It seems like there is a bug in Google's One Tap client JS library that prevents the fallback to native credential manager when there is no Google session.
Intended Behavior: If there is no active Google session and the One Tap prompt is thus not displayed to the user, a fallback to the browser's native credential manager is performed. If the user has no active Google session, it can login using the saved password credentials from the credential manager. Thus, if the One Tap prompt is not shown, the browser's native credential manager is shown that lets the user pick a username/password combination. In the end, either a POST request to the data-native_login_uri endpoint is performed, or the callback data-native_callback is executed.
Current Behavior: As shown in the attached screenshot, instead of loading the callback with a.native_callback, it is loaded with a.zc. Of course, a.zc does not exist, such that the callback is set to undefined. Since there is no callback defined, the browsers native credential manager is never shown. If we change this.F = a.native_callback with the debugger, everything works as expected.
This bug is located in the gis_client_library JS library that is loaded when the Google One-tap sign-up and auto sign-in library is included on a website. In specific, this bug affects the data-native_callback HTML attribute of the One Tap configuration object and the native_callback JS parameter of the google.accounts.id.initialize method. My configuration object looks like the following:
<div id="g_id_onload"
data-client_id="XXX.apps.googleusercontent.com"
data-auto_select="false"
data-callback="handleTokenCredential"
data-native_callback="handlePasswordCredential"
></div>
Did anyone succeed in configuring the Google One Tap API with a native credentials manager as fallback?
