[upstream] Access to the Google remote account does not work

Bug #1844453 reported by Emanuele
26
This bug affects 8 people
Affects Status Importance Assigned to Milestone
LibreOffice
Confirmed
High
libreoffice (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

I have a Google account with 2FA login, from LibreOffice I try to add the remote account, but it doesn't work, it asks me for a 6-digit PIN.
Investigating to see if it was just my problem, I discovered that this is a long-standing LibreOffice bug (1) and seems unresolved.

The last report confirms this: "2019-07-04 04:44:41 UTC
This feature doesn't work with my Google account _w/o_
2FA.

Bug hasn't be resolved for about 3 years and "very soon"
we may celebrate 5 years anniversary. %-("

1) https://bugs.documentfoundation.org/show_bug.cgi?id=101630

ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: libreoffice (not installed)
ProcVersionSignature: Ubuntu 5.3.0-10.11-generic 5.3.0-rc8
Uname: Linux 5.3.0-10-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Sep 17 23:00:10 2019
InstallationDate: Installed on 2019-02-18 (210 days ago)
InstallationMedia: Kubuntu 19.04 "Disco Dingo" - Alpha amd64 (20190130)
ProcEnviron:
 TERM=screen-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=it_IT.UTF-8
 SHELL=/bin/bash
SourcePackage: libreoffice
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
In , Sanipachenko (sanipachenko) wrote :

Created attachment 126925
Start login

In the new version this bug is not corrected (Bug 100113).
Now he asks for a PIN but never gets a message that does not accept PIN and the PIN generated by Autenticator App.

Revision history for this message
In , Sanipachenko (sanipachenko) wrote :

Created attachment 126926
Error... The same error as before

Revision history for this message
In , Cno (cno) wrote :

@guiseppe: maybe you can have a look?
thanks!

Revision history for this message
In , Giuseppe-castagno (giuseppe-castagno) wrote :

Checked with:

Version: 5.2.0.4
Build ID: 066b007f5ebcc236395c7d282ba488bca6720265
CPU Threads: 4; OS Version: Windows 6.2; UI Render: default;
Locale: it-IT (it_IT)

I found it working on standard (e.g. not 2FA) account.
Unfortunately not working on a 2FA enabled account.
Strangely Google sent me always the same PIN code.

Until a few days ago 2FA worked, with the same LO version.
I think Google changed again the login page.

Unfortunately I don't have time to look into the matter ATM, it will be necessary to fix something in libcmis I think.

Revision history for this message
In , Aron Budea (baron-z) wrote :

Confirmed based on Giuseppe's reply.

Revision history for this message
In , Shrenik-bhura-c (shrenik-bhura-c) wrote :

Created attachment 127123
LibreOffice 5.2.0.4 Google drive 2FA failing english

Have experienced the same "Error saving the document <filename>: The specified device is invalid" error as before. The only advancement with 5.2.0.4 is that we are now being requested the PIN. But once we enter that, the result remains the same as in the screenshot attached.

Revision history for this message
In , Alberto-gaburro-8 (alberto-gaburro-8) wrote :

Same problem on Libreoffice 5.2.1.2 x64 on Windows 10.

After entering the PIN, I get the error "The specified device is invalid".
So I can't even browse my contents on Google Drive.

Revision history for this message
In , Bob Harvey (bobharvey) wrote :

I am not sure if my experience is appropriate to this bug, or if it something else.

But it is definitely a case of 2-factor not working!

I have installed the 64 bit version 5.2.2.2

When attempting to connect to google drive I get a dialogue asking me for a PIN from my account There is a small dialgoue with a G- in front of the data entry box.

What pops up on my phone is a wholly different dialogue, asking me to tap on one of 3 numbers that are displayed on the login attempt. They aren't.

So LibreOffice is asking for a number that is not displayed on the phone, and the phone is asking for a number that is not displayed by LibreOffice. SOme mistake there, I feel.

