Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorize OSM access not working #413

Closed
PanderMusubi opened this issue Jul 24, 2017 · 61 comments
Closed

Authorize OSM access not working #413

PanderMusubi opened this issue Jul 24, 2017 · 61 comments
Labels
Milestone

Comments

@PanderMusubi
Copy link
Contributor

Authorize OSM access is not working in version 1.0 on LineageOS with GAPPS pico and F-Droid. I can choose to authorize via OsmAnd~, which doesn't work at all and results in a place in the middle of the ocean. Other way of authorization is via Firefox. That results in an error Unable to reach the authorization server. However, when I open Firefox manually, I see a tab opened for authorization. Logging in has no further effect on the app where I remain Not yet authorized.

Trying to downgrade to 0.13, to test that, resulted in an unknown error. De-installing 1.0 and installing 0.13 worked. There authorization works properly as it seems to be a different implementation.

@westnordost
Copy link
Member

westnordost commented Jul 24, 2017 via email

@westnordost westnordost added bug feedback required more info is needed, issue will be likely closed if it is not provided labels Jul 24, 2017
@westnordost
Copy link
Member

Also see #386
Similar problem or different problem?

@PanderMusubi
Copy link
Contributor Author

Most probably the same issues as I see in the screen recording. Note that GAPPS pico is lacking the Android System WebView app, but installing that doesn't make a difference.

@westnordost
Copy link
Member

westnordost commented Jul 24, 2017 via email

@PanderMusubi
Copy link
Contributor Author

"Can you be more specific when exactly the auth fails and ideally what is logged on console?" -> Which console?

"What browser do you use?" -> Firefox, latest stable from Google Play.

"Did you try another browser?" -> I installed Android System WebView app but didn't matters

"Do you use something other than the normal name+pw? (I.e. Google etc)" -> username + passwor, worked before with 0.13

does this answer your questions?

@westnordost
Copy link
Member

Almost. I need to know when exactly the message comes: Before Firefox even opens or after you entered your credentials in Firefox on returning to the app?

Regarding the console: Would you do you me a favour and download a log reader like https://play.google.com/store/apps/details?id=com.nolanlawson.logcat&hl=en or similar, leave it running in the background while trying to authenticate and tell me what is being logged on the console from streetcomplete when the authorization fails?

@PanderMusubi
Copy link
Contributor Author

Firefox never comes to the foreground. If I go to Firefox, I see the opened tabs. If I login, it does not return to StreetComplete. If I go to StreetComplete manually, I am not logged in. Plenty of combination of this results in not getting logged in.

Do you have an alternative log reader from F-Droid I could use as I prefer apps from there?

@PanderMusubi
Copy link
Contributor Author

@westnordost
Copy link
Member

Any should do the job.

@westnordost
Copy link
Member

Firefox never comes to the foreground. If I go to Firefox, I see the opened tabs.

Wow, this is weird. How can it be possible that any app opens another app "in the background"?? Can you close all those opened tabs please and try to reproduce it with a "fresh" Firefox? (No openstreetmap tabs opened). Is the behavior that a tab opened but Android did not switch from StreetComplete to Firefox reproducable?

@krzyk
Copy link
Contributor

krzyk commented Jul 24, 2017

@jacopofar
Copy link

Same problem here using Firefox on Android 7.1 and authenticating to OpenStreetMap using the Google account. I see the requested to authorize the application inside the browser, give it and the tab closes. Then Streetcomplete says there was a problem connecting to the server and can't login.

Subsequent requests to authenticate open the browser which closes immediately, as described above.

Can I help providing further informations? Really like the idea, hope use it soon

@jacopofar
Copy link

Ok, temporarily disabling the tab queue in Firefox I could log in.

@westnordost
Copy link
Member

westnordost commented Jul 24, 2017

Oh man... a neverending story. I summarize:

  1. OAuth standard says that it is best practice to use an external browser for authentication instead of a WebView (see Authentication should use external browser instead of embedded webview #265)
  2. Google blocks OAuth login with WebViews - must always use external browser (see "Unable to reach the authorization server" when using google third party login #348 and Google developers blog) since April
  3. I reimplement the OAuth process to use the external browser
  4. Firefox launches the callback url in an unusual way that breaks the OAuth process in a browser (see authorize OSM access is not working after change to external browser #386), but there is a workaround
  5. Firefox has a Feature (tab queue) that effectively breaks the OAuth process in a browser (this ticket)

Result: Login with OAuth is broken either way when using the Google Account and Firefox as a browser, no matter what.

