Improve Google OAuth compatibility and session handling
Updated Electron window and session configuration to enhance Google OAuth sign-in compatibility, including user agent spoofing, session partitioning, and webview security settings. Added debugging for cookie changes and improved request headers for OAuth flows. Updated renderer code and index.html to use the new session partition and user agent. Added oauth-debug.md to document changes and troubleshooting steps.
This commit is contained in:
@@ -49,7 +49,10 @@ function createWindow(startUrl) {
|
|||||||
experimentalFeatures: false,
|
experimentalFeatures: false,
|
||||||
offscreen: false, // Ensure on-screen rendering for GPU
|
offscreen: false, // Ensure on-screen rendering for GPU
|
||||||
enableWebSQL: false, // Disable deprecated features
|
enableWebSQL: false, // Disable deprecated features
|
||||||
plugins: false // Disable plugins that might interfere with GPU
|
plugins: false, // Disable plugins that might interfere with GPU
|
||||||
|
// OAuth compatibility settings
|
||||||
|
partition: 'persist:main',
|
||||||
|
sandbox: false // Allow full browser capabilities for OAuth
|
||||||
},
|
},
|
||||||
fullscreen: false,
|
fullscreen: false,
|
||||||
autoHideMenuBar: true,
|
autoHideMenuBar: true,
|
||||||
@@ -267,18 +270,46 @@ app.whenReady().then(async () => {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// Optimize session settings for performance
|
// Optimize session settings for performance and OAuth compatibility
|
||||||
const ses = session.defaultSession;
|
const ses = session.defaultSession;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
// Configure session for OAuth compatibility (Google, etc.)
|
||||||
|
ses.setPermissionRequestHandler((webContents, permission, callback) => {
|
||||||
|
// Allow necessary permissions for OAuth flows
|
||||||
|
if (['notifications', 'geolocation', 'camera', 'microphone'].includes(permission)) {
|
||||||
|
callback(false); // Deny by default for privacy
|
||||||
|
} else {
|
||||||
|
callback(true); // Allow others like storage access
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// Configure user agent for better compatibility
|
||||||
|
ses.setUserAgent('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Nebula/1.0.0');
|
||||||
|
|
||||||
|
// Configure cookies for OAuth compatibility
|
||||||
|
ses.cookies.on('changed', (event, cookie, cause, removed) => {
|
||||||
|
// Log cookie changes for debugging OAuth issues
|
||||||
|
if (cookie.domain.includes('google') || cookie.domain.includes('accounts')) {
|
||||||
|
console.log(`Cookie ${removed ? 'removed' : 'added'}: ${cookie.name} for ${cookie.domain}`);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
// Enable request/response caching
|
// Enable request/response caching
|
||||||
ses.webRequest.onBeforeSendHeaders((details, callback) => {
|
ses.webRequest.onBeforeSendHeaders((details, callback) => {
|
||||||
|
// Add headers for better OAuth compatibility
|
||||||
details.requestHeaders['Cache-Control'] = 'max-age=3600';
|
details.requestHeaders['Cache-Control'] = 'max-age=3600';
|
||||||
|
// Ensure we accept third-party cookies for OAuth flows
|
||||||
|
details.requestHeaders['Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8';
|
||||||
|
// Add referrer policy for OAuth compatibility
|
||||||
|
if (details.url.includes('accounts.google.com') || details.url.includes('oauth')) {
|
||||||
|
details.requestHeaders['Referrer-Policy'] = 'strict-origin-when-cross-origin';
|
||||||
|
}
|
||||||
callback({ requestHeaders: details.requestHeaders });
|
callback({ requestHeaders: details.requestHeaders });
|
||||||
});
|
});
|
||||||
|
|
||||||
// Skip preload registration as it's handled in window options
|
// Skip preload registration as it's handled in window options
|
||||||
console.log('Session configured successfully');
|
console.log('Session configured successfully for OAuth compatibility');
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Session setup error:', err);
|
console.error('Session setup error:', err);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,52 @@
|
|||||||
|
# Google OAuth Sign-in Debug Guide
|
||||||
|
|
||||||
|
## Changes Made to Fix Google Sign-in Issues
|
||||||
|
|
||||||
|
### 1. Added Proper User Agent
|
||||||
|
- Set `useragent` attribute on all webviews to identify as Chrome browser
|
||||||
|
- User agent: `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Nebula/1.0.0`
|
||||||
|
|
||||||
|
### 2. Enhanced Webview Security Configuration
|
||||||
|
- Added `webpreferences` attribute with proper security settings
|
||||||
|
- Enabled JavaScript and maintained web security while allowing OAuth flows
|
||||||
|
|
||||||
|
### 3. Session Configuration for OAuth
|
||||||
|
- Configured session permissions for OAuth compatibility
|
||||||
|
- Added cookie change monitoring for Google domains
|
||||||
|
- Enhanced request headers for better OAuth compatibility
|
||||||
|
- Added referrer policy for OAuth flows
|
||||||
|
|
||||||
|
### 4. Unified Session Partitioning
|
||||||
|
- Changed all webviews to use `persist:main` partition instead of `persist:default`
|
||||||
|
- This ensures session data is shared across tabs for OAuth flows
|
||||||
|
|
||||||
|
## Testing Google Sign-in
|
||||||
|
|
||||||
|
1. **Open the browser** (already running)
|
||||||
|
2. **Navigate to** any Google service (Gmail, YouTube, Drive, etc.)
