Unable to authorize draw.io through Google account

Description of the issue

In Google Drive you can normally add draw.io drawings.

When opening an existing drawio drawing I get a dialog with the message:

“Authorization required
Authorize this app in Google Drive”

Hitting the authorize button will open a popup where you can choose a Google account, you are then sent back to drawio and get the following error:

Log in attempts failed. Please try again later.”

It links to this help article: https://desk.draw.io/support/solutions/articles/16000074659

As detailed out below the only way to make it work currently seems to be to temporarily change the default cookie policy to allow 3rd party cookies.

Once the third-party cookies are set, authorization works, even when I reset the 3rd party cookie policy.

Looking at the Network tab the problematic requests seem to be the ones directed at:


With brave default settings and even when shields for drawio are disabled, these requests don’t contain cookies in the request headers.

When changing the default 3rd party cookie policy to allow all cookies, the requests to oauth2/iframerpc will contain all Google cookies and authorization in drawio works as expected.

Exact URL of the website in question

drive.google.com then choose “New -> More -> Connect more apps -> choose drawio”

Did the issue present with default Shields settings? [Default states are: Block: Ads/Trackers, 3rd Party Cookies, 3rd Party Fingerprinting Allow: Encrypt Connections enabled (HTTPS), Scripts] (yes/no)

Yes, with default shields settings this issue shows. Only when changing the default shield setting to allow all cookies the issue goes away.

Does the site function as expected when Shields are turned off? (yes/no)

Turning off shields for draw.io doesn’t solve the issue. Even turning shields off for accounts_google_com as well doesn’t change anything.

Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration. (yes/no)

As mentioned above, changing of shields settings (even turning shields off entirely for drawio) doesn’t change anything about the behavior. Only changing the default 3rd-party cookie policy to allow all cookies makes authorization work in drawio.

Does the site function as expected when using Chrome? (yes/no)


What Brave version/Build are you using when you encounter the issue?(About Brave info)

Version 0.56.12 Chromium: 70.0.3538.77 (Official Build) (64-bit)

1 Like

I am also having the same problem.

@ctavan, sorry for not responding, Just now seeing it somehow.
I think this is expected behavior. By having 3rd party cookies blocked, you’re essentially entering credentials, then saying telling draw.io “Sorry you actually can’t use those”.
To solve this on my end, I left my Global Shields Defaults unchanged.

Instead, I dropped Shields entirely for draw.io, authenticated in via google, then turned my Shields back on and set to Allow all cookies on the domain level for draw.io. Now I still retain my default protections and only allow cookie access to draw.io.

Let me know if any of this is unclear.

I can confirm that this works for me now with

Version 0.57.18 Chromium: 71.0.3578.80 (Official Build) (64-bit)

It didn’t work that way before. Glad to see it’s working fine now.

1 Like