From a157c1e95ede446af6157b7a2f37033dde331ef7 Mon Sep 17 00:00:00 2001
From: Aaron Cowdin <aaron.cowdin@gmail.com>
Date: Wed, 5 Jun 2024 07:28:07 -0700
Subject: [PATCH 1/2] Update the googleapps IDP provider to work with changes
 to Google login page while maintaining gaialogin compatibility

---
 .../example/form-password-challengeid-3.html  | 93 +++++++++++++++++++
 pkg/provider/googleapps/googleapps.go         | 43 ++++++---
 pkg/provider/googleapps/googleapps_test.go    | 36 +++++++
 3 files changed, 161 insertions(+), 11 deletions(-)
 create mode 100644 pkg/provider/googleapps/example/form-password-challengeid-3.html

diff --git a/pkg/provider/googleapps/example/form-password-challengeid-3.html b/pkg/provider/googleapps/example/form-password-challengeid-3.html
new file mode 100644
index 000000000..3591d59fc
--- /dev/null
+++ b/pkg/provider/googleapps/example/form-password-challengeid-3.html
@@ -0,0 +1,93 @@
+<!doctype html>
+<html lang="en-US" dir="ltr">
+  <head>
+    <base href="https://accounts.google.com/v3/signin/">
+    <link ref="preconnect" href="//www.gstatic.com">
+    <meta name="referrer" content="origin">
+    <link rel="canonical" href="https://accounts.googele.com/v3/signin/challenge/pwd">
+    <meta name="chrome" content="nointentdetection">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="description" content="">
+    <title>Sign in - Google Accounts</title>
+  </head>
+  <body>
+    <div class="BDEI9 LZgQXe">
+      <div class="Ha17qf" data-auto-init="Card">
+        <div class="Or16q">
+          <div data-view-id="b5STy">
+            <div class="gEc4r">
+              <img src="//ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png" class="TrZEUc" alt="Google" width="74" height="24">
+            </div>
+            <div class="EQIoSc" jsname="bN97Pc" data-use-configureable-escape-action="true">
+              <div jsname="paFcre">
+                <div class="aMfydd" jsname="tJHJj">
+                  <h1 class="Tn0LBd" jsname="r4nke">Welcome</h1>
+                  <p class="a2CQh" jsname="VdSJob"></p>
+                  <div class="C7uRJc">
+                    <a href="/v3/signin/identifier?continue=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;dsh=foo:bar&amp;faa=1&amp;flowEntry=ServiceLogin&amp;flowName=WebLiteSignIn&amp;followup=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;hl=en_US&amp;ifkv=ABCDEFGHIJKLMNOPQRSTUVWXYZ?hl%3Den" class="HDuqac EI77qf TrZEUc cd29Sd iiFyne" tabindex="0" aria-label="test-id3@example.com selected. Switch account" jsname="af8ijd">
+                      <div class="BOs5fd">
+                        <div jsname="bQIQze" class="wJxLsd" data-profile-identifier translate="no">test-id3@example.com</div>
+                    </a>
+                  </div>
+                </div>
+              </div>
+              <form action="/v3/signin/challenge/pwd?TL=ABCDEFGHIJKLMNOPQRSTUVWXYZ&amp;cid=2&amp;continue=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;dsh=foo:bar&amp;faa=1&amp;flowEntry=ServiceLogin&amp;flowName=WebLiteSignIn&amp;followup=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;hl=en_US&amp;ifkv=ABCDEFGHIJKLMNOPQRSTUVWXYZ?hl%3Den" method="POST" novalidate>
+                <div class="iEhbme" jsname="rEuO1b">
+                  <section class="aN1Vld fegW5d rNe0id eLNT1d S7S4N" aria-hidden="true" jsname="INM6z" aria-live="assertive" aria-atomic="true">
+                    <header class="wSQNd" jsname="tJHJj">
+                      <h2 class="cySqRb TrZEUc">
+                        <span class="zlrrr" aria-hidden="true" jsname="Bz112c"><svg aria-hidden="true" class="hZUije GxLRef" fill="currentColor" focusable="false" width="20px" height="20px" viewBox="0 0 24 24" xmlns="https://www.w3.org/2000/svg"><path d="M1 21h22L12 2 1 21zm12-3h-2v-2h2v2zm0-4h-2v-4h2v4z"></path></svg>
+                        </span>
+                        <span jsname="Ud7fr">Too many failed attempts</span>
+                      </h2>
+                      <div jsname="HSrbLb" aria-hidden="true"></div>
