Google Account Plugin fails to authenticate

Bug #1236881 reported by Scott Sweeny
100
This bug affects 21 people
Affects Status Importance Assigned to Milestone
account-plugins (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

For the past few days on my saucy system I haven't been able to re-authorize my Google account. Attempts to do so result in an error page with the following content:

Error: invalid_request
Invalid response_type: code&access_type=offline
Learn more
Request Details
response_type=code&access_type=offline
scope=https://www.googleapis.com/auth/userinfo.email https://mail.google.com/ https://www.google.com/m8/feeds/ https://www.googleapis.com/auth/calendar
redirect_uri=https://live.gnome.org/Evolution
client_id=796629365126.apps.googleusercontent.com
type=web_server

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: account-plugin-google 0.11+13.10.20130802-0ubuntu1
ProcVersionSignature: Ubuntu 3.11.0-11.17-generic 3.11.3
Uname: Linux 3.11.0-11-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.12.5-0ubuntu1
Architecture: amd64
Date: Tue Oct 8 10:17:06 2013
InstallationDate: Installed on 2011-07-08 (823 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
MarkForUpload: True
PackageArchitecture: all
SourcePackage: account-plugins
UpgradeStatus: Upgraded to saucy on 2013-06-14 (116 days ago)

Revision history for this message
Scott Sweeny (ssweeny) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in account-plugins (Ubuntu):
status: New → Confirmed
Revision history for this message
Rafi Kamal (rafikamal93) wrote :

I've got this problem too. It shows me the following message:

error:invalid_request
Invalid response_type: code&access_type=offline

response_type=code&access_type=offline
scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/
redirect_uri=https://wiki.ubuntu.com/
client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com
type=web_server

Revision history for this message
Remigiusz Ziemkiewicz (remix-name) wrote :

Same problem here. It's appeard just after update from 13.04 to 13.10.

Invalid response_type: code&access_type=offline

response_type=code&access_type=offline
scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/
redirect_uri=https://wiki.ubuntu.com/
client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com
type=web_server

Revision history for this message
tino227 (tino-mbucher) wrote :

I've the same error message ...

since the update from 13.04 to 13.10 ...

Error: invalid_request
Invalid response_type: code&access_type=offline
Learn more
Request Details
response_type=code&access_type=offline
scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/
redirect_uri=https://wiki.ubuntu.com/
client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com
type=web_server

Changed in account-plugins (Ubuntu):
assignee: nobody → tino227 (tino-mbucher)
Revision history for this message
Robert Torres (robcompra) wrote :

same issue. also occurred on upgrade from 13.04 to 13.10.

response_type=code&access_type=offline
scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/
redirect_uri=https://wiki.ubuntu.com/
client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com
type=web_server

Revision history for this message
Joseph Wakeling (webdrake) wrote :

Same issue, started occurring after upgrade from 13.10 to 14.04 -- similar error messages.

Revision history for this message
Joao Eduardo Luis (jecluis) wrote :

Came late to the 13.10 party, upgrading just yesterday, and haven't been able to login on my google account either with the same error.

However, my google apps account seems to be logged in. Last time I got an authorization request was a few days ago, well before the upgrade and haven't gotten another since.

Not sure if it's worth mentioning, my google account does have 2-step verification, whereas the google apps account does not.

Revision history for this message
Joao Eduardo Luis (jecluis) wrote :
Download full text (3.4 KiB)

running signon-ui with SSOUI_LOGGING_LEVEL=4 (value I've been increasing until I got more info), I got this:

(note that I've removed some strings that looked a lot like they could compromise my account security)

service.cpp 222 queryDialog Got request: QMap(("Caption", QVariant(QString, "Google") ) ( "ClientData" , QVariant(QVariantMap, QMap(("AllowedSchemes", QVariant(QStringList, ("https", "http") ) ) ( "AuthPath" , QVariant(QString, "o/oauth2/auth") ) ( "ClientId" , QVariant(QString, "759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com") ) ( "ClientSecret" , QVariant(QString, "[REMOVED]") ) ( "Embedded" , QVariant(bool, true) ) ( "Host" , QVariant(QString, "accounts.google.com") ) ( "RedirectUri" , QVariant(QString, "https://wiki.ubuntu.com/") ) ( "ResponseType" , QVariant(QString, "code&access_type=offline") ) ( "Scope" , QVariant(QStringList, ("https://docs.google.com/feeds/", "https://www.googleapis.com/auth/googletalk", "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile", "https://picasaweb.google.com/data/") ) ) ( "TokenPath" , QVariant(QString, "o/oauth2/token") ) ( "WindowId" , QVariant(uint, 90178289) ) ) ) ) ( "FinalUrl" , QVariant(QString, "https://wiki.ubuntu.com/") ) ( "Identity" , QVariant(uint, 1) ) ( "Mechanism" , QVariant(QString, "web_server") ) ( "Method" , QVariant(QString, "oauth2") ) ( "OpenUrl" , QVariant(QString, "https://accounts.google.com/o/oauth2/auth?client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&redirect_uri=https://wiki.ubuntu.com/&response_type=code%26access_type%3Doffline&type=web_server&scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/") ) ( "Secret" , QVariant(QString, "[REMOVED]") ) ( "StoredIdentity" , QVariant(bool, true) ) ( "UserName" , QVariant(QString, "[REMOVED]") ) ( "requestId" , QVariant(QString, "/com/google/code/AccountsSSO/SingleSignOn/AuthSession_0") ) )

