Latest Chrome Extension breaks Google Sign-In on our website?
Hello,
We run a website that uses Google Sign-In For Web, and recently started noticing problems logging into our own website via Google (and then of course are very concerned that our customers have the same problem!)
For those that experience the problem in Chrome, it happens every time. We finally realized that disabling the "1Password - Password Manager" chrome extension immediately fixes the problem.
When the problem occurs, this is found in the browser's console errors:
[GSI_LOGGER]: Check credential status returns invalid response. GET https://accounts.google.com/gsi/status?client_id=***********&as=**************** net::ERR_BLOCKED_BY_CLIENT
Could this be related to the "Sign in with..." feature? Is there anything we can add to our page to hint to the extension not to use that feature if doing so would fix our Google Login?
Thanks! Please let me know what other information I can provide to resolve this issue.
- Brady
1Password Version: 1Password for Mac 8.10.4 (81004032)
Extension Version: 2.10.0
OS Version: macOS 13.2.1 (22D68)
Browser:_ Chrome
Comments
-
And to be clear -- the error isn't happening when trying to use 1Password to sign in. The fact that it's enabled blocks the login attempt.
0 -
We're seeing the same issue with a web app that uses Google Sign In for Web and similar console errors about requests being blocked by the client.
I have been able to verify that upgrading the browser extension from v2.9.0 to 2.10.0 triggers the issue. Disabling the 1Password extension resolves the issue and no errors in the console.
0 -
We had the same issue. After widespread reports of google auth breaking for admin users of our web app (which is a requirement to access the admin dashboard features), we tracked down the problem to the 1password update. The solution was to temporarily disable 1password until authentication succeeded.
0 -
A few of our users have also reported that disabling 1Password SSO/federated login support does not resolve the issue either and the extension itself has to be completely disabled.
0 -
Hey @nicedawg, @jzebra, @cvanes,
I'm sorry for the trouble, I'd like to investigate this further. Could you provide me with a look to an example that I could access to do some testing?
In addition, can you confirm if you are using the beta version of 1Password in the browser or the latest stable release?
You can find this information if you right click the 1Password icon in your browser toolbar and choose Settings and then scroll right to the bottom.
Thanks in advance!
1 -
That is correct, and I'm also facing the same issue. I disabled the 1password extension on ms edge, and Google sign-in is working again.
1Password Extension version 2.10.0 is blocking the direct request from the browser because 1password can sign you in via OAuth, blocking the actual behaviour and then giving us a popup to save that OAuth sign.
That confirms an issue with the extension that blocks the Google request.
0 -
This content has been removed.
-
@steph.giles happy to share a link to an app we're having issues with if you can DM me?
Can also confirm we are using the latest stable 2.10.0 release and verified this was not an issue in 2.9.0 before upgrading on my machine.
0 -
Thanks, @steph.giles ! Our site is https://www.vecteezy.com. To recreate the problem:
- make sure the 1Password chrome extension is enabled
- Click "Log In" at the top right
- Click "Log In with Google"
- Observe "Logging in..." hanging forever, and console shows aforementioned errors
And here's confirming I"m using the stable version
1Password in the browser 2.10.0 20246, on STABLE channel
0 -
Hey @nicedawg, @jzebra, @cvanes, @syedadeel2,
Thanks for getting back to me
It looks like you may be impacted by a newly added feature to the latest 1Password in the browser extension (version 2.10.0) that is designed to prevent competing sign-in popups but was enabled by default. Could you try the following:
- Right click on the 1Password icon in your browser and select Settings.
- Scroll down to the General section.
- Disable Stop competing sign-in popups in the browser.
- Try using your Google sign in once more.
I hope this helps, I have added all of you as affected users to an internal issue that has been passed on to our development team.
In addition, if you could also let us know the websites you are experiencing this trouble on that would be really useful for us to pass specific details on to the team. @cvanes if you wouldn't mind sharing the link to the app over email that would be great. Please send it to support+forum@1password.com with a link to this thread.
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here.
I'm sorry for the disruption, let me know if there is anything else we can help with in the meantime.
ref: dev/core/core#21437
1 -
Hi @steph.giles, can confirm that the workaround resolves the issue and have forwarded the link to our internal app - support ID number is 131769.
0 -
Thanks for the workaround, @steph.giles . I can also confirm it resolves the issue.
0 -
-
Same issue here, it's blocking the Google one tap to be shown.
Console error message:
[GSI_LOGGER]: Check credential status returns invalid response.
GET https://accounts.google.com/gsi/status?client_id=***********&as=**************** net::ERR_BLOCKED_BY_CLIENThttps://developers.google.com/identity/gsi/web/guides/display-google-one-tap
0 -
Glad it helped explain your problem, @mcanaleta!
The fact that the console was showing that the request was "blocked by client" helped point me in the right direction; often that's an indication of an adblocker, which is what I first suspected, but didn't seem to be the case. But it indicated that something in the browser was blocking it.
