ERROR: Authentication token not available, cannot login.

[dheerajbhaskar]

I'm getting this error when I try to login into the addon.

Not sure, but this might be related to #20
What are the potential options we have if it is related to that?

Details

• I'm using win8.1 x64
• I got the GSF id from the evoz app (Uninstalled their extension because you'd mentioned they've spyware; btw I got the same error on their extension also)
• I'm using 2FA; used app password for this

Let me know if more details are needed.

[dheerajbhaskar]

I'm motivated enough to do a fix and give a pull request. I'd need your guidance on what to do. Implement oauth maybe?

[Lekensteyn]

OAuth2 is documented at https://developers.google.com/identity/protocols/OAuth2, but it might not be appropriate because it needs a consumer id/secret. I suggest to perform a SSL MitM against the Android device and attempt a registration from that.

In the past I have used OWASP Webscarab for that purpose, but it has some race condition issues. Its suggested replacement is OWASP Zed.

[dheerajbhaskar]

I’m currently looking at this:
https://developer.chrome.com/extensions/tut_oauth to implement oauth. You
don’t need consumer id/secret, based on the excerpt below from the above
link:

In the context of an extension, this flow gets a bit tricky. Namely, there
is no established consumer key/secret between the service provider and the
application. That is, there is no web application URL for the user to be
redirected to after the approval process.

Luckily, Google and a few other companies have been working on an OAuth for
installed applications
http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.htmlsolution
that you can use from an extension environment. In the installed
applications OAuth dance, the consumer key/secret are
‘anonymous’/’anonymous’ and you provide an application name for the user to
grant access to (instead of an application URL).

If we do an MitM on the android device, then a) we are adding additional
dependencies i.e. dependent on the MitM proxy project b) making it
difficult for an end user to use. I suggest we explore the straightforward
way of getting a token (that might be the only thing that’s broken in this
extension).

Please let me know your thoughts.
​

On Tue, Jul 7, 2015 at 2:43 AM, Peter Wu [email protected] wrote:

OAuth2 is documented at
https://developers.google.com/identity/protocols/OAuth2, but it might not
be appropriate because it needs a consumer id/secret. I suggest to perform
a SSL MitM against the Android device and attempt a registration from that.

In the past I have used OWASP Webscarab
https://www.owasp.org/index.php/OWASP_WebScarab_Project for that
purpose, but it has some race condition issues. Its suggested replacement
is OWASP Zed
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

[Walkman100]

http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html%3Esolution
?

[Lekensteyn]

@dheerajbhaskar The MitM suggestion was a suggestion for developers that want to debug the login process, it was not intended as an end-user solution. This approach was also used in the past to get the current login procedure.

@Walkman100 Drop the part after the >. It redirects to https://developers.google.com/identity/protocols/OAuthForInstalledApps which is marked deprecated (like the ClientLogin method) and may be removed in the future. If it is easier for now, go for it!

[dheerajbhaskar]

That makes good sense, Peter.

Thanks for pointing out the deprecation notice(don't know how I missed it
:P). I'm sure there's a tutorial for oauth 2.0 as well. Will figure it out.

Would it be okay if I asked you (and others here) for some help on
implementing this?

Also how would I do that? As a pull request from a forked repo or as an
issue? Please let me know.

On Wed, Jul 8, 2015 at 2:01 AM, Peter Wu [email protected] wrote:

@dheerajbhaskar https://github.com/dheerajbhaskar The MitM suggestion
was a suggestion for developers that want to debug the login process, it
was not intended as an end-user solution. This approach was also used in
the past to get the current login procedure.

@Walkman100 https://github.com/Walkman100 Drop the part after the >. It
redirects to
https://developers.google.com/identity/protocols/OAuthForInstalledApps
which is marked deprecated (like the ClientLogin method) and may be removed
in the future. If it is easier for now, go for it!

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

[Rob--W]

@dheerajbhaskar

The typical workflow is:

1. Fork repo to your own Github profile.
2. Locally clone your github repo.
3. Create a new branch and check it out, do some changes, commit and push to your own fork.
4. From your fork, generate a pull request.
5. After getting feedback, do some changes and push to your fork. Github will automatically update the pull request.

Please share your code (e.g. via a pull request) if you have any questions about the implementation. That makes it easier to point to issues in the code and provide suggestions.

[dheerajbhaskar]

Thanks a bunch Rob for taking the time to type this out on detail. I shall
do the same.

I shall create a pull request when I need your help or need to contribute
my changes.

Thanks again, Rob.
On 08-Jul-2015 2:12 pm, "Rob Wu" [email protected] wrote:

@dheerajbhaskar https://github.com/dheerajbhaskar

The typical workflow is:

1. Fork repo to your own Github profile.
2. Locally clone your github repo.
3. Create a new branch and check it out, do some changes, commit and
   push to your own fork.
4. From your fork, generate a pull request.
5. After getting feedback, do some changes and push to your fork.
   Github will automatically update the pull request.

Please share your code (e.g. via a pull request) if you have any questions
about the implementation. That makes it easier to point to issues in the
code and provide suggestions.

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

[dheerajbhaskar]

@Lekensteyn @Rob--W @Walkman100 please do take at the pull request #23 which attempts to fix this issue.

[xty]

I can confirm the same issue on Chromium Version 48.0.2564.82 Ubuntu 15.04 (64-bit).
I logged out as the extension stopped working on all apps that I tested on Google Play, only to find out I cannot login again.
At the moment, there're no working free and open source alternatives that I'm aware of. Please keep up the good work.

[dSeeder]

any luck with this? i still cant login with this issue. ERROR: Authentication token not available, cannot login.

Peter, any chances of solving this? this is old for for than 4 years..

[georgesuba]

Hi, well I have same issue.. token not available..

[Malachiasz]

I have the same issue with the newest Mac OS version: 2.1.7

[Berkhan]

No solution or alternative? anyone is here?

[gerardramosm89]

Having the same issue here. Not sure if it is a matter of OAuth, I haven't tried logging in, I just downloaded the desktop app for windows, and upon first install and clicking login it already gives me the failure.