PayPal App v5.018 Log In with PayPal is now dead

[peterbuzzin]

PayPal has deprecated the Login with PayPal API and it will no longer work as of this morning, it's officially now Connect with PayPal.  PayPal have made changes and all my stores with the service Log In with PayPal no longer work.

Also the paypalobjects.com/js/external/api.js script used to generate a html <button> which has now been replaced with a styled <A> tag.  I hid this button so I could use my own that and style it how I wanted and used jquery to trigger the hidden button and execute the script.  This now fails because it was still looking for a <button>

I'm looking into this further now and will try to report back with further news.  But if you're wondering why your stores are having less login from this morning or why customers are contacting you saying they can't login, this is why!

This has been a long time coming, why isn't there an update for this already for the official Oscom/PayPal app??

[♥JcMagpie]

Just checked and it's working fine?

[peterbuzzin]

That doesn't look like the standard Login with PayPal dialogue.  Did you click a "Login with PayPal" button for that window to open or did you click "Checkout with PayPal" (Express).

The default button "Login with PayPal" button would have been on the login.php page.  Although that button would now display "Connect with PayPal" because of the changes PayPal have made today.

Edited May 9, 2019 by peterbuzzin

[peterbuzzin]

UPDATE - NOT DEAD... BUT CHANGES REQUIRED

After 3 hours I've discovered what the issue is.  PayPal has removed some of the scope items (information about the visitor that is returned back to the store after PayPal login). 

PayPal no longer provides the following  2 items (tickable within Admin > PayPal App > Configure > Log In ) and if you request it then you'll receive an error message about scope.

• Telephone Number
• Seamless Checkout

[douglaswalker]

hmmm  unticked the 2 you suggested but still will not work

just goes to blank page

 

[peterbuzzin]

16 minutes ago, douglaswalker said:

hmmm  unticked the 2 you suggested but still will not work

just goes to blank page

 

Silly question, but did you click the save button at the bottom of the page after you unticked Telephone and Seamless?

I'm working on an updated paypal_login.php content module that uses the new Connect with PayPal API paypalobjects.com/js/external/connect/api.js instead of the old paypalobjects.com/js/external/api.js because if I know PayPal it won't be long before they withdraw that.

[peterbuzzin]

1 hour ago, douglaswalker said:

hmmm  unticked the 2 you suggested but still will not work

just goes to blank page

 

I can confirm this is a problem now.  I've tested on another store and it does indeed display a white page.  I think this is related to Seamless checkout being removed and there's a javascript redirect placed in the <head> tags which doesn't work because it thinks it's in a popup window and not a full page window.

I'll provide a fix for this also in a while.

[Roaddoctor]

confirmed - blank page.

[douglaswalker]

Hi there

i think also the issue is we have to get permission to run the app on our sites... at least this is what it was telling me at PayPal developer.

 

[peterbuzzin]

Ok here are the fixes.

The fixes have been based on an unmodified default install of osCommerce v2.3.4.1.  Backup before making changes, this is provided as is and any changes you make are done so at your own risk (no responsibility accepted here).  Unfortunately I don't have available time to help with any customisation but if there are any errors with the code below I'm happy to correct them.

First of all in your store admin, make sure Telephone Number and Seamless Checkout is unticked, then save the settings. 

Note: Possible ongoing problems.  Seamless checkout previously allowed users who have logged in via "Log In with PayPal" to continue to make payment without logging in again.  As PayPal has removed Seamless as a scope item I'm not sure if customers will have to login again to PayPal once they get to payment method selection or click a Checkout with PayPal button.  The new connect/api.js may compensate for this automatically but I haven't tested that far yet so cannot comment either way.

