<pwa-auth> – enable Sign in with Google with a reduced response when strict privacy mode (Block third-party cookies or InPrivate browsing) is used (until we switch to Google Identity Services for Web).

[CetinSert]

This is a

• temporary fix for
  <pwa-auth> – Sign in with Google fails when Block third-party cookies or InPrivate browsing is turned on #3286
  requested by @maraah1 in
  <pwa-auth> – Sign in with Google fails when Block third-party cookies or InPrivate browsing is turned on #3286 (comment)
  
  
• until <pwa-auth> switches to the new Google Identity Services for Web
  tracked in
  <pwa-auth> – Google is replacing its "Sign-in JavaScript Platform Library" with the new "Identity Services for Web" in March 2023 #3309

PR Type

Bugfix

Describe the current behavior?

See #3286.
Sign in with Google does not work when people Block third-party cookies or use InPrivate browsing.

Describe the new behavior?

See #3286 (comment)
Sign in with Google works with a reduced response (only the email adress, no name or image) when people Block third-party cookies or use InPrivate browsing.

PR Checklist

• Test: run npm run test and ensure that all tests pass
• Target main branch (or an appropriate release branch if appropriate for a bug fix)
• Ensure that your contribution follows standard accessibility guidelines. Use tools like https://webhint.io/ to validate your changes.

---

Test on our next-gen web playground

See this in production on our next-gen web playground: //rt.ht ⬅️
We recommend using the Windows Sandbox for a clean state.

Test on pwa-auth-list.glitch.me

See #3343 (comment) ⬇️

[ghost]

Thanks cetinsert for opening a Pull Request! The reviewers will test the PR and highlight if there is any conflict or changes required. If the PR is approved we will proceed to merge the pull request 🙌

[ghost]

All CLA requirements met.

[CetinSert]

You can also quickly test this with the following steps:

1. Go to https://pwa-auth-list.glitch.me/
2. Edit the HTML in DevTools > Sources to apply this single-line change

Exact match of this commit hosted for your convenience: https://ic.rt.ht/google-provider-e3c8088c.js

- <script type="module" src="https://cdn.jsdelivr.net/npm/@pwabuilder/pwaauth@latest/dist/pwa-auth.min.js"></script>
+ <script type="module" src="https://ic.rt.ht/pwa-auth.min.js"></script> <!-- matches the pull request verbatim -->

A version with additional console.warn() calls for your convenience 👈🏻 (click/tap to expand)

 

- <script type="module" src="https://cdn.jsdelivr.net/npm/@pwabuilder/pwaauth@latest/dist/pwa-auth.min.js"></script>
+ <script type="module" src="https://ic.efn.kr/pwa-auth.min.js"></script> <!-- has console.warn() calls for convenience -->

3. Use the edited HTML file with DevTools > Overrides

---

We strongly recommend using Windows Sandbox for testing hygiene.

---

The following issues from other repositories are welcome to take this temporary fix into account until they also switch to Google Identity Services for Web as suggested to <pwa-auth> earlier here in this issue: #3309.

• Google sign-in broken on Safari when using Private Mode firebase/firebase-js-sdk#1040
• Client doesn't work if third-party session storage is disabled google/google-api-javascript-client#260
• Login with google not working in Google Chrome incognito mode though working properly in normal mode . google/google-api-javascript-client#783
• In Chrome, works regularly but not in Incognito Mode  anthonyjgrove/react-google-login#378
• Getting "idpiframe_initialization_failed" in private navigation anthonyjgrove/react-google-login#352

[CetinSert]

With the last 2 commits, we have tested all cases and exhausted developer resources we will dedicate to this workaround.
The ball is in your court now. (We strongly suggest a clean solution implementing #3309.)

• 99d67f7
• 2ee9fda

(The convenience links mentioned in #3343 (comment) are kept up-to-date and still available for your testing with the above 2 commits included.)