+                    </header>
+                  </section>
+                  <section class="aN1Vld " jsname="dZbRZb"><div class="yOnVIb" jsname="MZArnb">
+                      <span jsname="xdJtEf">
+                        <input type="hidden" name="bgresponse" value="js_disabled" id="bgresponse" style="display:none">
+                      </span>
+                      <input type="text" name="identifier" class="hJIRO" tabindex="-1" aria-hidden="true" spellcheck="false" value="test-id3@example.com" jsname="KKx9x" autocomplete="off" id="hiddenEmail">
+                      <div class="Fu5aXd" jsname="vZSTIf">
+                        <div class="Flfooc">
+                          <div class="TRuRhd  YKooDc">
+                            <div class="fjpXlc">
+                              <label class="dXXNOd">
+                                <input class="xyezD" jsname="Ufn6O" type="password" name="Passwd" id="password" autofocus autocapitalize="off" autocomplete="current-password" dir="ltr"/>
+                                <div class="nWPx2e">
+                                  <div class="YhhY8"></div>
+                                  <div class="CCQ94b">Enter your password</div>
+                                  <div class="tNASEf"></div>
+                                </div>
+                              </label>
+                            </div>
+                          </div>
+                        </div>
+                        <div class="F3wxlc" jsname="h9d3hd"></div>
+                        <div class="NHVGlc" jsname="JIbuQc"></div>
+                      </div>
+                      <input type="hidden" name="TrustDevice" value="true">
+                      <input type="hidden" name="historicalPassword" value="false">
+                    </div>
+                  </section>
+                  <input type="hidden" name="" value="test-id3@example.com" jsname="m2Owvb" id="identifierId">
+                </div>
+                <div class="i2knIc" jsname="DH6Rkf">
+                  <div class="wg0fFb" jsname="DhK0U">
+                    <div class="RhTxBf" jsname="k77Iif">
+                      <button name="action" class="JnOM6e TrZEUc rDisVe" value="1" jsname="Njthtb" id="passwordNext">Next</button>
+                    </div>
+                    <div class="tmMcIf" jsname="QkNstf">
+                      <button name="action" class="JnOM6e TrZEUc KXbQ4b" value="3" jsname="gVmDzc">Try another way</button>
+                    </div>
+                  </div>
+                </div>
+                <input type="hidden" name="at" value="ALt4Ve3-7VDKsElQQfRT91gYiMG8:1717681198454">
+              </form>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </body>
+</html>
diff --git a/pkg/provider/googleapps/googleapps.go b/pkg/provider/googleapps/googleapps.go
index 8409465c0..36a99f953 100644
--- a/pkg/provider/googleapps/googleapps.go
+++ b/pkg/provider/googleapps/googleapps.go
@@ -63,7 +63,14 @@ func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)
 	// Post email address w/o password, then Get the password-input page
 	passwordURL, passwordForm, err := kc.loadLoginPage(authURL+"?hl=en&loc=US", loginDetails.URL+"&hl=en&loc=US", authForm)
 	if err != nil {
-		return "", errors.Wrap(err, "error loading login page")
+		//if failed, try with "identifier"
+		authForm.Set("Email", "") // Clear previous key
+		authForm.Set("identifier", loginDetails.Username)
+		passwordURL, passwordForm, err = kc.loadLoginPage(authURL+"?hl=en&loc=US", loginDetails.URL+"&hl=en&loc=US", authForm)
+
+		if err != nil {
+			return "", errors.Wrap(err, "error loading login page")
+		}
 	}
 
 	logger.Debugf("loginURL: %s", passwordURL)
@@ -311,11 +318,13 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 
 	secondFactorHeader := "This extra step shows it’s really you trying to sign in"
 	secondFactorHeader2 := "This extra step shows that it’s really you trying to sign in"
+	secondFactorHeader3 := "2-Step Verification"
 	secondFactorHeaderJp := "2 段階認証プロセス"
 