In includes/modules/content/login/templates/paypal_login starting line 18

Find:

<script type="text/javascript" src="https://www.paypalobjects.com/js/external/api.js"></script>
<script type="text/javascript">
paypal.use( ["login"], function(login) {
  login.render ({

<?php
  if ( OSCOM_APP_PAYPAL_LOGIN_STATUS == '0' ) {
    echo '    "authend": "sandbox",';
  }

  if ( OSCOM_APP_PAYPAL_LOGIN_THEME == 'Neutral' ) {
    echo '    "theme": "neutral",';
  }
?>

    "locale": "<?php echo $cm_paypal_login->_app->getDef('module_login_language_locale'); ?>",
    "appid": "<?php echo (OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') ? OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID : OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID; ?>",
    "scopes": "<?php echo implode(' ', $use_scopes); ?>",
    "containerid": "PayPalLoginButton",
    "returnurl": "<?php echo str_replace('&amp;', '&', tep_href_link(FILENAME_LOGIN, 'action=paypal_login', 'SSL', false)); ?>"
  });
});
</script>

Replace with:

<script type="text/javascript" src="https://www.paypalobjects.com/js/external/connect/api.js"></script>
<script type="text/javascript">
paypal.use( ["login"], function(login) {
  login.render ({

<?php
  if ( OSCOM_APP_PAYPAL_LOGIN_STATUS == '0' ) {
    echo '    "authend": "sandbox",';
  }

  if ( OSCOM_APP_PAYPAL_LOGIN_THEME == 'Neutral' ) {
    echo '    "theme": "neutral",';
  }
?>

    "responseType" : "code id_Token",
    "locale": "<?php echo $cm_paypal_login->_app->getDef('module_login_language_locale'); ?>",
    "appid": "<?php echo (OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') ? OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID : OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID; ?>",
    "scopes": "<?php echo implode(' ', $use_scopes); ?>",
    "buttonType" : "CWP",
    "buttonShape" : "rectangle",
    "buttonSize" : "md",
    "fullPage" : "false",
    "containerid": "PayPalLoginButton",
    "returnurl": "<?php echo str_replace('&', '&', tep_href_link(FILENAME_LOGIN, 'action=paypal_login', 'SSL', false)); ?>"
  });
});
</script>

In includes/modules/content/login/cm_paypal_login.php on line 259 (to prevent a blank/white screen once a user has logged in via PayPal when returning to the store).

Find:

echo '<script>window.opener.location.href="' . str_replace('&amp;', '&', $return_url) . '";window.close();</script>';

Replace with:

echo '<script>
		if( typeof window.opener === \'undefined\' || window.opener === null ){
			window.location.href="' . str_replace('&', '&', $return_url) . '";
		}else{
			window.opener.location.href="' . str_replace('&', '&', $return_url) . '";
			window.close();
		}
	</script>';

 

Edited May 9, 2019 by peterbuzzin

[douglaswalker]

at the developer site

Important: Full name is approved by default. Sharing all other customer data requires approval through the app review process. Please send your app review request to help-loginappreview@paypal.com. The request must include the following:

1. Client ID of your live app
2. Description of your app/site - please include screen shots or site URL and a short explanation of what the app/site is about
3. Detailed description of how your app will use the Connect with PayPal (formerly Log In with PayPal) feature
4. List of the scope attributes you’d like to enable
5. Description of how you will use each scope attribute, how it will benefit your users and why it's necessary for app's functionality

Requests with partial information cannot be reviewed, and approval will be delayed until the full information is obtained. The app review process typically takes 7-10 days.

[peterbuzzin]

7 minutes ago, douglaswalker said:

at the developer site

Important: Full name i....

....and approval will be delayed until the full information is obtained. The app review process typically takes 7-10 days.

This is unrelated, if you haven't requested with PayPal for your client ID to be approved with the scope needed then it wont work anyway.  This is just missing an step in the normal setup essentially if this is the reason your "Log In with PayPal" isn't working.

The problem I posted is after this stage, either for stores who's client ID's "Log In with PayPal" App's were working or for stores in development using sandbox.

[douglaswalker]

I think I set this up originally before approvals were required.. Your changes have fixed my problem.

thank-you.

