[Solved] I can't connect to Gnome Online Accounts

Responsabilidade@lemmy.eco.br to Linux@lemmy.ml – 23 points –

Prologue

Today I messed up with the permissions at my home folder, so after a struggle time I finally was able to enter in TTY2 and set all my home folder with permissions 766. However I don't know if all my files, folders and hidden stuff had this permission, but still, now my desktop is mostly working.

Actual issue

Now, with mostly correct permissions, I found that my Google Account synced wasn't retrieving any data, so I removed my account from Gnome Online Accounts and tried to login again.

Well, it does not work as intended anymore. The popup shows asking for the username and after asking for the password. After I enter the password, it keeps loading forever never asking me for allow granting Gnome permissions. Interestingly, if I type the password wrong, it recognizes that's wrong and gives me a error message. This bug only happens when I type the correct username and password.

Even more interesting, is that if I try to connect any other Google account, it does work!

What I tried

  • Reboot my laptop
  • Remove the folders ~/.config/goa-1.0, ~/.cache/gnome-control-center-goa-helper and ~/.local/share/gnome-control-center-goa-helper
  • Restore the correct permissions to ~/.gnupg to 600
  • Creating a new user (I wasn't able to login as well)
  • Deleting app permission for Gnome on Google Manage Account
  • Tried to pacman -S gnutls, pacman -S gnome-online-accounts and pacman -S gvfs-goa

I'm hopeless. I don't know what else to try. I need this account connected to my Gnome Online Accounts cause it makes part of my workflow.

Is there any other configuration file I missed? Is there any other database I missed? Any ideia how to solve it?

Thank you in advance, guys


My setup

Hardware Information:

  • Modelo do hardware: Acer Aspire A515-45
  • Memória: 12,0 GiB
  • Processador: AMD Ryzen™ 7 5700U with Radeon™ Graphics × 16
  • Gráficos: AMD Radeon™ Graphics
  • Capacidade de disco: 256,1 GB

Software Information:

  • Versão do firmware: V1.13
  • Nome do SO: Arch Linux
  • Compilação do SO: rolling
  • Tipo do SO: 64 bits
  • Versão do GNOME: 45.0
  • Sistema de janelas: Wayland
  • Verificação do kernel: Linux 6.1.59-1-lts

Solution

Turns out that Google's new 2FA method was not allowing me to proceed with verification. I turned off 2FA, login in the Gnome Accounts and then turn back on the 2FA

2

Thank you for that, I also recently posted asking for help with this matter a couple days ago. I'm back to Linux after about 5 years break and initially I thought it was only Fedora, but then I changed to openSUSE Tumbleweed and then again to Ubuntu, and all of them presented the same issue, so it really was clear it was a bigger issue than a single distro. Nonetheless turning off 2FA is a workaround only and some accounts like work account won't allow turning it off at all, so definitely this is something the GNOME team should be prioritizing to fix soon.

This ia definitely an issue that Gnome must work with.

However I think I understood the issue. Google is pushing passwordless verification to us, but at the time it's not supported on Linux.

There are a couple of 2FA to connect into Google's account, one of them is this passwordless alternative, using a FIDO hardware or a bluetooth device to authenticate me.

When I tried to login with my Google account at a normal browser, such as Firefox, it asks me to connect my device to authenticate me, which I can cancel this operation and select any other 2FA method.

At the Gnome Online Accounts it does not show the popup asking for the device at all, but my hypothesis is that it still waiting for it undefinitely, preventing us to login or select any other 2FA method.

A workaround is disabling Security Device 2FA in your account and using other 2FA methods, like TOPT, SMS and Phone Authorization.

A solution would be implement a timeout on GnomeWebKit aborting the "waiting for authentication" operation and proceeding to select another 2FA method.

This is a issue by Google's decision to not allowing us select our prefered 2FA anymore.