Looking at the docs at https://developers.google.com/identity/protocols/OAuth2InstalledApp we should probably update the urls as so. ``` - "https://accounts.google.com/o/oauth2/auth", - "https://www.googleapis.com/oauth2/v3/token", + "https://accounts.google.com/o/oauth2/v2/auth", + "https://oauth2.googleapis.com/token", ```
Unfortunately, that doesn't help any :(
These are the relevant network requests. For the AccountChooser for whatever reason we end with a param to get sent to the legacy auth (https://accounts.google.com/signin/oauth/legacy/consent). I'd imagine that's the root of the problem.
curl 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1'
curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&<email address hidden>&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
curl 'https://accounts.google.com/AccountChooser?oauth=1&continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJi8hAP_NCRJtKpGW84MoNR_ltqVjGRuVys1ie0r3UyClXR5iskmXA3AvkNOVmPpFQ3iLzzHjApPhYeoo9SgwTuTLgtOaHE4qhcpqVkCjNqjEQWuV30xTzu1hyEwxH45I3JYe5fGIgn0SPU8P912AklFPgq_Nx4gBsgugTKAbVZ7R0wPKJJis302QEb_sDQ2XobkQdG5B3Xjt18t-SWZIxz8iElJdSQ6XOs5AhrqLRsImXVdwsQOAIlLz75bd5bfHLTpqd4RkvXsS1b7EgBsSc0X8l00Rpdn3vKbi3tdRHGPb7-q1YN5vG_LFpVo5rL8mp_oeEsPw9IHc0vdixIsB3SaN9QHhVoXiS6UHszRZhkbBsnlfeqF5nBSbiYs6UdxH3pjtcnNmCTvq0BPnXqcip8RqLkym9-AxcZ-9hD8MgHw3o_523pML4w%26as%3DraOi9ApwBeyZIud8WPVzhg%23' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw; GAPS=1:VErCzlQH5r0KkWvwZjsi5_lWb08Aag:iGBDQu8UQ1COgpda' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
Looking at the docs at https:/ /developers. google. com/identity/ protocols/ OAuth2Installed App we should probably update the urls as so. /accounts. google. com/o/oauth2/ auth", /www.googleapis .com/oauth2/ v3/token", /accounts. google. com/o/oauth2/ v2/auth", /oauth2. googleapis. com/token",
```
- "https:/
- "https:/
+ "https:/
+ "https:/
```
Unfortunately, that doesn't help any :(
These are the relevant network requests. For the AccountChooser for whatever reason we end with a param to get sent to the legacy auth (https:/ /accounts. google. com/signin/ oauth/legacy/ consent). I'd imagine that's the root of the problem.
curl 'https:/ /accounts. google. com/o/oauth2/ v2/auth? response_ type=code& client_ id=406964657835 -aq8lmia8j95dhl 1a2bvharmfk3t1h gqj.apps. googleuserconte nt.com& redirect_ uri=http% 3A%2F%2Flocalho st&scope= https%3A% 2F%2Fmail. google. com%2F& login_hint= example% 40gmail. com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html, application/ xhtml+xml, application/ xml;q=0. 9,*/*;q= 0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade- Insecure- Requests: 1'