Screen grabs wil follow

Revision history for this message
In , Bob Harvey (bobharvey) wrote :

Created attachment 127700
First screen grab for comment 7

This is Libre Office trying to log into my Google Drive account, and waiting for authentication

Revision history for this message
In , Bob Harvey (bobharvey) wrote :

Created attachment 127701
Second screen grab for comment 7

This is what the phone offers as the 2nd factor

Revision history for this message
In , Alberto-gaburro-8 (alberto-gaburro-8) wrote :

(In reply to Alberto Gaburro from comment #6)
> Same problem on Libreoffice 5.2.1.2 x64 on Windows 10.
>
> After entering the PIN, I get the error "The specified device is invalid".
> So I can't even browse my contents on Google Drive.

Upgraded Libreoffice from 5.2.1.2 to 5.2.2.2 x64 on Windows 10.
Nothing changes :(

Revision history for this message
In , Alberto-gaburro-8 (alberto-gaburro-8) wrote :

(In reply to Alberto Gaburro from comment #10)
> (In reply to Alberto Gaburro from comment #6)
> > Same problem on Libreoffice 5.2.1.2 x64 on Windows 10.
> >
> > After entering the PIN, I get the error "The specified device is invalid".
> > So I can't even browse my contents on Google Drive.
>
> Upgraded Libreoffice from 5.2.1.2 to 5.2.2.2 x64 on Windows 10.
> Nothing changes :(

Upgraded Libreoffice from 5.2.2.2 to 5.2.3.3 x64 on Windows 10.
Nothing changes :(

Revision history for this message
In , Vinixda (vinixda) wrote :

I can confirm that Google Drive 2FA is broke again.

LibreOffice 5.2.4.2 (Fresh PPA), Linux Mint 18.1.

Revision history for this message
In , Alberto-gaburro-8 (alberto-gaburro-8) wrote :

(In reply to Alberto Gaburro from comment #11)
> (In reply to Alberto Gaburro from comment #10)
> > (In reply to Alberto Gaburro from comment #6)
> > > Same problem on Libreoffice 5.2.1.2 x64 on Windows 10.
> > >
> > > After entering the PIN, I get the error "The specified device is invalid".
> > > So I can't even browse my contents on Google Drive.
> >
> > Upgraded Libreoffice from 5.2.1.2 to 5.2.2.2 x64 on Windows 10.
> > Nothing changes :(
>
> Upgraded Libreoffice from 5.2.2.2 to 5.2.3.3 x64 on Windows 10.
> Nothing changes :(

Upgraded Libreoffice from 5.2.4.2 to 5.2.5.1 x64 on Windows 10.
Nothing changes :(

Revision history for this message
In , gkey (gmkey) wrote :

Upgraded Libreoffice to 5.3.0.3 x64 on Windows 10.
Nothing changes :(

Revision history for this message
In , Aron Budea (baron-z) wrote :

Version field is supposed to be the oldest version the bug was observed with, please don't change to a newer one.

Revision history for this message
In , Timothy Magee (timothy-0) wrote :

Just confirmed on XUbuntu 16.04.2 using the following LibreOffice build:
Version: 5.3.0.3
Build ID: 1:5.3.0~rc3-0ubuntu1~xenial1.1
CPU Threads: 4; OS Version: Linux 4.4; UI Render: default; VCL: gtk2; Layout Engine: new;
Locale: en-US (en_US.UTF-8); Calc: group

Further, I noticed that when I enter a wrong password with two-factor enabled, the dialogue for two factor appears. Then I enter the six digit code and whatever I enter in that box I get "The specified device is invalid".

I also get this error if I type an unused email address or the wrong password.

Revision history for this message
In , R-cabane (r-cabane) wrote :

Same behavior here (using LO from TDF, version 5.3.1.2). In fact, my phone never receives the expected SMS from Google, so I can't even type the 6-digit G-code.

Revision history for this message
In , Maks S. (makssly) wrote :

I confirm the bug in version 5.2.6.2 on Windows 10 x64.
2-FA enabled Google Account doesn't work.

Revision history for this message
In , R-cabane (r-cabane) wrote :

Just the same, LO from TDF, 5.3.2.2, Linux

Revision history for this message
In , Aron Budea (baron-z) wrote :

Thanks for the update, but Max, please keep version at earliest (known) affected.

Revision history for this message
In , Aloishammer (aloishammer) wrote :

Confirmed "The specified device is invalid." with good credentials and good OATH-TOTP code.