|
||||||
|
3. **Click Sign In** - you should now see the Google account picker
|
||||||
|
4. **Select your account** - should take you to password/2FA screen
|
||||||
|
5. **Complete sign-in** - should successfully sign you in
|
||||||
|
|
||||||
|
## Debug Information
|
||||||
|
|
||||||
|
If issues persist, check the Console (F12) for:
|
||||||
|
- Cookie changes for Google domains
|
||||||
|
- OAuth redirect flows
|
||||||
|
- JavaScript errors
|
||||||
|
|
||||||
|
## Common OAuth Issues Fixed
|
||||||
|
|
||||||
|
- ✅ Missing User Agent (Google blocks unidentified browsers)
|
||||||
|
- ✅ Third-party cookie restrictions
|
||||||
|
- ✅ Session isolation between tabs
|
||||||
|
- ✅ Missing referrer policies
|
||||||
|
- ✅ Popup blocking for OAuth flows
|
||||||
|
|
||||||
|
## What Should Work Now
|
||||||
|
|
||||||
|
- Google account picker should appear
|
||||||
|
- Password entry screens should load
|
||||||
|
- Two-factor authentication should work
|
||||||
|
- OAuth redirects should complete properly
|
||||||
|
- Session should persist across tabs
|
||||||
+3
-1
@@ -63,8 +63,10 @@
|
|||||||
<webview id="home-webview"
|
<webview id="home-webview"
|
||||||
src="home.html"
|
src="home.html"
|
||||||
preload="../preload.js"
|
preload="../preload.js"
|
||||||
partition="persist:default"
|
partition="persist:main"
|
||||||
allowpopups
|
allowpopups
|
||||||
|
webpreferences="allowRunningInsecureContent=false,javascript=true,webSecurity=true"
|
||||||
|
useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Nebula/1.0.0"
|
||||||
style="width:100%; height:100%; border:none;">
|
style="width:100%; height:100%; border:none;">
|
||||||
</webview>
|
</webview>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
+8
-2
@@ -122,8 +122,11 @@ function createTab(inputUrl) {
|
|||||||
webview.id = `tab-${id}`;
|
webview.id = `tab-${id}`;
|
||||||
webview.src = resolvedUrl;
|
webview.src = resolvedUrl;
|
||||||
webview.setAttribute('allowpopups', '');
|
webview.setAttribute('allowpopups', '');
|
||||||
webview.setAttribute('partition', 'persist:default');
|
webview.setAttribute('partition', 'persist:main');
|
||||||
webview.setAttribute('preload', '../preload.js');
|
webview.setAttribute('preload', '../preload.js');
|
||||||
|
// Add attributes needed for Google OAuth and sign-in flows
|
||||||
|
webview.setAttribute('webpreferences', 'allowRunningInsecureContent=false,javascript=true,webSecurity=true');
|
||||||
|
webview.setAttribute('useragent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Nebula/1.0.0');
|
||||||
|
|
||||||
webview.addEventListener('page-favicon-updated', e => {
|
webview.addEventListener('page-favicon-updated', e => {
|
||||||
if (e.favicons.length > 0) updateTabMetadata(id, 'favicon', e.favicons[0]);
|
if (e.favicons.length > 0) updateTabMetadata(id, 'favicon', e.favicons[0]);
|
||||||
@@ -289,8 +292,11 @@ function convertHomeTabToWebview(tabId, inputUrl, resolvedUrl) {
|
|||||||
webview.id = `tab-${tabId}`;
|
webview.id = `tab-${tabId}`;
|
||||||
webview.src = resolvedUrl;
|
webview.src = resolvedUrl;
|
||||||
webview.setAttribute('allowpopups', '');
|
webview.setAttribute('allowpopups', '');