 	// have we been asked for 2-Step Verification
 	if extractNodeText(doc, "h2", secondFactorHeader) != "" ||
 		extractNodeText(doc, "h2", secondFactorHeader2) != "" ||
+		extractNodeText(doc, "h1", secondFactorHeader3) != "" ||
 		extractNodeText(doc, "h1", secondFactorHeaderJp) != "" {
 
 		responseForm, secondActionURL, err := extractInputsByFormID(doc, "challenge")
@@ -326,7 +335,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 		logger.Debugf("secondActionURL: %s", secondActionURL)
 
 		switch {
-		case strings.Contains(secondActionURL, "challenge/totp/"): // handle TOTP challenge
+		case strings.Contains(secondActionURL, "challenge/totp"): // handle TOTP challenge
 
 			var token = loginDetails.MFAToken
 			if token == "" {
@@ -337,7 +346,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 			responseForm.Set("TrustDevice", "on") // Don't ask again on this computer
 
 			return kc.loadResponsePage(secondActionURL, submitURL, responseForm)
-		case strings.Contains(secondActionURL, "challenge/ipp/"): // handle SMS challenge
+		case strings.Contains(secondActionURL, "challenge/ipp"): // handle SMS challenge
 
 			if extractNodeText(doc, "button", "Send text message") != "" {
 				responseForm.Set("SendMethod", "SMS") // extractInputsByFormID does not extract the name and value from <button> tag that is the form submit
@@ -366,7 +375,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 
 			return kc.loadResponsePage(secondActionURL, submitURL, responseForm)
 
-		case strings.Contains(secondActionURL, "challenge/sk/"): // handle u2f challenge
+		case strings.Contains(secondActionURL, "challenge/sk"): // handle u2f challenge
 			facetComponents, err := url.Parse(secondActionURL)
 			if err != nil {
 				return nil, errors.Wrap(err, "unable to parse action URL for U2F challenge")
@@ -389,7 +398,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 			responseForm.Set("TrustDevice", "on")
 
 			return kc.loadResponsePage(secondActionURL, submitURL, responseForm)
-		case strings.Contains(secondActionURL, "challenge/az/"): // handle phone challenge
+		case strings.Contains(secondActionURL, "challenge/az"): // handle phone challenge
 
 			dataAttrs := extractDataAttributes(doc, "div[data-context]", []string{"data-context", "data-gapi-url", "data-tx-id", "data-api-key", "data-tx-lifetime"})
 
@@ -411,7 +420,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 
 			return kc.loadResponsePage(secondActionURL, submitURL, responseForm)
 
-		case strings.Contains(secondActionURL, "challenge/dp/"): // handle device push challenge
+		case strings.Contains(secondActionURL, "challenge/dp"): // handle device push challenge
 			if extraNumber := extractDevicePushExtraNumber(doc); extraNumber != "" {
 				log.Println("Check your phone and tap 'Yes' on the prompt, then tap the number:")
 				log.Printf("\t%v\n", extraNumber)
@@ -427,7 +436,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u
 			responseForm.Set("TrustDevice", "on") // Don't ask again on this computer
 			return kc.loadResponsePage(secondActionURL, submitURL, responseForm)
 
-		case strings.Contains(secondActionURL, "challenge/skotp/"): // handle one-time HOTP challenge
+		case strings.Contains(secondActionURL, "challenge/skotp"): // handle one-time HOTP challenge
 			log.Println("Get a one-time code by visiting https://g.co/sc on another device where you can use your security key")
 			var token = prompter.RequestSecurityCode("000 000")
 
@@ -599,14 +608,26 @@ func mustFindErrorMsg(doc *goquery.Document) string {
 }
 
 func extractInputsByFormID(doc *goquery.Document, formID ...string) (url.Values, string, error) {
+	// First try to find form by specific id
 	for _, id := range formID {
 		formData, actionURL, err := extractInputsByFormQuery(doc, fmt.Sprintf("#%s", id))
-		if err != nil && strings.HasPrefix(err.Error(), "could not find form with query ") {
-			continue
+		if err == nil && actionURL != "" {
+			return formData, actionURL, nil
 		}
-		return formData, actionURL, err
 	}
-	return url.Values{}, "", errors.New("could not find any forms matching the provided IDs")
+
+	// If no form found by id or actionURL in the previous forms, search for any form
+	formData, actionURL, err := extractInputsByFormQuery(doc, "")
+	if err != nil && actionURL != "" {
+		return formData, actionURL, errors.New("could not find any forms with actions")
+	}
+
+	if len(formData) == 0 {
+		return nil, "", errors.New("could not find any forms")
+	}
+
+	// Fallback in case no forms with actionURL were found
+	return formData, actionURL, err
 }
 