Let me know if I can add any information. It's not clear to me how or whether it's possible to enable any form of logging for LibreOffice on Windows.

Version: 5.3.2.2 (x64)
Build ID: 6cd4f1ef626f15116896b1d8e1398b56da0d0ee1
CPU Threads: 8; OS Version: Windows 6.1; UI Render: GL; Layout Engine: new;
Locale: en-US (en_US); Calc: group

Oracle JRE 1.8.0_131 x86 and x64 installed system-wide, functioning, and enabled in LO options.

Java critical files -

C:\Windows\Sun\Java\Deployment\deployment.config -

deployment.system.config=file:///C:/Windows/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true
deployment.system.config.locked
deployment.system.config.mandatory.locked

C:\Windows\Sun\Java\Deployment\deployment.properties -

#System Deployment Properties
deployment.cache.jarcompression.locked=true
deployment.cache.jarcompression=9
deployment.cache.max.size.locked=true
deployment.cache.max.size=256
deployment.console.startup.mode.locked=true
deployment.console.startup.mode=DISABLE
deployment.expiration.check.enabled.locked=true
deployment.expiration.check.enabled=false
deployment.insecure.jres.locked=true
deployment.insecure.jres=NEVER
deployment.javaws.associations.locked=true
deployment.javaws.associations=2
deployment.javaws.shortcut.locked=true
deployment.javaws.shortcut=ASK_USER
deployment.javaws.update.timeout.locked=true
deployment.javaws.update.timeout=2500
deployment.log.locked=true
deployment.log=false
deployment.proxy.type.locked=true
deployment.proxy.type=0
deployment.roaming.profile.locked=true
deployment.roaming.profile=false
deployment.security.authenticator.locked=
deployment.security.authenticator=true
deployment.security.level.locked=true
deployment.security.level=VERY_HIGH
deployment.security.revocation.check.locked=true
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.SSLv3.locked=true
deployment.security.SSLv3=false
deployment.security.use.native.sandbox.locked=true
deployment.security.use.native.sandbox=true
deployment.security.validation.clockskew.locked=true
deployment.security.validation.clockskew=5
deployment.security.validation.crl.locked=true
deployment.security.validation.crl=true
deployment.security.validation.ocsp.locked=true
deployment.security.validation.ocsp=true
deployment.security.validation.timeout.locked=true
deployment.security.validation.timeout=5
deployment.trace.locked=true
deployment.trace=false
deployment.user.logdir.locked=true
deployment.user.logdir=null
install.disable.sponsor.offers.locked=true
install.disable.sponsor.offers=true

Revision history for this message
In , Oliver-brinzing (oliver-brinzing) wrote :

Today i tried to connect to Google Drive with LO 5.3.3(32Bit) on Win10Pro 64Bit with 2FA, and i worked, but only, if i receive the PIN via SMS on my IPhone.
During the initial installation i received 2 PINs.

PIN via Autenticator App does not work for me too.

Revision history for this message
In , Sanipachenko (sanipachenko) wrote :

[ES]
Yo no recibo nunca el mensaje con Movistar en Argentina. Si es para ingreso al Mail, sí, pero no para esto.
[EN]
I never receive the message with Movistar in Argentina. If it is to login to the Mail, yes, but not for this.

Revision history for this message
In , Sergejs-usakovs (sergejs-usakovs) wrote :

For me also, authentication via Google Authenticator app on iOS didn't work.
As LO - strangely - doesn't offer a choice of alternative options to choice Google authentication code delivery method delivery, then you have to setup your phone as Default Google Authentication option - then, again problem, as Google, doesn't allow freely to choose delivery option, and set default delivery option itself, the only way to get phone as a default Google authenticator code delivery option is to remove all other options, namely, in my case, Google Prompt option, and Google Authenticator app option.
Then - again strangely - LO ask for GDrive credentials, incl. authenticator code again - I am just wondering, what the sense of going such loop..?

Then, when finally Gdrive directory get populated there are only just like 50-100 files and one directory, out of 1000s... - rendering it unusable.

LO Version: 5.4.0.3
Build ID: 7556cbc6811c9d992f4064ab9287069087d7f62c
CPU threads: 2; OS: Windows 6.2; UI render: default;
Locale: en-IE (en_US); Calc: group

Revision history for this message
In , R-cabane (r-cabane) wrote :

I tried to connect to Google Drive just after having installed LO 5.4. No change appeared : my phone received non SMS from Google.

