How to access my own Gmail account by bypassing Google Security Checkup - selenium

I have developed an automation software for verifying Google oAuth using Gmail account sign(configured my own 4 gmail accounts). It is actually working fine from my machine.
While automation runs from a remote machine(ran from jenkins with 3 hrs of interval) we are obtaining a pop up for 'verify its you'. :(.
Also I verified each configured account, I can see remote ip is listed on my "Devices & Activity" page as an Unknown Device and it keeps getting refused (in all configured gmail account).
At some point I clicked on this device as being okay, but it continues to get blocked
The message listed under it is We recently prevented a sign-in attempt to this device. You indicated this attempt as yours. For your security, we'll continue to show this device in the list for two weeks. You can also review this event in your Notification & alerts page.
How can I stop this from happening? If I go to the Notification and Alerts page, there is still no option to stop this.You can see in the message that I clearly indicated the attempt as mine, but Google continues to stop it.
I have tried following method , but didn't worked.
Less secure apps option in the gmail account
tried this url, https://accounts.google.com/DisplayUnlockCaptcha
also tried resetting password for each configured account
Please help

Related

Google OAuth2 connecting to personal Gmail account "This app is blocked" error

Our app has the SMTP feature that allows the user to connect Gmail with OAuth2, this works fine if the account is Google Workspace type, but if we try to connect to a personal Gmail account, the OAuth2 shows the "This app is blocked" error as below image.
Any thought?
NOTE: Our code works fine if connecting Google Workspace account, just has this issue if trying to connect personal Google Gmail account.
This happens because you didn't activate the Less Secure Apps in your Google Settings!
Simply, go to your Google profile settings, search for "less secure" into the searchbar and you will be prompted to a checkbox. Keep in mind that it will be automatically turned off in 30 days.
To avoid this, you should add a proper authentication to your app.

Too frequent security alert from Google due to "Unrecognised device" on Angular 7 web app

I am developer and maintainer of an Angular web app which uses Google OAuth. This works normally.
Last week the app users (me including) started receiving standard Security alert emails from Google (no-reply#accounts.google.com) on a daily basis. The Email says "Appname was granted access to your Google account". This is of course bad signal to the users.
When clicked on "Check Activity" in the Email it always says:
Unrecognised device
X hours ago
Unknown (location)
This is the case for all users tested on many different devices and IPs.
Recently I have upgraded from Angular 5 to Angular 7 if that might help.
Also recently I noticed absolutely the same behaviour when I sign-in to Dropbox using a Gmail. The application I am responsible for is not storing session data for privacy reasons so the users are asked to Sign-in with Google every time they want to use the app. I noticed this behaviour just a week ago (devices and locations not recognised) by Google.
The google group (https://groups.google.com/forum/#!forum/oauth2-dev) redirected me to Stackoverflow. Any help is much appreciated! :)
We are sending notifications to users when they approve certain scopes. That list is expanding and more apps will see the notification.
Thanks for the feedback. Looks like the unrecognized device was an issue and we have rolled back that experiment.
Ideally an app should see the notification only once and for non basic scopes (basic scopes being email, profile etc).

Authentication Popup Happening Inside network

I am working on some browser tests in selenium on Chrome. I have a script which ran on my personal machine can connect to a site and has no issues. However when the script is ran on a machine inside our network, it pops an authentication pop up. When I click cancel on the authentication box, it continues to a user login page which allows regular authentication. I have disabled IWA for the browser but it is still popping up.
I tried passing username#password:url but that did not work. Our test account is not connected to the domain and this website will try to use your Windows account but outside the network it defaults to the login page where we do have regular userid/pw for certain people (like our test account they created for us). We do not control the server so I cannot change that behavior.
I would normally close the alert in this case however selenium is not recognizing the authentication popup as an alert so the script just hangs. So step 2 would be the userid/password sent in the URL but that doesn't work either. I would prefer not to go the route of installing any other tools (like AutoIt) and try to solve this with settings.
Is there a way to skip the authentication popup in chrome? In the header the response is its using "Negotiate" for auth. I do not get that when testing on my local machine outside the network.