Who is to blame? Google, for enforcing the use of an external browser.
If it is possible for a browser to fuck up the OAuth workflow that much on an smartphone, then the workflow should obviously not rely on the communication between the app and a browser... There is a difference between "Best practice" (mentioned in a draft) and obligation.

Anyway, I fear this problem cannot be solved, as described aboce.

@westnordost
Copy link
Member

The stack trace is:

07-25 11:19:21.889 28143-28143/de.westnordost.streetcomplete E/OsmOAuthDialogFragment: Error during authorization
oauth.signpost.exception.OAuthNotAuthorizedException: Authorization failed (server replied with a 401). This can happen if the consumer key was not correct or the signatures did not match.
    at oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:243)
    at oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:193)
    at oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:108)
    at de.westnordost.streetcomplete.oauth.OsmOAuthDialogFragment$RetrieveAccessTokenTask.doInBackground(OsmOAuthDialogFragment.java:235)
    at de.westnordost.streetcomplete.oauth.OsmOAuthDialogFragment$RetrieveAccessTokenTask.doInBackground(OsmOAuthDialogFragment.java:231)
    at de.westnordost.streetcomplete.util.InlineAsyncTask.doInBackground(InlineAsyncTask.java:24)
    at de.westnordost.streetcomplete.util.InlineAsyncTask.doInBackground(InlineAsyncTask.java:11)
    at android.os.AsyncTask$2.call(AsyncTask.java:292)
    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
    at java.lang.Thread.run(Thread.java:818)

The tab queue feature immediately sends the user back to the app the user was coming from (calls onResume()) which in turn assumes that the authentication has been finished and tries to continue the authentication process by retrieving the access token.
Probably it is possible to detect at this point whether the user already did the authentication or not by looking at the verifier.

Implementation should:

  1. detect that
  2. show the loading-window while the app is waiting for the user to switch to Firefox to authenticate

@PanderMusubi
Copy link
Contributor Author

PanderMusubi commented Jul 25, 2017

Perhaps get some advice from Firefox as they might have some extra solutions of plans in the near future. More apps will have the same challenge. Depending on Android System WebView app could be a temporarily solution. Non-custom ROMs all have it.

@westnordost westnordost removed the feedback required more info is needed, issue will be likely closed if it is not provided label Jul 25, 2017
@PanderMusubi
Copy link
Contributor Author

Android has also another default system browser, which is used to sign into free wifi networks (not the WebViews), could you use that to do the authorization?

@westnordost
Copy link
Member

The system browser has been removed (and replaced with Chrome) with newer Android versions, as far as I know.

@PanderMusubi
Copy link
Contributor Author

On LineageOS, there is a browser for wifi login. perhaps you could detet if that is there, use, that, it not, use webview, if not, use default user browser (probably firefix/chromium)

@westnordost
Copy link
Member

Turns out this was pretty easy to fix.

@easyKL
Copy link

easyKL commented Aug 6, 2017

neither Firefox nor OsmAnd~(2.6.3) were able to authorize StreetComplete.
Tried with Chrome (59) and it went smoothly ;)

@westnordost
Copy link
Member

Version 1 or 1.1? (this has been fixed in 1.1)

@easyKL
Copy link

easyKL commented Aug 6, 2017

Yes, I've seen the Closed label for this issue. I just wanted to say what I did :))
Yes, I'm still in 1.0 (F-Droid here)
THX!!!

@zorun
Copy link

zorun commented Sep 10, 2017

I still have an authorization issue on LineageOS, with SC version 1.3 from F-Droid.

It opens the LineageOS broswer (Jelly), I can login to OSM and authorize the app, but then instead of returning to SC, it redirects to my search engine with a search query streetcomplete://oauth?oauth....

So, either the LineageOS browser does not take into account the streetcomplete:// kind of URL, or there is something wrong with SC.

@westnordost
Copy link
Member

westnordost commented Sep 10, 2017

That sound's like LineageOS's browser's fault.

If LineageOS browser does not call StreetComplete, then StreetComplete can not answer.