Revision history for this message
In , Milos-2 (milos-2) wrote :

Using LO 5.4.4.2 on Ubuntu 17.10, with 2FA *disabled*, I am asked for the PIN anyway. Unable to sign in.

Revision history for this message
In , Karl Foley (u-karl) wrote :

Experiencing the same issue in Windows 6.0.0.3.

Revision history for this message
In , R-cabane (r-cabane) wrote :

The bug is still there on LO 6.0.4 (Linux). I tried opening Google drive giving my account either as (my Gmail address) or (the first part of my Gmail address), without success : my phone didn't receive any SMS.

Revision history for this message
In , Sanipachenko (sanipachenko) wrote :

With Outlook. com accounts. the same thing happens.
Is another report required or can you see with this one as well?
With Outlook. com basins, the generated URL generates the same error.

Revision history for this message
In , Sanipachenko (sanipachenko) wrote :

(In reply to Leandro Martín Drudi from comment #29)
> With Outlook. com accounts. the same thing happens.
> Is another report required or can you see with this one as well?
> With Outlook. com basins, the generated URL generates the same error.

Sorry, Basins*: Accounts
(I translate with google)

Revision history for this message
In , Jason Currie (jcurrie84) wrote :

This is still a problem in 6.0.2.1. I have 2FA enabled and get the phone notification to approve the login every time I try to login. I approve the login, which does nothing with LO. I try to enter the PIN from Authenticator and receive the message about the device being invalid.

Revision history for this message
In , Aron Budea (baron-z) wrote :

Let's keep version field as the earliest known affected version.

Revision history for this message
In , T-chris-j (t-chris-j) wrote :

This bug also affects 2FA Google accounts that are using the App Password feature (https://support.google.com/accounts/answer/185833?hl=en) This is a feature that allows you to use a 16 character password that is unique to the app and it usually bypasses the need for any other 2FA method. Whether you use the standard Google password or the App password, LibreOffice is still prompting for a G-Pin to complete the sign in.

Revision history for this message
In , Cristiano Gavião (cvgaviao) wrote :

Created attachment 142096
screen of the issue in ubuntu

I'm using the version 6.0.3.2 with Ubuntu (Build ID: 1:6.0.3-0ubuntu1).

I was able to setup my google account in order to receive the 6-digits PIN in my smartphone.
But even after type it I'm getting the "The specified device is invalid." when trying to setup the connection.

Btw, I'm able to connect to Drive using Nautilus.

Revision history for this message
In , DrewJensen (atjensen) wrote :

*** Bug 119511 has been marked as a duplicate of this bug. ***

Revision history for this message
In , R-cabane (r-cabane) wrote :

Hello, I just updated my LO install to the 6.1.1 version (Linux + KDE). And, suddenly, the connection with my Google drive works (with 2FA), that's really marvelous !
Thank you for your work.

38 comments hidden view all 108 comments
Revision history for this message
Emanuele (emanuc) wrote :
Revision history for this message
Emanuele (emanuc) wrote :

I have LibreOffice in the snap version, but it doesn't matter, it doesn't even work in the "deb" version.

snap-id: CpUkI0qPIIBVRsjy49adNq4D6Ra72y4v
tracking: stable
refresh-date: 4 days ago, at 20:25 CEST
channels:
  stable: 6.3.1.2 2019-09-13 (147) 440MB -
  candidate: 6.3.1.2 2019-09-13 (147) 440MB -
  beta: ↑
  edge: ↑
installed: 6.3.1.2 (147) 440MB -

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libreoffice (Ubuntu):
status: New → Confirmed
summary: - Access to the Google remote account does not work
+ [upstream] Access to the Google remote account does not work
Changed in df-libreoffice:
importance: Unknown → High
status: Unknown → Confirmed
65 comments hidden view all 108 comments
Revision history for this message
In , Smartazaiz (smartazaiz) wrote :

Same issue here.
Tested with my google drive account and still asking for the 6 digits PIN.

2FA is not activated.

