INVALID_SCOPE Also, checking signin-internals, under "sync" you will see the following error: "Failure: invalid credentials" Under sync-internals you will see: SYNC_AUTH_ERROR Did this work before? Yes Chrome version: 55.0.2883.91 Channel: stable OS Version: 7.1 Flash Version: N/A Note: the credentials are correct in all situations. I have tested the same API keys building the desktop version of Chromium with success (signin works as intended).
,
Jan 3 2017
Can confirm the same issue on my builds. Hope Google it's not blocking the sync api...
,
Jan 3 2017
Same on my builds
,
Jan 3 2017
Can confirm the same issue on every chromium based build i have tried so far.
,
Jan 3 2017
,
Jan 4 2017
I have the same problem since the past 2 weeks
,
Jan 4 2017
,
Jan 4 2017
,
Jan 5 2017
+on-call sign-in triager zea@ - could this have anything to do with the changes we made to the sync scoped refresh tokens?
,
Jan 6 2017
Same on my builds
,
Jan 8 2017
same here, can't sync contacts
,
Jan 10 2017
Zea, Ping for comment #9. Thanks,
,
Jan 10 2017
I think this is a result of the recent change to sync scoped refresh tokens as Eli suggests. The change, which set a flag named disallowed_on_consent_page to true, made it so that only first party apps can request the chromesync scope. This works fine for official builds, but dev builds won't be recognized as first party unless they're whitelisted. Following the example of the zine team, I think our next step is to create a whitelist group and configure it to ignore the problematic flag. Then anyone needing to use the chromesync API from a dev build can be added to the group.
,
Jan 10 2017
,
Jan 11 2017
Re-assigning to myself for now
,
Jan 12 2017
This didn't repro for my local build of android, although I'm not sure why. I don't fully understand the logic that distinguishes between 1P and 3P apps. I will ask the FI team.
,
Jan 12 2017
@pnoland - that was my result as well, however, I determined that if your builds were working *before* this change, they will continue to work unless you wipe your phone or change the apk package name.
,
Jan 12 2017
Reassigning to Patrick to investigate how reliable this repros, and difference between Android and Desktop behavior.
,
Jan 12 2017
After more investigation and a repro, the scope of this more or less as devinlamothe@gmail.com describes; Android-specific, and only if you haven't granted the chromesync scope to the app. Desktop and Android differ in how they are granted access to various oauth scopes. Android uses GMSCore, which for non-first party builds pops a consent dialog when signing into chromium. It first checks that the requested scopes are valid, which fails now that chromesync isn't allowed on the consent dialog. Official builds don't pop the dialog, so they bypass the issue. Practically speaking, anyone who wants to use sync with their android dev builds will either need to use only accounts with the scope already granted or be added to a whitelist.
,
Jan 12 2017
Thanks pnoland@chromium.org, that is what I figured. Any idea how the white-list is going to work? There are numerous third party Chromium browsers on the Play Store that include sync. Will end users who want to use chrome sync need to register for the list, or will the dev just need to register? Thanks again for looking into this.
,
Jan 12 2017
The unfortunate thing about the (current) whitelist approach is that it works only for manually configured groups of users. Third party apps wouldn't be able to automatically add their users, nor would we be able to add them all manually. I'm going to investigate alternatives to this approach.
,
Jan 23 2017
An update for everyone: We locked down access to chromesync scoped refresh tokens to address a security vulnerability. When we did so, we knew that this may break some 3P browsers which made use of chromesync scoped refresh tokens to leverage Chrome Sync for their users. Chrome Sync has never officially been supported for 3P browsers. We do not intend to create a solution by which 3P browsers can whitelist themselves or their users so that they can get chromesync scoped refresh tokens. Note that Chromium for Android is technically considered a 3P browser. Marking as WontFix, accordingly.
,
Feb 2 2017
Issue 688028 has been merged into this issue.
,
Feb 2 2017
,
Feb 21 2018
Is there a way to manually add Chromium for Android to the whitelist if I have root access on my device?
,
Feb 21 2018
No, the whitelist is server-based.
,
Apr 12 2018
If that is from a third party Chromium browser, sync will not work. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 Deleted