 func extractInputsByFormQuery(doc *goquery.Document, formQuery string) (url.Values, string, error) {
diff --git a/pkg/provider/googleapps/googleapps_test.go b/pkg/provider/googleapps/googleapps_test.go
index e7f26345d..f3ee8df22 100644
--- a/pkg/provider/googleapps/googleapps_test.go
+++ b/pkg/provider/googleapps/googleapps_test.go
@@ -79,6 +79,16 @@ func TestContentContainsMessage2(t *testing.T) {
 	require.Equal(t, "This extra step shows that it’s really you trying to sign in", txt)
 }
 
+func TestContentContainsMessage3(t *testing.T) {
+	html := `<html><body><h1>2-Step Verification</h1></body></html>`
+
+	doc, err := goquery.NewDocumentFromReader(strings.NewReader(html))
+	require.Nil(t, err)
+
+	txt := extractNodeText(doc, "h1", "2-Step Verification")
+	require.Equal(t, "2-Step Verification", txt)
+}
+
 func TestPasswordFormChallengeId1(t *testing.T) {
 	data, err := os.ReadFile("example/form-password-challengeid-1.html")
 	require.Nil(t, err)
@@ -133,6 +143,32 @@ func TestPasswordFormChallengeId2(t *testing.T) {
 	require.Empty(t, passwordForm.Get("Passwd"))
 }
 
+func TestPasswordFormChallengeId3(t *testing.T) {
+	data, err := os.ReadFile("example/form-password-challengeid-3.html")
+	require.Nil(t, err)
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write(data)
+	}))
+	defer ts.Close()
+
+	opts := &provider.HTTPClientOptions{IsWithRetries: false}
+	kc := Client{client: &provider.HTTPClient{Client: http.Client{}, Options: opts}}
+	loginDetails := &creds.LoginDetails{URL: ts.URL, Username: "test-id3@example.com", Password: "test123"}
+
+	authForm := url.Values{}
+	authForm.Set("bgresponse", "js_enabled")
+	authForm.Set("identifier", loginDetails.Username)
+
+	passwordURL, passwordForm, err := kc.loadLoginPage(ts.URL, loginDetails.URL+"&hl=en&loc=US", authForm)
+	require.Nil(t, err)
+	require.NotEmpty(t, passwordURL)
+	// check pre-filled email
+	require.NotEmpty(t, passwordForm.Get("identifier"))
+	// check password form
+	require.Empty(t, passwordForm.Get("Passwd"))
+}
+
 func TestChallengePage(t *testing.T) {
 
 	data, err := os.ReadFile("example/challenge-totp.html")

From 6c8220645722f88843628828c8b13c0650ce0398 Mon Sep 17 00:00:00 2001
From: Aaron Cowdin <aaron.cowdin@gmail.com>
Date: Fri, 7 Jun 2024 13:30:11 -0700
Subject: [PATCH 2/2] Add fixes for changes to the captcha process

---
 pkg/provider/googleapps/example/captcha.html | 102 +++++++++++++++++++
 pkg/provider/googleapps/googleapps.go        |   5 +
 2 files changed, 107 insertions(+)
 create mode 100644 pkg/provider/googleapps/example/captcha.html