Version: 7.0.0.0.beta1 (x64)
Build ID: 94f789cbb33335b4a511c319542c7bdc31ff3b3c
CPU threads: 4; OS: Windows 10.0 Build 17763; UI render: Skia/Raster; VCL: win
Locale: fr-CH (fr_FR); UI: en-GB
Calc: threaded

Changed in libreoffice (Ubuntu):
importance: Undecided → Low
Revision history for this message
In , Michael-meeks-1 (michael-meeks-1) wrote :

Florian - this looks like something that TDF would need to chase to fix ? a nice list of things to do from Pedro; is this something you can handle ?

Revision history for this message
In , Floeff-n (floeff-n) wrote :

Oh, indeed, looks like lots of fun... :-)
I'll chase this with the team and try to get the paperwork done

Revision history for this message
In , Cloph-0 (cloph-0) wrote :

google authentication is https://github.com/tdf/libcmis/issues/22 / a bit more involved. (but I think it should also be fixable by using plain oauth2 and the same copy-URL-to-Browser and copy-the-result-back workflow.

Google's docs mention to just listen on a local loopback IP address and get the result that way - that is of course also an option to at least avoid copy-back into the dialog. But that's a "stretch goal" :-)
Google lists the Manual copy/paste with a hint of "may be discontinued in the future"
https://developers.google.com/identity/protocols/oauth2/native-app

For onedrive it seems that the API was never migrated from the old/deprecated/now-non-function live apis to Microsoft graph.
The only "not-so-nice" thing is that we ask the user to copy'n'paste back between the browser and the LO dialog, but that's easy enough to do. Furthermore we can get rid of the username/pw entry that LO cannot use anyway
(or rather: It (LO/libcmis) should not attempt to imitate a user using the browser and try to parse the response of whatever login window appears that is augmented with webX.y stuff :-))

Fixing onedrive should be easy enough to do:
* Fix endpoints/scopes to match the Graph scheme
* Fix libcmis to use the new (or rather current) OneDrive REST API (instead of the old skydrive one that doesn't work anymore since end of 2018....)
* Fix remote-server dialog to not ask for username and password - authentication/login is handled in the user's browser

https://docs.microsoft.com/en-us/onedrive/developer/rest-api/concepts/migrating-from-live-sdk

Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 136672 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Buzea-bogdan (buzea-bogdan) wrote :

*** Bug 136562 has been marked as a duplicate of this bug. ***

Revision history for this message
In , That-man-colin (that-man-colin) wrote :

This from Google drive support in response to me asking them how to gain access;

Currently, Google Drive does not have a feature where you can set a pin or password to a certain files. Google Drive only saved the files the way we created it. If you forgot the password on the file you want to access you need to contact the program developer who created the apps or program you used prior saving it to Google Drive.

Since you are trying to unlock Libre Office documents, you need to reach their support for further assistance.

    Libre Office Community Support
    Libre Office Professional Support

When you contact Libre Office Support, please let them know that you need help with the 6 digit PIN so that it will allow remote access from your Libre Office account.

Where does the 6 digit pin originate?

I imagine even if LO fixes the issue then "newer" LO users who haven't previously availed themselves of the service simply won't have a 6 Digit PIN.

That's certainly my situation. I'm not trying to access existing files, just trying to implement the cloud storage for some CALCs by File> Open Remote> Add Service (from the dropdown menu defaulting to Manage services.

1 comments hidden view all 108 comments
Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 139088 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Cloph-0 (cloph-0) wrote :

(In reply to Colin from comment #70)
> This from Google drive support in response to me asking them how to gain
> access;
>
> When you contact Libre Office Support, please let them know that you need
> help with the 6 digit PIN so that it will allow remote access from your
> Libre Office account.
>
> Where does the 6 digit pin originate?

That pin was part of the now no longer supported login mechanism into your gdrive account, it wasn't used by LibreOffice as a pin or password to protect the documents, but rather just how the login worked..

> I imagine even if LO fixes the issue then "newer" LO users who haven't
> previously availed themselves of the service simply won't have a 6 Digit PIN.

And they won't need that pin.

> That's certainly my situation. I'm not trying to access existing files, just
> trying to implement the cloud storage for some CALCs by File> Open Remote>
> Add Service (from the dropdown menu defaulting to Manage services.

