Google Oauth2 Consent Screen Allow button disabled

Question

I have a Window Forms application that uses Google Oauth2 for user authentication. In Google Console, I created a project using my school email which means it has an organization and I've set my project to "internal" which means I do not need to verify the app (correct me if I'm wrong). I did not enable any library API because the only scopes I use are "openid email profile".

Last year, the app ran perfectly. User could authenticate and the app can get access token from Google and then exchange the code with another server of mine to access other APIs. However, I recently found out that the "Allow" button in the consent screen is disabled as well as the "deny" button, too.

I have looked around, it's not like the "Unverified App" because it simply disabled the buttons, you can see pictures below.

Anyone knows what has happened to Google Oauth2 for desktop app? I have read

in Google Oauth2 Docs, I do not know what it exactly means.

Answer 1

Answer for: Note: Incremental authorization is not supported for installed apps or devices. I do not know what it exactly means.

When requesting user permission to access user data or other resources, you can request all scopes up-front in the initial request or request scopes only as needed, using incremental authorization. Using incremental authorization, your app initially requests only the scopes required to start your app, then requests additional scopes as new permissions are required, in a context that identifies the reason for the request to the user.

It does not supported for installed applications like your win forms app. Just request all your scopes at once and try again.

possible solutions for the actual issue

Idea number 1:

Try enabling the 'less secure apps' option, for more info, see here: Less secure apps & your Google Account

Idea number 2:

Internal apps only work with users users in the same G Suite domain and the app is associated with a Cloud Organization that all of your users belong to, you don't need to go through verification.

I would double check you have logged into the corect gsuite account.

Answer 2

After more research on the Internet, the reason is that Google has updated the anti phishing protocol "MITM - Man In The Middle", so that embedded web browser like the webbrowser control in Winform now cannot do the Oauth things anymore because it cannot secure the token. You can read it in links below https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

To solve this problem, I use the device web browser instead of a web. I use the code from this github https://github.com/googlesamples/oauth-apps-for-windows

I'm closing this question.

Answer 3

I think you should read this post: Use latest version of Internet Explorer in the webbrowser control

Briefly: You should change the default emulation mode for Internet Explorer from the default (it is IE7) to IE11.

To do this you should create this registry value:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"yourappname.exe"=dword:00002af8

or if you have a 32bit application running on a 64bit OS:

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"yourappname.exe"=dword:00002af8

Note:

1. "yourappname.exe" is the name of the executable (without full path) that prompts the embedded browser.
2. To edit the registry you need admin rights. So you need an installer to make this modification in the customer's computer.

Hope it's help.