Can not login itunesconnect

can not login itunesconnect
The page give the warning 'Failed to verify your identity, Try again'.
Do somebody face the same problem?
If you are connecting with a VPN, try changing it or try connecting without any VPN.
I couldn't login to anything apple in a web browser: appstoreconnect, developer, icloud, or apple.com. I could install new apps on my iPhone, and edit account settings using the iPhone and my password.
I tried logging in from different browsers, OSes, devices, IPs. I tried browsers with temporary profile (cleared cache/history/everything). Didn't make a difference. The same error popped up: Failed to verify your identity. Try again. The browser inspector tools said a 409 and 401where occurring when trying to get the 2FA after correct credentials entered.
I tried another apple id and without a hitch it asked for the 2FA code.
I turned on 2FA using my iPhone. Didn't make a difference for logging in via web browser to apple sites.
I had to contact apple. The second representative and I agreed that it most likely was a server side issue. He escalated it to engineering. The next morning, all my apple site browser sessions had "forgotten" my apple id. I was able to login now and enter my 2FA code as expected.
Finally, without no reason, I can login.
Had same issue. Ultimately what made it work was that I unlocked my iPhone and then on my laptop I tried itunesconnect again. This time the 2-factor authentication kicked in, and my iPhone showed a popup asking me to verify my laptop. Then it all worked.

Facebook OAuth2 - "Sorry, something went wrong"

Our web app allows users to log in via Facebook. Technically, we are using Facebook OAuth2. We have implemented this login process two years ago. It worked fine until 13th November 2015 but since that day it does not. When our server sends the request
https://graph.facebook.com/oauth/access_token
with appropriate parameters (client_id, redirect_uri, client_secret, code), the response from Facebook has HTTP status 400. The response body is a HTML page saying "Sorry, something went wrong".
On 13th November, there was some problem on Facebook probably.
I have found the following message:
http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-down-site-breaks-for-many-people-though-not-for-everyone-a6732906.html
However, our server still gets this error response after a week. We have an instance of the system deployed in the production environment and one more instance in the test environment (with different Facebook account, i.e. with different client_id and client_secret). Currently, Facebook login works fine in the test environment. I am not sure if it worked on 13th November.
Do you have any experience with recovery from such problem? Why does Facebook login work in test environment and does not work in the production environment in the same app? Why did the production instance break on a particular day and is still broken a week later?
Thanks for any help.
I had the same issue. I believe that the issue stems from passing in invalid scope in your authentication requests. Try removing the scopes in your authentication request to see if that works.
One more corner case I found in 2022:
In the App Dashboard, if you choose Facebook login for Business, same error happens. It will go away as soon as you select Facebook Login one.
Finally, the issue was resolved by restarting the servlet container (Tomcat 7). However, I have no idea why.
All of this is using exclusively the login button. Not the API serverside and not FB.login(). It would work for me sometimes and sometimes not and I couldn't figure out why. I would open a new window and it may work, or may not - but it seemed like once broken it was broken.
There appears to be an issue when using the Chrome 'Device simulator'.
Looking at the SDK Javascript (that's to say the SDK that the Facebook Login button uses) it checks to see if the device is a 'touch' device and if so it will use the m.facebook.com domain when requesting the oauth token.
This domain fails m.facebook.com:
However if the mobile device mode isn't activated when the page loads then it uses www.facebook.com and succeeds:
So for me the current workaround is:
Assuming you are developing with the console active.
When you need to reload your page press Ctrl + Shift + M to deactivate the mobile device mode.
Refresh the page
Once the button has initialized press Ctrl + Shift + M to reactivate it again.
If you see m.facebook.com then you didn't do it fast enough, or maybe you're using something like Angular with hot reload and you need to manually refresh.