Both cases will be solved when the login/token generation is changed as described in comment#67, similar as it has been done for onedrive for 7.1.0 (fixing gdrive login is on the todo, but just didn't make it into 7.1.0).

So then the user-experience would be (for the time being):
* User chossed to open/save to remote service
* LO asks to copy the login URL to browser
* User logs in to the service using their browser, granting LibreOffice the access privileges if not already done so in the past
* browser will return a code that has to be pasted back into the LibreOffice window
→ for the duration of the LO session, LO can then create access tokens and won't have to ask the user again.

To be fully clear: I know that this is not a great user-experience, so the copy-the-code-back to the LibreOffice window can be solved by having LibreOffice listen on a localhost address and setting the redirect URL to that localhost address, so that would eliminate the need for manually copy'n'paste.
But the bigger drawback is that currently LibreOffice doesn't store the refresh_token, so it will have to ask every time LO is started and the files are accessed. (typically they are valid for multiple weeks/months)
They should be securely stored locally, so the most natural way would be to use LibreOffice's password-store for that, so the user only would have to unlock it using the master password and not do the login-dance.

Revision history for this message
In , That-man-colin (that-man-colin) wrote :

(In reply to Christian Lohmaier from comment #73)
> (In reply to Colin from comment #70)

>
> To be fully clear: I know that this is not a great user-experience, so the
> copy-the-code-back to the LibreOffice window can be solved by having
> LibreOffice listen on a localhost address and setting the redirect URL to
> that localhost address, so that would eliminate the need for manually
> copy'n'paste.

That's infinitely superior to Write LO Calc > Export to eXcel> Upload to GDrive> open with G.Sheets> Modify to mitigate the G.Sheet inadequacies> Work with G.Sheets until the next function change> Copy'n'Paste unformatted data to source LOCalc and then recycle. Still, I'm becoming a Wiz at version control;)).

Christian, thank you for taking the time to inform us. Much appreciated.

You advise it didn't make the cut to 7.1 - is there a guestimate as to when it might be available?

Revision history for this message
In , Yogeshg (yogeshg) wrote :

Can we adjust the bug report to reflect a later version of LO instead of old unsupported versions? Currently, it's set to 5.2.0.4.

Revision history for this message
In , Yogeshg (yogeshg) wrote :

(In reply to Christian Lohmaier from comment #73)
> But the bigger drawback is that currently LibreOffice doesn't store the
> refresh_token, so it will have to ask every time LO is started and the files
> are accessed. (typically they are valid for multiple weeks/months)
> They should be securely stored locally, so the most natural way would be to
> use LibreOffice's password-store for that, so the user only would have to
> unlock it using the master password and not do the login-dance.

Thanks, Christian. Do you know if there's a bug report for this? I want to follow its updates.

Revision history for this message
In , Aron Budea (baron-z) wrote :

(In reply to yogeshg from comment #75)
> Can we adjust the bug report to reflect a later version of LO instead of old
> unsupported versions? Currently, it's set to 5.2.0.4.
As the label says, the version field is for the earliest (known) affected version, in general it's useful for narrowing down when a bug was introduced, to hint at whether it's a more recent regression/implementation error, or whether it was already in the first LO version.

Revision history for this message
In , kompilainenn (79045-79045) wrote :

*** Bug 103748 has been marked as a duplicate of this bug. ***

Revision history for this message
In , kompilainenn (79045-79045) wrote :

*** Bug 141787 has been marked as a duplicate of this bug. ***

Revision history for this message
Juan Alberto González (juanalbglz) wrote :
Revision history for this message
Juan Alberto González (juanalbglz) wrote :

Version: 7.1.4.2 (x64) / LibreOffice Community
Build ID: a529a4fab45b75fefc5b6226684193eb000654f6
CPU threads: 4; OS: Windows 10.0 Build 19042; UI render: Skia/Vulkan; VCL: win
Locale: es-ES (es_ES); UI: es-ES
Calc: CL

Revision history for this message
In , Libreoffice-commits (libreoffice-commits) wrote :