---

Tested interactions

Third-party cookies	blocked	allowed
Cancel+	✔️	✔️
Sign in	✔️	✔️

⁺ tested multiple times

---

Click/tap here to see the event.data of the 2 message events we await in code 👈🏻 (click/tap to expand)

 

https://github.com/pwa-builder/PWABuilder/pull/3343/files#diff-62b229f1b1d42d33a5df6960272abc200a98dd71e79a473abf7b5cfb7abba38cR87

  {
    "method": "fireIdpEvent",
    "params": {
      "type": "authResult",
      "clientId": "57804582347-fjts48vf74aujonq0akjmh16ta0kuuak.apps.googleusercontent.com",
      "id": "auth395061",
      "authResult": {
        "scope": "email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid",
        "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE3MjdiNmI0OTQwMmI5Y2Y5NWJlNGU4ZmQzOGFhN2U3YzExNjQ0YjEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiNTc4MDQ1ODIzNDctZmp0czQ4dmY3NGF1am9ucTBha2ptaDE2dGEwa3V1YWsuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI1NzgwNDU4MjM0Ny1manRzNDh2Zjc0YXVqb25xMGFram1oMTZ0YTBrdXVhay5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjEwMjYyODQ1NTQ5MDkwMTk0NTI2MiIsImVtYWlsIjoiY2V0aW4uc2VydEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaWF0IjoxNjYwODc2MTcxLCJleHAiOjE2NjA4Nzk3NzEsImp0aSI6IjAyOTRlYzhiMTViOGMxNDYyNGM3NDZhMGYzZjNkOTZmODczMTA5ZmUifQ.da6OcBgxGctw4eKXVn6vquTwj3mSRnkUwQFFCPpJVRDC6qeGop07vfSwhz2FceR9_QbWt9nFGdbeELY8X47EDARUbCzfNRH80IUQ2BnZ62X3Y-Zrzb8KK1QXR8sBZuA2HubtF6hJ-Rz4FIBAH8nTVdoK68JPIX_kY_3CH_WfcYeZwgLaUj2z9vLo6ScI2l_opGdc12JiyaqSLWAy_HHfY4ooyogIoeiCn8fxTuOYLx3PFoOXyYilf39zhELR70G28kl_Q3rzXyMB4_1xTRGLNn5p76l8HPEhB-xs0-agNsEpjn79GaCDIOQfI5_qNXtUVd88OL7wyJ4s3JolUh7v2w",
        "login_hint": "AJDLj6JTnD9r5nUgBTjHPh9yEse-ZVOAAuXsa0TMIG26duGuqQvjeAHqDZsUu1-mHw6Et__QhInJSlsBKxsE7MtamnbsupuUog",
        "client_id": "57804582347-fjts48vf74aujonq0akjmh16ta0kuuak.apps.googleusercontent.com"
      }
    }
  },

https://github.com/pwa-builder/PWABuilder/pull/3343/files#diff-62b229f1b1d42d33a5df6960272abc200a98dd71e79a473abf7b5cfb7abba38cR100

  {
    "method": "fireIdpEvent",
    "params": {
      "type": "idpError",
      "error": "Cookies are not enabled in current environment."
    },
    "rpcToken": "1227886743.6877475"
  },

[CetinSert]

e.data

  {
    "method": "fireIdpEvent",
    "params": {
      "type": "authResult",
      "clientId": "57804582347-fjts48vf74aujonq0akjmh16ta0kuuak.apps.googleusercontent.com",
      "id": "auth395061",
      "authResult": {
        "scope": "email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid",
        "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE3MjdiNmI0OTQwMmI5Y2Y5NWJlNGU4ZmQzOGFhN2U3YzExNjQ0YjEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiNTc4MDQ1ODIzNDctZmp0czQ4dmY3NGF1am9ucTBha2ptaDE2dGEwa3V1YWsuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI1NzgwNDU4MjM0Ny1manRzNDh2Zjc0YXVqb25xMGFram1oMTZ0YTBrdXVhay5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjEwMjYyODQ1NTQ5MDkwMTk0NTI2MiIsImVtYWlsIjoiY2V0aW4uc2VydEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaWF0IjoxNjYwODc2MTcxLCJleHAiOjE2NjA4Nzk3NzEsImp0aSI6IjAyOTRlYzhiMTViOGMxNDYyNGM3NDZhMGYzZjNkOTZmODczMTA5ZmUifQ.da6OcBgxGctw4eKXVn6vquTwj3mSRnkUwQFFCPpJVRDC6qeGop07vfSwhz2FceR9_QbWt9nFGdbeELY8X47EDARUbCzfNRH80IUQ2BnZ62X3Y-Zrzb8KK1QXR8sBZuA2HubtF6hJ-Rz4FIBAH8nTVdoK68JPIX_kY_3CH_WfcYeZwgLaUj2z9vLo6ScI2l_opGdc12JiyaqSLWAy_HHfY4ooyogIoeiCn8fxTuOYLx3PFoOXyYilf39zhELR70G28kl_Q3rzXyMB4_1xTRGLNn5p76l8HPEhB-xs0-agNsEpjn79GaCDIOQfI5_qNXtUVd88OL7wyJ4s3JolUh7v2w",
        "login_hint": "AJDLj6JTnD9r5nUgBTjHPh9yEse-ZVOAAuXsa0TMIG26duGuqQvjeAHqDZsUu1-mHw6Et__QhInJSlsBKxsE7MtamnbsupuUog",
        "client_id": "57804582347-fjts48vf74aujonq0akjmh16ta0kuuak.apps.googleusercontent.com"
      }
    }
  },