diff --git a/pkg/provider/googleapps/example/captcha.html b/pkg/provider/googleapps/example/captcha.html
new file mode 100644
index 000000000..07e0e0557
--- /dev/null
+++ b/pkg/provider/googleapps/example/captcha.html
@@ -0,0 +1,102 @@
+<!doctype html>
+<html lang="en" dir="ltr">
+  <head>
+    <title>Sign in - Google Accounts</title>
+  </head>
+  <body>
+    <div class="BDEI9 LZgQXe">
+      <div class="Ha17qf" data-auto-init="Card">
+        <div class="Or16q">
+          <div data-view-id="hm18Ec" data-locale="en" data-allow-sign-up-types="true"><c-wiz jsrenderer="OTcFib" jsshadow jsdata="deferred-i2" data-p="%.@.]" data-node-index="2;0" jsmodel="hc6Ubd" c-wiz>
+              <div class="gEc4r"><img src="//ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png" class="TrZEUc" alt="Google" width="74" height="24"></div>
+              <div class="EQIoSc" jsname="bN97Pc">
+                <div jsname="paFcre">
+                  <div class="aMfydd" jsname="tJHJj">
+                    <h1 class="Tn0LBd" jsname="r4nke">Sign in</h1>
+                    <p class="a2CQh" jsname="VdSJob">Use your Google Account</p>
+                  </div>
+                </div>
+                <form action="/v3/signin/identifier?continue=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;dsh=XXXXXXXXX:YYYYYYYYY&amp;faa=1&amp;flowEntry=ServiceLogin&amp;flowName=WebLiteSignIn&amp;followup=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;hl=en&amp;ifkv=ABCDEFGHIJKLMNOPQRSTUVWXYZ?hl%3Den?hl%3Den" method="POST" novalidate>
+                  <div class="iEhbme" jsname="rEuO1b">
+                    <section class="aN1Vld ">
+                      <div class="yOnVIb" jsname="MZArnb">
+                        <div class="Fu5aXd" jsname="dWPKW">
+                          <div class="Flfooc">
+                            <div class="TRuRhd  YKooDc">
+                              <div class="fjpXlc">
+                                <label class="dXXNOd">
+                                  <input class="xyezD" jsname="Ufn6O" type="email" name="identifier" id="identifierId" value="test-id1@example.com" autofocus autocapitalize="none" autocomplete="username" dir="ltr"/>
+                                  <div class="nWPx2e">
+                                    <div class="YhhY8"></div>
+                                    <div class="CCQ94b">Email or phone</div>
+                                    <div class="tNASEf"></div>
+                                  </div>
+                                </label>
+                              </div>
+                            </div>
+                          </div>
+                          <div class="F3wxlc" jsname="h9d3hd"></div>
+                          <div class="NHVGlc" jsname="JIbuQc"></div>
+                        </div>
+                        <p class="vOZun" jsname="OZNMeb" aria-live="assertive"></p>
+                        <p class="vOZun"><a href="/signin/usernamerecovery?continue=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;dsh=XXXXXXXXX:YYYYYYYYY&amp;faa=1&amp;flowEntry=ServiceLogin&amp;flowName=WebLiteSignIn&amp;followup=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;hl=en&amp;ifkv=ABCDEFGHIJKLMNOPQRSTUVWXYZ?hl%3Den?hl%3Den" jsname="Cuz2Ue">Forgot email?</a></p>
+                        <input type="password" name="hiddenPassword" class="hJIRO" tabindex="-1" aria-hidden="true" spellcheck="false" jsname="RHeR4d">
+                        <div class="ZWssT" data-auto-init="CaptchaInput" jsname="Si5T8b">
+                          <img jsname="O9Milc" alt="CAPTCHA image of text used to distinguish humans from robots" src="/Captcha?v=2&ctoken=super_long_captcha_string" id="captchaimg" class="TrZEUc">
+                          <button class="vopC4e TrZEUc" jsname="A1U4Sb" id="playCaptchaButton" tabindex="0" type="button" aria-label="Listen and type the numbers you hear"><svg aria-hidden="true" class="hZUije JVMrYb" fill="currentColor" focusable="false" width="18px" height="18px" viewBox="0 0 24 24" xmlns="https://www.w3.org/2000/svg"><path d="M3 9v6h4l5 5V4L7 9H3zm13.5 3c0-1.8-1-3.3-2.5-4v8c1.5-.7 2.5-2.2 2.5-4zM14 3.2v2.1c2.9.9 5 3.5 5 6.7s-2.1 5.9-5 6.7v2.1c4-.9 7-4.5 7-8.8s-3-7.9-7-8.8z"></path></svg></button>
+                          <audio jsname="CakGX" src="/Captcha?v=2&ctoken=super_long_captcha_string&kind=audio" type="audio/wav" id="captchaAudio"></audio>
+                          <div class="Fu5aXd Jj6Lae" jsname="jKg4ed">
+                            <div class="Flfooc">
