Google sign-in for chat 400 error

Greetings.

As of yesterday (04/13/2024), the Google sign-in no longer works reliably in the chat section. Attempting a sign-in yields the message “Error in User API: 400. Bad Request. Please contact us if you think this is a server error.”

After repeatedly trying to sign in for 10 minutes sporadically, it allowed me in. I also opened a different browser that I normally don’t use, and received the same error. Clearing cookies also did not appear to change the result.

Other users in the chat are also reporting the issue, having to sign into Facebook to get around it.

Hi @TAndy thanks for joining the forum and reporting this issue.

Do you recall a time of day when you experienced it? (And your time zone)

Anyone else experiencing similar?

Thanks for the reply, @tom. I experienced the issue at 11:21PM last night (04/13), and again this morning after 7AM EDT. I was able to sign in at 7:29AM. However, when I tried signing in on a different browser on my phone and again on a separate device, I was met with the same error.

Tom,

I also experienced this issue between 5:15pm and 5:30 pm today Sunday 4/14/24.

Also, experienced earlier in the afternoon today between 1:30 and 1:50pm. Had the same issue yesterday afternoon 4/13/24 sometime before 6pm.

Clearing cookies also did not appear to change the result.

Confirmed using Firefox aprox 17:47:45 eastern time 4/14.

Please be patient.

If you notice anything suggesting conditions that might affect when it works and when it doesn’t, please add a reply here.

Can you please copy paste into here the URL (e.g. starting https://) of the page you are on when you see the error.

The URL where I encounter the issue is: https://spinitron.com/WPRB/

thanks @TAndy i edited your post to make URL visible. is that right.
so it’s not https://playlists.wprb.com/WPRB/

i saw this error in the browser console. dunno what’s causing it yet. don’t expect a fix today. sorry.

[GSI_LOGGER]: The given origin is not allowed for the given client ID. m=credential_button_library:50:91

Yes, that is the correct URL!

I understand this fix would likely take time, but we appreciate the acknowledgement of the issue. Thank you very much

I got this issue on both of those URLs

I’ve discovered this morning that after encountering the error, switching from my local Wifi to T-Mobile LTE allows for a temporary fix. The same applies vice versa, error on the LTE network resolved by connecting to WiFi and signing in again.

how interesting. thanks for mentioning.

fwiw, we are able to reproduce and are in hot pursuit of the perp.

whether or not you see the error appears to depend on client IP address.

and it appears to have ramped up over the weekend

I just switched over to a VPN service to sign in on my desktop, and it signed me in with no problem. Switched back off the VPN and the sign-in is still valid. Very odd. It’s acting as if it’s blacklisting or rejecting fresh sign-ins with IP addresses that have been used recently.

Google did change the sign-in page last week, which did cause some issues with usernames associated with a Google sign-in no longer being available, and defaulting to whatever one’s Google screen name is.

FYI - WZBC has been experiencing this issue intermittently since at least April 12. Many listeners had to give up their anonymity this morning in a busy chatspace because their former aliases were not working and could not be reset. Just posting so others will know it’s affecting many stations. Not just yours

Yes, I know, it sucks. We have narrowed the issue down to a failure to verify JWT signatures deep in the libraries we use to handle the cryptography required by Google. We’re able to observe these failures but as of today we don’t understand why they are failing or what should be changed. We’re going to have to learn how the cryptography is supposed to work in some detail before we can sort it out. So that’s where we’re at with that.

At the same time we started testing chat login using PassKeys, which uses your phone or computer device to log in without a password. So far it works for one device but we need to extend it so you can authorize logins from other devices too.

Tom, I noticed a pattern. It will not let me use a previous alias. But if I type in a brand new one, I can change my alias. Hope this helps.

About the nickname (alias) feature. We changed the Google authentication to a completely new process behind the scenes two weeks ago (around Apr 6 2024). Users who sign in to chat with their Google identity after that date for the first time do not get their old nickname transferred over (sorry). At that point can set a new nickname.

To set a nickname, click 1 the cog (settings) button to open the nickname form, enter a 2 nickname, if it is allowed click 3 Use.

But in general you can’t use anyone’s old nickname until it has been unused for over a month, and that applies also to your old nickname from before the Google auth update Apr 6). So in another couple of weeks (roughly) you should be able change nickname to the old one you used.

NOTE: this nickname is a separate issue from the 400-error logging in.

We made a change that might fix the Google login issues. Please report here if they persist.

No issues so far, having logged in on my home WiFi (which hasn’t changed its public facing IP address) and LTE with no problems. I will keep an eye out in case anything happens over the next day or two.

Thanks for coming back to let us know.