question

skymasterson avatar image
skymasterson asked David Marginian commented

Recaptcha on Login Blocks Sign In

Hi,


Seems like Clover recently added Recaptcha to the login web page to prevent password washing. https://www.clover.com/dashboard/login

Unfortunately, this is also blocking logins from Android devices which are needed to obtain OAuth tokens. Is there a way to look into this so that it doesn't block logins?

When our merchants attempt to login, the "Logging In" wheels spins and the screen goes blank/white.


OAuth
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered David Marginian edited

Update 2:

I am opening an internal ticket to track this. Can you provide more information on some devices/Android versions that do not work? If possible, can you provide a video of the failed flow as well?

Update:

Thank you for clarifying your flow and use. I am going to look into this and find out if there is a work-around. What do you use the token for? Do you have a limited number of calls? If so you may be able to replace those calls with APIs from the Android SDK.

I don't think the login endpoint was designed to be used by anything other than handling logins from Clover sites. Can you describe what you use the access token for? If you have an Android App you may be able to use the Android SDK to get the data your app needs.

3 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

The login process can be used for generating OAuth token.

0 Likes 0 ·

I think you are confusing the login process with our OAuth flow. It sounds like your application is accepting Clover login credentials and you shouldn't be.

0 Likes 0 ·
01928-7325x2 avatar image 01928-7325x2 David Marginian ♦♦ ·

How about the doc here: https://docs.clover.com/clover-platform/docs/using-oauth-20#section-using-the-response-type-token-method

It seems can be used for getting token. Not sure if I understand it correctly.

0 Likes 0 ·
skymasterson avatar image
skymasterson answered

Hi David,

Thanks for your help. Some clarifications.

- we're _not_ accepting credentials in our app (for sure!)

- we are using the default Android web view to re-direct to Clover's OAuth flow. " www.clover.com/oauth/authorize?client_id=" to have merchants sign in and then authorize a token to come back to us.

We've been using this flow for about 5 years now and it's blocking new merchants from signing up. It seems that the somewhat newly added reCaptcha is not compatible with the older Android devices (and the default Android browser) that many of our merchants use (1.5K+)

Ultimately, we need our merchants to authorize a token that gets sent back to our app which is also an Android app, but often runs in version 4.0.X.

Let us know if more context is helpful and whether we should use a separate thread for more detailed discussion so that you can get more details.

Thanks!

Andy

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered David Marginian commented

@skymasterson can you please provide us with detailed reproduction steps and possibly a video or screenshots? We have tried to reproduce the issue with a few of your apps and were unable to.

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community