Google OAuth Authentication Fails for Under-18 Accounts

[samuelrvg]

https://stackoverflow.com/questions/78889404/google-oauth-authentication-fails-for-under-18-accounts

Summary
I'm encountering issues with Google OAuth authentication for accounts where the user's age is under 18. While accounts for users aged 18 and older authenticate without problems, attempting to authenticate an under-18 account results in errors.

This issue occurs across multiple browsers.

Browser(s)/Version(s)
Opera 112.0.5197.53

Expected Behavior
All users, regardless of age, should be able to authenticate using Google Identity Services without errors. I expect the OAuth process to function consistently for both under-18 and 18+ accounts.

Actual Behavior
Users aged 18 and older can authenticate successfully. However, when attempting to authenticate an account where the user's age is under 18, the authentication fails, and the process does not complete as expected.

Steps to Reproduce
Set up the Google Identity Services client using the following HTML and JavaScript configurations:

HTML:
<script src="https://accounts.google.com/gsi/client"></script>

JavaScript:

config_CLIENT_ID = '...';

credential: string = '';

initializeGoogleApi = async () => {
  google.accounts.id.initialize({
    client_id: this.config_CLIENT_ID,
    callback: this.handleCredentialResponse
  });
}

renderGoogleButton() {
  const parent = document.getElementById('button-google-el');
  google.accounts.id.renderButton(parent, {text: 'signin_with', size: 'large'});
}

Attempt to authenticate using an account where the user's age is under 18.

Observe the error that occurs during the authentication process.

[kimyw97]

We are in the same situation. The same report has been coming to users since two weeks ago, even though it was working without any problems before. It is currently in service, and after review by the development team, it was confirmed that no changes were made during the reporting period. Can you find out the cause of the problem?

Users with problems we identified

1. Personal Google account = no problem
2. Workspace (our company is using) = No problem
3. Workspace with education = Problem situation occurs

[samuelrvg]

Hello @kimyw97, this issue is related to Google's privacy policies for children under 18 years old. If I understand correctly, your API must ensure that it complies with Google's security policies, though I can't recall which ones specifically right now. I was only able to solve this by using Firebase OAuth authentication, which includes all the necessary security policies.

[kimyw97]

@samuelrvg Thank you I should think about switching to Firebase. If I find the cause, I will share it.