Christian Lohmaier committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/73041de9563c9a973d1b5394c6e5520a7d799980

tdf#101630 - gdrive support w/oAuth and Drive API v3

It will be available in 7.3.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Revision history for this message
In , Libreoffice-commits (libreoffice-commits) wrote :

Christian Lohmaier committed a patch related to this issue.
It has been pushed to "libreoffice-7-2":

https://git.libreoffice.org/core/commit/b8b66a26f8f519a30b8e6b860a9247a8ffbb71cc

tdf#101630 - gdrive support w/oAuth and Drive API v3

It will be available in 7.2.0.2.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Revision history for this message
In , Cloph-0 (cloph-0) wrote :

Some hints/remarks to the fix:

* the initial repository-add dialogs have not been adjusted yet, they still ask for username and password, however those are not used. The username field is for LO's own distinguishing between different instances, but not used in the authentication. You can leave the password empty, it is not used to authenticate.

* to allow storing of the refresh token, you should enable persistent storage of credentials in Tools|Options → LO → Security → [x] allow persistent storage and [x] protect with master password. With that LO can store the refresh-token to use for further requests, and you only have to provide the master password.

* With the persistent storage enabled, and trying to setup the connection for the first time, LO will ask for the masterpassword to look for an existing refresh token, on first setup there obviously won't be one so it will go to the login procedure: Copy'n'paste the link to your browser, grant LibreOffice the access to files → You will get an access token that you copy back to the LibreOffice dialog. LibreOffice will then ask once more for the masterpassword to store the refresh token obtained using the access-token.

Also important: LO is not verified to use restricted scopes yet, so it can only use drive.file scope, meaning when accessing GDrive from LO you'll only see the files that you created with LibreOffice, other files will not be accessible (you will however be able to see the files created with LO in e.g. in your gdrive in browser)

Revision history for this message
In , Mikekaganski (mikekaganski) wrote :

(In reply to Commit Notification from comment #80)
> The patch should be included in the daily builds available at
> https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours.
> ...
> Affected users are encouraged to test the fix and report feedback.

Please note that daily builds are created without necessary configurations parameters, so those builds do not include gdrive support: this means that they can't be used for testing of the patches mentioned in comments 80 and 81.

OTOH, 7.2.0 RC2 is going to be available soon. Please wait for the release candidate for testing.

Revision history for this message
In , Heiko-tietze-g (heiko-tietze-g) wrote :

(In reply to Commit Notification from comment #81)
> Christian Lohmaier committed a patch related to this issue.

Resolved fixed? Thanks for the detailed explanation.

Revision history for this message
In , Libreoffice-commits (libreoffice-commits) wrote :

Christian Lohmaier committed a patch related to this issue.
It has been pushed to "libreoffice-7-1":

https://git.libreoffice.org/core/commit/854c03ebc94aae205b85d0c9d342048baf93e9a9

tdf#101630 - gdrive support w/oAuth and Drive API v3

It will be available in 7.1.6.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Changed in df-libreoffice:
status: Confirmed → In Progress
Revision history for this message
In , Miguelangelrv (miguelangelrv) wrote :

*** Bug 144460 has been marked as a duplicate of this bug. ***

Revision history for this message
In , W-daniel-w (w-daniel-w) wrote :

This is not working in v7.2.2.2

The key is not being properly stored, and the UI leaves a LOT to be desired.

You may find that the way the tool rclone (rclone.org) handles this authentication is much more graceful than the current solution.

The dialog box is also misleading about what, when (at which step), and where to paste the key from the OAuth process.

There has to be a better way for users to be able to use this feature.

Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

(In reply to daniel from comment #87)
> This is not working in v7.2.2.2
>
> The key is not being properly stored, and the UI leaves a LOT to be desired.
>
> You may find that the way the tool rclone (rclone.org) handles this
> authentication is much more graceful than the current solution.
>
> The dialog box is also misleading about what, when (at which step), and
> where to paste the key from the OAuth process.
>
> There has to be a better way for users to be able to use this feature.

hello,
Please read comment 82 to allow storing the key

Revision history for this message
In , W-daniel-w (w-daniel-w) wrote :

(In reply to Xisco Faulí from comment #88)
> (In reply to daniel from comment #87)
> > This is not working in v7.2.2.2
> >
> > The key is not being properly stored, and the UI leaves a LOT to be desired.
> >
> > You may find that the way the tool rclone (rclone.org) handles this
> > authentication is much more graceful than the current solution.
> >
> > The dialog box is also misleading about what, when (at which step), and
> > where to paste the key from the OAuth process.
> >
> > There has to be a better way for users to be able to use this feature.
>
> hello,
> Please read comment 82 to allow storing the key

I have, but it is extremely user-unfriendly and unless you are looking up this bug report, you would never know how to do it. Even then, the notes in comment #87 are not the complete instructions.

