HtmlViewer, Windows and Google account

Vincent_MERCEY · June 27, 2022, 1:35pm

Our application has to get back an API authorization key from Google after a connection to a google account.
We use an htmlviewer control to display the connection page and let the user enter his credentials and authorize the use of the API. Then the application get the key from the url provided by Google.
On macos, we have no problem.
On Windows (10 or 11), we can’t ! Google decides that “our web browser is unsecured and we MUST choose an other browser”.
htmlviewer’s renderer is set either to Native or WebKit.
We have this problem with all releases of Xojo

How can we solve this (huge) issue ?

Marc_COURAUD · June 27, 2022, 1:36pm

Oh ! I have the same problem

Vincent_MERCEY · June 30, 2022, 8:46am

Here are the headers sent by HTMViewer on Windows :
{
“host”: “NNNNNNNN”,
“x-forwarded-for”: “192.168.2.191”,
“connection”: “close”,
“accept”: “/”,
“accept-language”: “fr-FR,fr;q=0.5”,
“accept-encoding”: “gzip, deflate”,
“user-agent”: “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)”
}

And the ones sent by MS-EDGE (Windows 11)
{
“host”: “NNNNNNNN”,
“x-forwarded-for”: “192.168.2.191”,
“connection”: “close”,
"upgrade-insecure-requests": “1”,
“user-agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Edg/103.0.1264.37”,
“accept”: “text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,
“accept-encoding”: “gzip, deflate”,
“accept-language”: “fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6”,
“if-none-match”: "W/“123b-UA6tLwp/gWeSN7kmaVglSriSzb8"”
}

There are big differences(in bold).

Vincent_MERCEY · July 27, 2022, 3:22pm

With 2022R2 : HTMLVIEWER on WINDOWS is still an unsecure webbrowser for Google !!!
We can’t do anything with Xojo and Google.
No way to change anything.

Bart_Harrison · July 27, 2022, 9:49pm

In Windows I use the HTMLViewerMBS from Monkeybread which fully supports Microsoft WebView. It solves a lot of problems for me and may help with this. And if it doesn’t then let Christian at Monkeybread know. He often solves such problems with a quick turn-around usually in a day or so. He’s the best.

It’s in his “MBS Xojo WinFrameworks Plugin”

https://www.monkeybreadsoftware.de/

kevin_g · July 27, 2022, 10:10pm

If it is using OAuth2 then it could be that Google (like others) are starting to block embedded browsers due to security issues.

If that is the cause, you can refer to this recent forum thread where I mention some possible solutions:

Wayne_Golding · July 28, 2022, 4:25am

What version of Xojo are you using? Webkit has been updated many times over the years and “Native” is no longer an option.

When I use me.LoadURL("https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/drive&response_type=code&access_type=offline&redirect_uri=https://www.maxsoftlk.com&client_id=1072307075112-fposi9hsdfghjkd3239f6gbfpkfasfpk.apps.googleusercontent.com") which is just an example from a tutorial I get a invalid clientid screen (expected) not a blank page.

DerkJ · July 28, 2022, 7:11am

HTMLViewer is NOT a browser.

Vincent_MERCEY · July 28, 2022, 10:25am

With HTMLViewerMBS : same problem : unsecure browser or application…

kevin_g · July 28, 2022, 12:01pm

Bart_Harrison · July 28, 2022, 1:48pm

Reach out to Christian at MBS and see if he can fix this:

Christian Schmitz support@monkeybreadsoftware.de

Vincent_MERCEY · July 28, 2022, 1:59pm

Understand :
Application tells the default webbrowser to do the job and to forward the GGL answer to her.
I wonder how to do that in Xojo (finding a free TCPPort, telling the Web Browser and getting back the answer)…
I wonder too why that’s run on Macos with the same HTMLViewer.

Vincent_MERCEY · July 29, 2022, 9:18am

The Chilkat plugin seems to do the job.