[CetinSert]

e.data

  {
    "method": "fireIdpEvent",
    "params": {
      "type": "idpError",
      "error": "Cookies are not enabled in current environment."
    },
    "rpcToken": "1227886743.6877475"
  },

[amrutha95]

Hey @CetinSert, you say this is a temporary fix. Does that mean that when we move to Google Identity Services for Web this will no longer be needed? In that case, could we prioritize that over this?

[CetinSert]

Hey @CetinSert, ... Does that mean that when we move to Google Identity Services for Web this will no longer be needed? In that case, could we prioritize that over this?

@amrutha95 That was my understanding, so I assume: yes, and yes.
I will confirm in 12 hours to ensure we don't misprioritize.

[CetinSert]

@amrutha95 –

Hey @CetinSert, you say this is a temporary fix. Does that mean that when we move to Google Identity Services for Web this will no longer be needed? In that case, could we prioritize that over this?

I say this is temporary because,

• Platform Library will stop existing in April 2023 and already does not work with new Client IDs.
• This quick patch is only usable until April 2023 and only works for existing Client IDs.

---

@amrutha95 –

Hey @CetinSert, you say this is a temporary fix. Does that mean that when we move to Google Identity Services for Web this will no longer be needed? In that case, could we prioritize that over this?

@amrutha95, @nmetulev – I have just confirmed this for you:

• ❌ Platform Library (old) explicitly mentions incompatibility with third-party cookie blocking:
  https://developers.google.com/identity/sign-in/web/troubleshooting#third-party_cookies_and_data_blocked
• ✔️ Identity Services (new) suggests using incognito (third-party cookie blocking support):
  https://developers.google.com/identity/gsi/web/guides/migration#sign-in_from_any_page_with_one_tap:~:text=can%20switch%20to-,Incognito,-mode%20to%20reset

---

@amrutha95 –

Hey @CetinSert, you say this is a temporary fix. Does that mean that when we move to Google Identity Services for Web this will no longer be needed? In that case, could we prioritize that over this?

Yes! Please also note the following!!

https://developers.google.com/identity/sign-in/web/reference

We are discontinuing the Google Sign-In JavaScript Platform Library for web. The library will be unavailable for download after the March 31, 2023 deprecation date. Instead, use the new Google Identity Services for Web.
By default, newly created Client IDs are now blocked from using the older Platform Library, existing Client IDs are unaffected. New Client IDs created before July 29th, 2022 can set plugin_name to enable use of the Google Platform Library.

⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️

Google Platform Library already doesn't accept new clients! So,
Google support of <pwa-auth> is utterly broken for new clients.

⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️

---

Please prioritize

• <pwa-auth> – Google is replacing its "Sign-in JavaScript Platform Library" with the new "Identity Services for Web" in March 2023 #3309

[amrutha95]

@CetinSert is it possible for you to help us with migrating to the new library? And thanks for finding out all this info. We will definitely make sure to get this done before deprecation.

[CetinSert]

@amrutha95 – unfortunately, I do not have time to perform the migration for you.

I will be looking forward to your work on it though!
<pwa-auth> is a true gem and I hope to keep using it in the future too.

[amrutha95]

@CetinSert got it. If that changes before we prioritize it please let us know. We are working on adding authentication for PWABuilder using pwa-auth, so we will have to get to this sooner rather than later. You also mentioned you have found your workaround for it for now. I think we can keep this as a known issue rather than fixing something that is going to change anyway. What do you think?

[CetinSert]

@CetinSert got it. If that changes before we prioritize it please let us know. We are working on adding authentication for PWABuilder using pwa-auth, so we will have to get to this sooner rather than later. You also mentioned you have found your workaround for it for now. I think we can keep this as a known issue rather than fixing something that is going to change anyway. What do you think?

Yes, please do so. Thank you. I am closing this pull request now.