Realizing it could be some other Chrome extension, I started to disable a bunch of extensions at the same time, but when I saw 1Password first in my list, I thought about the recent changes that detect/assist with 3rd party logins so tried disabling only that extension - and the problem went away! (If 1Password had decided to name their fantastic product ZPassword it would've taken me much longer to reach the same conclusion. :-) )
@steph.giles : Can you confirm if this is a bug that is being actively worked on? Or is there something we can do on our website to prevent our users from having this same problem logging in? (We can't change their 1Password settings for them.)
0 -
It makes sense @nicedawg, good reasoning!
Workaround for for developers of web apps affected by this bug: the bug affects the "OneTap" method, but not the "Sign in with Google" button, so a workaround is to just add the
<div class="g_id_signin" .../>
tag that basically displays a button that opens the typical google login popup (https://developers.google.com/identity/gsi/web/reference/html-reference#element_with_class_g_id_signin). Callbacks or redirects defined in g_id_onload will still work the same way, so no code needs to be changed. It has more friction than the OneTap button of course, and browsers can block the popup, but at least your users will have an opportunity to login.@steph.giles please keep us up to date, thanks!
0 -
Hey all,
Just a little more information on this one.
To prevent confusion with our 'Sign in with' feature and to help user's know which provider they use to sign in on a site, the latest version of 1Password in the browser includes a feature which prevents Google's One Tap UI from appearing. The One Tap UI is intended as an addition to the traditional "Sign in with Google" button.
On testing some sites where we are seeing the problem described above it appears that the "Sign in with Google" button is a custom button that is intended to present the One Tap UI.
Google shares this on their page:
Warning: The One Tap UI should be displayed automatically on page load or other window events, instead of being triggered by a user gesture. Otherwise, you may get a broken UX. Users may not see any UI after a user gesture, due to globally opt-out, cool-down, or no Google session, etc.
If a user isn’t signed into a Google account in their browser, or if they have turned off “Google Account sign-in prompts” in their account settings, the button will not work.
We recommend using Google's Sign in With button which follows Google's guidelines, creates a better user experience, and is not affected by our new feature and the troubles you have described.
I hope this helps!
Edit: typo
0 -
So your solution to stop 1Password overlapping the Google sign in dialog ... was to block the network request?!
0 -
It's extremely disappointing that 1password deliberately block google's functionalities that greatly benefit the customers, just to promote their own features. I hope that 1Password makes better choices.
0 -
Was just investigating Google One-Tap not working in our application when I stumbled on this thread. I understand that 1password wants to offer a unified way of signing in when on a sign in screen. However this breaking the One-Tap functionality without any alternatives is rough. One-Tap is a large factor in driving signups on our website, so I have to agree with the previous commenters, extremely disappointing, especially when we just switched from lastpass to 1password company wide, just a few weeks ago.
I feel like the "Disable Stop competing sign-in popups in the browser" option should be opt in, but as a developer I do understand why you are not doing that, however I also have to question your implementation here.0 -
Thanks to @nicedawg for posting... I was going crazy trying to log into my Vecteezy account to check billing details... two days of trying. Even before I realized you were with Vecteezy, it dawned on me to just try a different browser (which worked). Then I confirmed that turning off 1PW in Chrome allowed me to sign in with my Google account. Sadly, clicking on Vecteezy's "Log in with Google" just sits forever and never gave any feedback. Thanks for clearing up the what, if not the why!
0 -
Hi @tklevenz , my name is Hilary and I'm the software developer that implemented the"block competing popup" feature. I can see how this change has caused some end users the inability to login to some of their normal sites, and that your signups have also been negatively affected. I'm sorry that blocking popups has had this negative consequence.
To speak to the implementation, what 1Password does is stop network requests to
https://accounts.google.com/gsi/status*
which is accomplished through the native declarativeNetRequest API. I made this implementation decision because it has the same behaviour as toggling this setting in google:Users can turn off pop-ups this way, without 1Password, so I believed following google's approach would have the least negative impact. We knew some people would be affected and in retrospect, we could have done more to:
1. Notify site maintainers ahead of time so that they can update their website.
2. Notify users of this change so they can turn the 1Password toggle on/off.In terms of a solution for sites like vecteezy, they will have to use Google's recommended button for authentication that @steph.giles shared above. Lot's of websites rely on Google authentication and we definitely want to keep that experience positive.
Other than vecteezy, I can't find another site encountering an issue logging in with Google, but if anyone here knows of some, I'd be happy to reach out to them to help.
I'm also open to answer any technical questions about this feature, and will share product feedback with my manager.
0 -
twobird.com is another one
0 -
Thank you for sharing this @carydubek, I have passed it on to the team.
ref: dev/core/core#21437
0 -
Thanks for sharing @carydubek!
I did a little investigation and it looks like even with 1Password uninstalled I can't signup to twobird.com. I checked my google settings and they look good, but I receive this error:
0 -
To address the ongoing issue with Google's FedCM, developers must include the data-use_fedcm_for_prompt="true" tag into their OneTap HTML code. This implementation will eliminate the necessity to adjust 1Password settings, ensuring site visitors remain unaffected.
https://developers.google.com/identity/gsi/web/guides/fedcm-migration
0