Basically, this method is a dirty workaround of a patch job that needs to be truly fixed in both the backend and the UI. The method used to get and capture the key is not graceful, and the UI is plain incorrect.

I would fix it myself if it was something that had the skill to do (I love open source software for that!), but I do not feel comfortable in my skill level making those modifications. Instead, I have pointed this very skilled and talented community to another piece of open-source software that has done a very good job at tackling this issue for not only Google Drive, but also for numerous other cloud storage vendors. Their code base is mature, and the capabilities of that tool complement what users of this project need.

In reality, the project might even look at integrating that tool's functionality into this one, similar to how other modules have become standard within the software. Spell checking is one function that comes to mind.

I see this as an opportunity to potentially have one community help another, giving them both a way to learn from the other's work and experience. Isn't that one of the main benefits of being open source?

Revision history for this message
In , Will Gibson (fortunato187) wrote :

Reproduced error message "specified device is invalid" from (remote file->manage services->add service->google drive->user->pass) sequence of events. Much like everyone else BUT no two factor authentication in this case.

Ubuntu 20.04.3 LTS
Version: 7.1.8.1 / LibreOffice Community
Build ID: e1f30c802c3269a1d052614453f260e49458c82c
CPU threads: 8; OS: Linux 5.11; UI render: default; VCL: gtk3
Locale: en-US (en_US.UTF-8); UI: en-US
Calc: threaded

Revision history for this message
In , Doomsdayrs-h (doomsdayrs-h) wrote :

Can confirm that 2FA does not work. Even the GNOME Settings application has this feature.

---

Version: 7.2.5.2.0+
Build ID: 20(Build:2)
CPU threads: 24; OS: Linux 5.16; UI render: default; VCL: gtk3
Locale: en-US (en_US.UTF-8); UI: en-US
Calc: threaded

Revision history for this message
In , Mikekaganski (mikekaganski) wrote :

@cloph: could we possibly use some Python library ( https://oauth.net/code/python/ ), like we use smtplib in our scripting/source/pyprov/mailmerge.py, which implements com::sun::star::mail::XMailServiceProvider etc?

Revision history for this message
In , Mikekaganski (mikekaganski) wrote :

(In reply to Mike Kaganski from comment #92)

FYI: https://github.com/google/gmail-oauth2-tools/wiki/OAuth2DotPyRunThrough

Revision history for this message
In , Mikekaganski (mikekaganski) wrote :
Revision history for this message
In , prrvchr (prrvchr) wrote :

@Christian Lohmaier

The OAuth2OOo extension https://github.com/prrvchr/OAuth2OOo has approvals from Google for the scope: https://www.googleapis.com/auth/drive

After the user has approved the use of this scope this extension is able to deliver OAuth2OOo tokens...

I'm ready to try an integration.

Revision history for this message
In , Ilmari-lauhakangas (ilmari-lauhakangas) wrote :

*** Bug 151415 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Iplaw67-h (iplaw67-h) wrote :

*** Bug 154605 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Stephane-guillou-i (stephane-guillou-i) wrote :

Cloph, you were assigned by Heiko since 2021. I've reset that to the default, as prrvchr said they were interested in working on it in comment 95.

prrvchr, are you still interested in submitting patches? If so, please go ahead and assign yourself.

Changed in df-libreoffice:
status: In Progress → Confirmed
Revision history for this message
In , Dgp-mail (dgp-mail) wrote :

*** Bug 149444 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Vsfoote (vsfoote) wrote :

*** Bug 157883 has been marked as a duplicate of this bug. ***

Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 162100 has been marked as a duplicate of this bug. ***

Displaying first 40 and last 40 comments. View all 108 comments or add a comment.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.