request.cpp 314 newRequest Platform: "xcb"

service.cpp 132 runQueue Head: SignOnUi::BrowserRequest(0x932090)

browser-request.cpp 125 acceptNavigationRequest QUrl( "https://accounts.google.com/o/oauth2/auth?client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&redirect_uri=https://wiki.ubuntu.com/&response_type=code%26access_type%3Doffline&type=web_server&scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/" )

It seems the culprit is that pair ' ( "ResponseType" , QVariant(QString, "code&access_type=offline"))', which afaict from /usr/share/accounts/providers/google.provider should have been two different entries: "ResponseType" with value 'code' and "AuthPath" with value 'o/oauth2/auth?access_type=offline'. I've checked with request url, changing the '%26' on 'response_type=code%26access_type...' to a '&' and the url does work -- my guess is that after reading th...

Read more...

Revision history for this message
Joao Eduardo Luis (jecluis) wrote :

FWIW, I deleted and recreated the account and everything worked just fine, although this wasn't the path I initially intended to go take.

Anyway, before deleting the account I found this nifty tool called 'account-console' from the 'account-plugin-tools' package. Prior to deletion, this is what I would get from 'account-console show <ID>':

joao@tardis:~$ account-console show 1
account: id 1, enabled, provider: google
  Global settings:
    CredentialsId: 1 (<class 'int'>)
    auth/mechanism: web_server (<class 'str'>)
    auth/method: oauth2 (<class 'str'>)
    auth/oauth2/user_agent/AuthPath: o/oauth2/auth (<class 'str'>)
    auth/oauth2/user_agent/ClientId: 759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com (<class 'str'>)
    auth/oauth2/user_agent/Host: accounts.google.com (<class 'str'>)
    auth/oauth2/user_agent/RedirectUri: https://wiki.ubuntu.com/ (<class 'str'>)
    auth/oauth2/user_agent/ResponseType: token (<class 'str'>)
    auth/oauth2/user_agent/Scope: ['https://docs.google.com/feeds/', 'https://www.googleapis.com/auth/googletalk', 'https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile', 'https://picasaweb.google.com/data/'] (<class 'list'>)
    auth/oauth2/user_agent/TokenPath: o/oauth2/token (<class 'str'>)
    auth/oauth2/web_server/AllowedSchemes: ['https', 'http'] (<class 'list'>)
    auth/oauth2/web_server/AuthPath: o/oauth2/auth (<class 'str'>)
    auth/oauth2/web_server/ClientId: 759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com (<class 'str'>)
    auth/oauth2/web_server/ClientSecret: [REDACTED] (<class 'str'>)
    auth/oauth2/web_server/Host: accounts.google.com (<class 'str'>)
    auth/oauth2/web_server/RedirectUri: https://wiki.ubuntu.com/ (<class 'str'>)
    auth/oauth2/web_server/ResponseType: code&access_type=offline (<class 'str'>)
[TRIM]

See last line 'ResponseType' containing 'code&access_type=offline'. I also found this in '~/.config/libaccounts-glib/accounts.db', table 'Settings' (e.g., 'select service,key,value from Settings where id=<ACCOUNT-ID>').

After recreating the account, 'account-console' now shows pretty much the same with two different key differences:

auth/oauth2/web_server/AuthPath: o/oauth2/auth?access_type=offline (<class 'str'>)

and

auth/oauth2/web_server/ResponseType: code (<class 'str'>)

which do reflect the contents of /usr/share/accounts/providers/google.provider

Finally, after looking a bit further into the code, I'm inclined to believe that this may have something to do with class QUrl being stripping '&' and substituting it for a % control char -- given QUrl being used throughout, I wasn't able to pinpoint the exact place where this is happening.

If this eventually happens to my other google account, I intend to backup the sqlite db and attempt an in-place fix by adjusting the values for keys of ResponseType' and 'AuthPath'.

tino227 (tino-mbucher)
Changed in account-plugins (Ubuntu):
assignee: tino227 (tino-mbucher) → nobody
Revision history for this message
Jean-Max Reymond (jmreymond-free) wrote :

With the new 14.04 LTS release, I decide to remove the Google account from System Parameters and create it again and now it works fine

Revision history for this message
Sten Jørgen Pettersen (sten-retrogamer) wrote :

I have a new install of 14.04. Same error. Have tried to remove/reauthorise, but no change. Still fails to authorise, and when I click "Grant access", I get to enter my google-password, but it returns to the same password screen every time I enter the password.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.