+                              <div class="TRuRhd  YKooDc">
+                                <div class="fjpXlc">
+                                  <label class="dXXNOd">
+                                    <input class="xyezD" jsname="Ufn6O" type="text" name="ca" dir="ltr" aria-invalid="true"/>
+                                    <div class="nWPx2e">
+                                      <div class="YhhY8"></div>
+                                      <div class="CCQ94b">Type the text you hear or see</div>
+                                      <div class="tNASEf"></div>
+                                    </div>
+                                  </label>
+                                </div>
+                              </div>
+                            </div>
+                            <div class="F3wxlc" jsname="h9d3hd">
+                              <div class="EllNBf" aria-hidden="true"><svg aria-hidden="true" class="hZUije SnjiRb" fill="currentColor" focusable="false" width="16px" height="16px" viewBox="0 0 24 24" xmlns="https://www.w3.org/2000/svg"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 15h-2v-2h2v2zm0-4h-2V7h2v6z"></path></svg></div>
+                              <div jsname="B34EJ">
+                                <span jsslot>Please enter the characters you see in the image above</span>
+                              </div>
+                            </div>
+                            <div class="NHVGlc" jsname="JIbuQc"></div>
+                          </div>
+                          <input jsname="SBlSod" type="hidden" name="ct" value="super_long_captcha_string" id="ct">
+                        </div>
+                        <input type="hidden" name="usi" value="XXXXXXXXX:YYYYYYYYY">
+                        <input type="hidden" name="domain" value="">
+                        <input type="hidden" name="region" value="US">
+                        <span jsname="xdJtEf">
+                          <input type="hidden" name="bgresponse" value="js_disabled" id="bgresponse" style="display:none">
+                        </span>
+                        <span jsname="ZVfTqd"></span>
+                      </div>
+                    </section>
+                  </div>
+                  <span jsslot>
+                    <div class="D4rY0b">
+                      <p class="vOZun">Not your computer? Use a private browsing window to sign in. <a href="https://support.google.com/accounts?p=signin_privatebrowsing&amp;hl=en" jsname="JFyozc" target="_blank">Learn more about using Guest mode</a></p>
+                    </div>
+                  </span>
+                  <div class="i2knIc" jsname="DH6Rkf">
+                    <div class="wg0fFb" jsname="DhK0U">
+                      <div class="RhTxBf" jsname="k77Iif"><button name="action" class="JnOM6e TrZEUc rDisVe" value="1" jsname="Njthtb" id="identifierNext">Next</button></div>
+                      <div class="tmMcIf" jsname="QkNstf"><a href="/lifecycle/flows/signup?continue=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;dsh=XXXXXXXXX:YYYYYYYYY&amp;faa=1&amp;flowEntry=SignUp&amp;flowName=GlifWebSignIn&amp;followup=https://accounts.google.com/o/saml2/initsso?idpid%3DXXXXXX%26spid%3DYYYYYY%26forceauthn%3Dfalse%26hl%3Den%26loc%3DUS&amp;hl=en&amp;ifkv=ABCDEFGHIJKLMNOPQRSTUVWXYZ?hl%3Den?hl%3Den" class="JnOM6e TrZEUc kTeh9 KXbQ4b">Create account</a></div>
+                    </div>
+                  </div>
+                  <input type="hidden" name="at" value="VVVVVVVVVVV:ZZZZZZZZZZZZZZZZ">
+                </form>
+              </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </body>
+</html>
diff --git a/pkg/provider/googleapps/googleapps.go b/pkg/provider/googleapps/googleapps.go
index 36a99f953..4afb168f5 100644
--- a/pkg/provider/googleapps/googleapps.go
+++ b/pkg/provider/googleapps/googleapps.go
@@ -88,6 +88,7 @@ func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)
 	captchaInputIds := []string{
 		"logincaptcha",
 		"identifier-captcha-input",
+		"captchaimg",
 	}
 
 	var captchaFound *goquery.Selection
@@ -103,6 +104,10 @@ func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)
 
 	for captchaFound != nil && captchaFound.Length() > 0 {
 		captchaImgDiv := responseDoc.Find(".captcha-img")
+		if captchaImgDiv != nil {
+			captchaImgDiv = responseDoc.Find("div[data-auto-init='CaptchaInput']")
+			captchaInputId = "ca"
+		}
 		captchaPictureSrc, found := goquery.NewDocumentFromNode(captchaImgDiv.Children().Nodes[0]).Attr("src")
 
 		if !found {