We have a multiplatform application (web, Electron for desktop, iOS and Android apps). When authenticating through our Electron app, some of our users are being forwarded to a legacy auth route ( https://accounts.google.com/signin/oauth/legacy/approval) rather than the standard auth route (https://accounts.google.com/signin/oauth/consent/approval). This legacy auth route fails to complete authorization so our users are unable to log in to our app. Only our Electron users are seeing this. We first saw this on October 16th, and it became more frequent around October 28th.
This happens when we open an electron browser window and visit https://accounts.google.com/o/oauth2/v2/auth with the standard parameters. If we copy the same URL and parameters into a non-Electron browser window, we are sent to the standard auth route.
Here's the relevant part of our Electron Oauth code:
const authParams = {
access_type: opts.offline ? 'offline' : undefined,
response_type: 'code id_token',
redirect_uri: 'http://localhost/authenticate',
scope: expandedScopes.join(' '),
client_id: xxxx,
prompt: 'consent',
login_hint: opts.email ? opts.email : undefined,
nonce
}
const authParamStr = queryStringify(authParams)
const authUrl = `https://accounts.google.com/o/oauth2/v2/auth?${authParamStr}`
authWindow.loadURL(authUrl)
What happens is that instead of being properly authenticated, the last screen of the Oauth consent flow is a white screen with the title "Approved Clicked". On web and other platforms, the login finishes correctly.
We got around this by simply stripping Electron from the user agent. In your case it'd probably be something like this.
authWindow.loadURL(authUrl, {
userAgent: navigator.userAgent.replace(/ Electron\/\S+ /g, ' ');
});
Doesn't explain why Google is doing this, but gets around it in the meantime.