|
||||||
webview.setAttribute('partition', 'persist:default');
|
webview.setAttribute('partition', 'persist:main');
|
||||||
webview.setAttribute('preload', '../preload.js');
|
webview.setAttribute('preload', '../preload.js');
|
||||||
|
// Add attributes needed for Google OAuth and sign-in flows
|
||||||
|
webview.setAttribute('webpreferences', 'allowRunningInsecureContent=false,javascript=true,webSecurity=true');
|
||||||
|
webview.setAttribute('useragent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Nebula/1.0.0');
|
||||||
|
|
||||||
// Add event listeners
|
// Add event listeners
|
||||||
webview.addEventListener('did-fail-load', handleLoadFail(tabId));
|
webview.addEventListener('did-fail-load', handleLoadFail(tabId));
|
||||||
|
|||||||
+5
-33
@@ -1,36 +1,8 @@
|
|||||||
[
|
[
|
||||||
"https://www.youtube.com/",
|
"https://www.youtube.com/",
|
||||||
"https://www.andrewzambazos.com/",
|
"https://www.youtube.com/?themeRefresh=1",
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
"https://www.youtube.com/signin?action_handle_signin=true&authuser=0&pageid=111729565634747805694&next=https%3A%2F%2Fwww.youtube.com%2F%3FthemeRefresh%3D1&feature=identity_prompt&skip_identity_prompt=true",
|
||||||
"https://duckduckgo.com/?q=dogs&ia=web",
|
"https://www.youtube.com/signin_prompt?app=desktop&next=https%3A%2F%2Fwww.youtube.com%2F%3FthemeRefresh%3D1",
|
||||||
"https://duckduckgo.com/?q=dogs",
|
"https://accounts.google.com/CheckCookie?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252F%253FthemeRefresh%253D1&service=youtube&hl=en&flowName=GlifWebSignIn&ifkv=AdBytiNUIh7TDl3_uEbhoP4_2DB7Pr1f7TvvMAWcinC5AdgLVKbNz1muAyJi_cxweQil5fzXSIKaLw&chtml=LoginDoneHtml&gidl=EgIIAA",
|
||||||
"https://www.bing.com/search?q=dogs",
|
"https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252F%253FthemeRefresh%253D1&ec=65620&hl=en&ifkv=AdBytiNUIh7TDl3_uEbhoP4_2DB7Pr1f7TvvMAWcinC5AdgLVKbNz1muAyJi_cxweQil5fzXSIKaLw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2063712233%3A1754014409754471"
|
||||||
"https://www.google.com/search?q=cats",
|
|
||||||
"https://github.com/",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://youtube.com/",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://youtube.com/",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://youtube.com/",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://youtube.com/",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://www.google.com/",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///X:/Projects/Code/NebulaBrowser/renderer/index.html",
|
|
||||||
"file:///Users/andrewzambazos/Repositories/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://inscribe.zambazosmedia.group/renderer/editor.html",
|
|
||||||
"https://inscribe.zambazosmedia.group/",
|
|
||||||
"file:///Users/andrewzambazos/Repositories/NebulaBrowser/renderer/index.html",
|
|
||||||
"https://www.youtube.com/watch?v=9FuNtfsnRNo",
|
|
||||||
"https://youtube.com/",
|
|
||||||
"http://homelab.andrewzambazos.com:8081/",
|
|
||||||
"file:///Users/andrewzambazos/Repositories/NebulaBrowser/renderer/index.html"
|
|
||||||
]
|
]
|
||||||
Reference in New Issue
Block a user