curl 'https:/ /accounts. google. com/signin/ oauth?client_ id=406964657835 -aq8lmia8j95dhl 1a2bvharmfk3t1h gqj.apps. googleuserconte nt.com& as=raOi9ApwBeyZ Iud8WPVzhg&<email address hidden> &destination=http:// localhost& approval_ state=! ChR2ZTJFaTBWQ2Z tMzhvMEVFOXhySx IfMDFiWFlJVWhNe jhhOERFdWhZOThQ Y18xSm8zSDRSWQ% E2%88%99AJDr988 AAAAAXbrIfhVE7F poqoGhuBlX2DvLq jmU3VA6& oauthriskyscope =1&xsrfsig= ChkAeAh8T_ oe9FxRgZIFTl3qV XN0iKZcn16rEg5h cHByb3ZhbF9zdGF 0ZRILZGVzdGluYX Rpb24SBXNvYWN1E g9vYXV0aHJpc2t5 c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html, application/ xhtml+xml, application/ xml;q=0. 9,*/*;q= 0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https:/ /accounts. google. com/o/oauth2/ v2/auth? response_ type=code& client_ id=406964657835 -aq8lmia8j95dhl 1a2bvharmfk3t1h gqj.apps. googleuserconte nt.com& redirect_ uri=http% 3A%2F%2Flocalho st&scope= https%3A% 2F%2Fmail. google. com%2F& login_hint= example% 40gmail. com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9 M0a0jvnbwWEu57N PSzYGYQXIyvq3aw hbw' -H 'Upgrade- Insecure- Requests: 1' -H 'TE: Trailers'
curl 'https:/ /accounts. google. com/signin/ oauth?client_ id=406964657835 -aq8lmia8j95dhl 1a2bvharmfk3t1h gqj.apps. googleuserconte nt.com& as=raOi9ApwBeyZ Iud8WPVzhg&<email address hidden> &destination=http:// localhost& approval_ state=! ChR2ZTJFaTBWQ2Z tMzhvMEVFOXhySx IfMDFiWFlJVWhNe jhhOERFdWhZOThQ Y18xSm8zSDRSWQ% E2%88%99AJDr988 AAAAAXbrIfhVE7F poqoGhuBlX2DvLq jmU3VA6& oauthriskyscope =1&xsrfsig= ChkAeAh8T_ oe9FxRgZIFTl3qV XN0iKZcn16rEg5h cHByb3ZhbF9zdGF 0ZRILZGVzdGluYX Rpb24SBXNvYWN1E g9vYXV0aHJpc2t5 c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html, application/ xhtml+xml, application/ xml;q=0. 9,*/*;q= 0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https:/ /accounts. google. com/o/oauth2/ v2/auth? response_ type=code& client_ id=406964657835 -aq8lmia8j95dhl 1a2bvharmfk3t1h gqj.apps. googleuserconte nt.com& redirect_ uri=http% 3A%2F%2Flocalho st&scope= https%3A% 2F%2Fmail. google. com%2F& login_hint= example% 40gmail. com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9 M0a0jvnbwWEu57N PSzYGYQXIyvq3aw hbw' -H 'Upgrade- Insecure- Requests: 1' -H 'TE: Trailers'
curl 'https:/ /accounts. google. com/AccountChoo ser?oauth= 1&continue= https%3A% 2F%2Faccounts. google. com%2Fsignin% 2Foauth% 2Flegacy% 2Fconsent% 3Fauthuser% 3Dunknown% 26part% 3DAJi8hAP_ NCRJtKpGW84MoNR _ltqVjGRuVys1ie 0r3UyClXR5iskmX A3AvkNOVmPpFQ3i LzzHjApPhYeoo9S gwTuTLgtOaHE4qh cpqVkCjNqjEQWuV 30xTzu1hyEwxH45 I3JYe5fGIgn0SPU 8P912AklFPgq_ Nx4gBsgugTKAbVZ 7R0wPKJJis302QE b_sDQ2XobkQdG5B 3Xjt18t- SWZIxz8iElJdSQ6 XOs5AhrqLRsImXV dwsQOAIlLz75bd5 bfHLTpqd4RkvXsS 1b7EgBsSc0X8l00 Rpdn3vKbi3tdRHG Pb7-q1YN5vG_ LFpVo5rL8mp_ oeEsPw9IHc0vdix IsB3SaN9QHhVoXi S6UHszRZhkbBsnl feqF5nBSbiYs6Ud xH3pjtcnNmCTvq0 BPnXqcip8RqLkym 9-AxcZ- 9hD8MgHw3o_ 523pML4w% 26as%3DraOi9Apw BeyZIud8WPVzhg% 23' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html, application/ xhtml+xml, application/ xml;q=0. 9,*/*;q= 0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https:/ /accounts. google. com/o/oauth2/ v2/auth? response_ type=code& client_ id=406964657835 -aq8lmia8j95dhl 1a2bvharmfk3t1h gqj.apps. googleuserconte nt.com& redirect_ uri=http% 3A%2F%2Flocalho st&scope= https%3A% 2F%2Fmail. google. com%2F& login_hint= example% 40gmail. com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9 M0a0jvnbwWEu57N PSzYGYQXIyvq3aw hbw; GAPS=1: VErCzlQH5r0KkWv wZjsi5_ lWb08Aag: iGBDQu8UQ1COgpd a' -H 'Upgrade- Insecure- Requests: 1' -H 'TE: Trailers'