LoginException: CaptchaRequired since a few days

[MbayeNews]

Hi!
I had a cron job running once a day very smoothly for 6 months, but since a few days, I systematically get LoginException: CaptchaRequired.

Using https://accounts.google.com/DisplayUnlockCaptcha or creating another app password doesn't help.

Anyone else got the problem? Any idea on how to solve it? 🙏

[monemacom]

Same problem for me. I've also tried with an application password and the same LoginException: CaptchaRequired.

Accessing to https://accounts.google.com/DisplayUnlockCaptcha doesn't work.

[kiwiz]

Does https://myaccount.google.com/device-activity show a bunch of devices? I wonder if this error is hit by logging in too many times/having too many devices registered. While it won't solve the immediate problem, it is an option to cache the master token: https://github.com/kiwiz/keep-cli/blob/master/keep#L106-L128.

[MbayeNews]

@kiwiz thanks for your caching tip, it will be useful once it works again.
https://myaccount.google.com/device-activity shows only 3 devices on my side (mac, iphone, server)

In an attempt to understand, I tried to run only the following line from my server and it fails immediately with "CaptchaRequired", whatever the gmail account I use and regardless of the accuracy of the password :
gpsoauth.perform_master_login('a_gmail_address@gmail.com', 'the_password', uuid.uuid1())
The same line works normally from my mac!

I tried to manually solve the captcha that comes with the error and try again to login adding the parameters 'logintoken' and 'logincaptcha' in the request. It doesn't work and still responds "CaptchaRequired".

So it seems like Google has blacklisted our servers.
I was only using the script once a day, so it's not a frequency problem. I suspect they have a new way to detect it's not a true android device, after a few connections.
I hope there is a way to un-blacklist it, any idea? I don't want to just move the script to a new server because I'm sure they will quickly blacklist the new one as well, if I don't change anything.

[kiwiz]

Can you try deleting the server device from the list? If Google's blacklisted the IP, there's probably not much that can be done about it.

I think moving to a new server might be the best option here - by caching the token, you won't be logging in every day, but only when the token expires (which might be once every 30 days)?

[kiwiz]

I'm not too familiar with this flow but it seems to be (based on?) the ClientLogin. Maybe the link will help with any experimentation.

[hoffie]

I have analyzed a similar issue in another project which uses the Android Accounts API (Android App Aurora Store). My results so far are that Google seems to decide whether the require a Captcha by analyzing TLS protocol details. More specifically, I was able to make it work by forcing specific ciphers and disabling ALPN.

I have not been successful with solving the Captcha and submitting it anywhere. My solution was to avoid triggering the Captcha.

I am detailing my results here: https://gitlab.com/AuroraOSS/AuroraStore/issues/217#note_249390026

[neeleym]

If it is any help to anyone, I was getting the same Captcha block as well by running simple command line tests from a machine that should be a trusted machine. I have 2FA turned on with the machine showing as a trusted device and I am using an app pw. However, I realized that I was using python 2.7 and had incurred similar issues on another application ( not using gkeepapi ) in conjunction with Google APIs in general. I switched to python 3.7, updated my venv with the latest of gkeepapi and my simple tests began to work fine. I suspect the older 2.7 Google libs being used are now triggering the "less secure" criteria and kicking it out.

[monemacom]

Works properly with python 3.7. Thanks!

[MbayeNews]

Great ! I will try this

[kiwiz]

Consolidated debugging tips here. Closing this for now, but feel free to comment if you continue to have issues.