@zorun
Copy link

zorun commented Sep 10, 2017

I tried with another simple browser (de.baumann.browser) and it worked, so you must be right.

Do you have any pointer to the method you use to communicate with the browser, so that I can report the bug against LineageOS?

@ENT8R
Copy link
Contributor

ENT8R commented Oct 3, 2018

I reported the issue at the issue tracker of LineageOS a long time ago and there is still no response: https://jira.lineageos.org/browse/BUGBASH-1393

@Moini
Copy link

Moini commented Oct 3, 2018

I've updated the issue, telling them it's still present in 15.1.

@singpolyma
Copy link

I am getting exactly this error with latest firefox from play store or even when changing my default browser to chrome. Browser comes up, I log in to OSM, I authorize the app, and then I am taken back to the app but get this "Unable to reach the authorization server" error.

@matkoniecz
Copy link
Member

What is your phone and Android version? Are you using Android or one of special versions like Firefox Focus/Firefox Preview etc?

@singpolyma
Copy link

singpolyma commented Sep 6, 2019 via email

@matkoniecz
Copy link
Member

That would make sense and would be sadly probably unfixable (or to be more exact - not fixable in way that is reasonable to implement).

@singpolyma
Copy link

@matkoniecz really? I thought Android basically assumed any app could be "killed" at any time and everything is meant to be persisted temporarily to avoid this?

In any case -- can you think of any workaround I could maybe try to keep the app "open" long enough to complete the login?

@matkoniecz
Copy link
Member

I may be wrong and there may be way too fix it. Opening a new issue may be a good idea (not sure whatever the author of the app noticed this discussion in a closed issue).

I may be wrong but I think that browser + StreetComplete In this situation is de facto a single app during this operation - with bigger resource requirements.

@westnordost westnordost reopened this Sep 9, 2019
@westnordost
Copy link
Member

I noticed it now

@mimi89999
Copy link

I cannot authorize StreetComplete on LineageOS 17 (Android 10). When clicking authorize, my default browser (Firefox preview) opens, I am asked to connect to my OSM account, then I grant access to StreetComplete and then nothing happens. When I return to StreetComplete I see the loading message.

@westnordost
Copy link
Member

westnordost commented Jan 19, 2020

This is likely an issue with "Firefox preview". (What is Firefox Preview?)

Though, perhaps I should revert to the old solution - using a WebView within the app. no external dependency on a browser necessary.

@mimi89999
Copy link

@PanderMusubi
Copy link
Contributor Author

@mimi89999
Copy link

I can confirm that it works fine with Fennec F-Droid

@westnordost westnordost added this to the stats screen milestone Jan 24, 2020
@photoangell
Copy link

I'm getting this on stock Android 8.1.0 with chrome installed. I had previously attempted with firefox, bromite, etc. and reinstalled Chrome to test this but no luck

@photoangell
Copy link

photoangell commented Feb 22, 2020

tried with Fennec as well, still getting the error
I can see loads of auth tokens in my osm account, it's just the response being passed back is not being handled somehow....

@photoangell
Copy link

ok. managed to solve it. downloaded release 0.13 (which uses a different auth method), authorised and then downloaded latest version.

@okias
Copy link

okias commented Mar 6, 2020

I can confirm with 16.1 - 17.3 that auth doesn't work with Firefox Fenix (Preview) and integrated browser. In both scenarios I get "Unknown protocol"

@okias
Copy link

okias commented Mar 14, 2020

still broken 👎 (version 18.0)

@westnordost
Copy link
Member

It is fixed in the development branch and will be released for the next major

@okias
Copy link

okias commented Mar 14, 2020

It is fixed in the development branch and will be released for the next major

Thank you! For next time, you can use tag to mark this commit by

Fixes: #413

which will link fix with bug and also appears in bug, so people will instantly know it's fixed and bug closes itself :)

@okias
Copy link

okias commented Apr 6, 2020

I'd like to start contributing, any sign of alpha/beta release? @westnordost

@westnordost
Copy link
Member

westnordost commented Apr 7, 2020 via email

@okias
Copy link

okias commented Apr 13, 2020

it accept my authorization, but then it re-ask after every change. And nothing gets pushed onto osm servers. I'll probably need this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests