UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce the problem:
1. Download and run the Identity API Sample from https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/identity
2. Click Sign-In and accept permissions
3. Receive error {"message":"Authorization page could not be loaded."}
4. Click Sign-in again
5. Token is now acquired

What is the expected behavior?
Token is granted from first try.

What went wrong?
With the new Google sign-in page implementation, the chrome.identity.getAuthToken method consistently fails for packaged apps with "Authorization page could not be loaded." A second try succeeds most of the time, though if implemented programmatically in Javascript, with timeouts in between tries, it may subsequently (however rarely) fail with "OAuth2 not granted or revoked" for a few more times until finally granting the token.

Did this work before? N/A 

Does this work in other browsers? Yes

Chrome version: 58.0.3029.110  Channel: stable
OS Version: 10.0
Flash Version: 

chrome.identity.getAuthToken worked fine for packaged apps, before the Google sign-in page changed. The issue can now be reproduced on Windows OS with Chrome 57+ and on ChromeOS with Chrome 57+.

Note: when the getAuthToken call fails for the first time after the user accepts the permissions, chrome actually creates an internal OAuth2 token entry that can be viewed on chrome://identity-internals/. However, the Access Token field is not populated, as if the user would have denied the permission.

Additional note: an account selection page was not displayed before the new sign-in, if the (accepted) app permissions in the manifest included "identity" and "identity.email" and an account was already logged in and associated with the current browser profile. Now the account selection is displayed regardless. 
However, selecting any other account than the default one, associated with the current profile will cause getAuthToken to fail with "OAuth2 not granted or revoked", although the OAuth2 token will actually be granted in the background for the selected secondary account.
This does not make much sense, so we were wondering whether this is intended behavior or not.