[Roaddoctor]

Question, I see you changed 3 instances of

 str_replace('&amp;', '&',

to

 str_replace('&', '&',

is that correct? seems odd

[peterbuzzin]

43 minutes ago, Roaddoctor said:

Question, I see you changed 3 instances of

 str_replace('&amp;', '&',

to

 str_replace('&', '&',

is that correct? seems odd

Hi, you are entirely correct, well spotted and that is odd!  When using the code tags in this forum, if you edit the content of a code tag after setting it (which I did a few times), it translates the &amp; into &.  Annoying!!

Correct code below, unfortunately the forum isn't allowing me to edit my posts any longer.

ANYONE READING THIS FOR THE FIRST TIME USE THE INSTRUCTIONS AND CODE BELOW AND NOT THE CODE ABOVE

First of all in your store admin, make sure Telephone Number and Seamless Checkout is unticked, then save the settings. 

Note: Possible ongoing problems.  Seamless checkout previously allowed users who have logged in via "Log In with PayPal" to continue to make payment without logging in again.  As PayPal has removed Seamless as a scope item I'm not sure if customers will have to login again to PayPal once they get to payment method selection or click a Checkout with PayPal button.  The new connect/api.js may compensate for this automatically but I haven't tested that far yet so cannot comment either way.

In includes/modules/content/login/templates/paypal_login starting line 18

Find:

<script type="text/javascript" src="https://www.paypalobjects.com/js/external/api.js"></script>
<script type="text/javascript">
paypal.use( ["login"], function(login) {
  login.render ({

<?php
  if ( OSCOM_APP_PAYPAL_LOGIN_STATUS == '0' ) {
    echo '    "authend": "sandbox",';
  }

  if ( OSCOM_APP_PAYPAL_LOGIN_THEME == 'Neutral' ) {
    echo '    "theme": "neutral",';
  }
?>

    "locale": "<?php echo $cm_paypal_login->_app->getDef('module_login_language_locale'); ?>",
    "appid": "<?php echo (OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') ? OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID : OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID; ?>",
    "scopes": "<?php echo implode(' ', $use_scopes); ?>",
    "containerid": "PayPalLoginButton",
    "returnurl": "<?php echo str_replace('&amp;', '&', tep_href_link(FILENAME_LOGIN, 'action=paypal_login', 'SSL', false)); ?>"
  });
});
</script>

Replace with:

<script type="text/javascript" src="https://www.paypalobjects.com/js/external/connect/api.js"></script>
<script type="text/javascript">
paypal.use( ["login"], function(login) {
  login.render ({

<?php
  if ( OSCOM_APP_PAYPAL_LOGIN_STATUS == '0' ) {
    echo '    "authend": "sandbox",';
  }

  if ( OSCOM_APP_PAYPAL_LOGIN_THEME == 'Neutral' ) {
    echo '    "theme": "neutral",';
  }
?>

    "responseType" : "code id_Token",
    "locale": "<?php echo $cm_paypal_login->_app->getDef('module_login_language_locale'); ?>",
    "appid": "<?php echo (OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') ? OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID : OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID; ?>",
    "scopes": "<?php echo implode(' ', $use_scopes); ?>",
    "buttonType" : "CWP",
    "buttonShape" : "rectangle",
    "buttonSize" : "md",
    "fullPage" : "false",
    "containerid": "PayPalLoginButton",
    "returnurl": "<?php echo str_replace('&amp;', '&', tep_href_link(FILENAME_LOGIN, 'action=paypal_login', 'SSL', false)); ?>"
  });
});
</script>

 

In includes/modules/content/login/cm_paypal_login.php on line 259 (to prevent a blank/white screen once a user has logged in via PayPal when returning to the store).

Find:

echo '<script>window.opener.location.href="' . str_replace('&amp;', '&', $return_url) . '";window.close();</script>';

Replace with:

echo '<script>
		if( typeof window.opener === \'undefined\' || window.opener === null ){
			window.location.href="' . str_replace('&amp;', '&', $return_url) . '";
		}else{
			window.opener.location.href="' . str_replace('&amp;', '&', $return_url) . '";
			window.close();
		}
	</script>';

 

[peterbuzzin]

1 hour ago, douglaswalker said:

I think I set this up originally before approvals were required.. Your changes have fixed my problem.

thank-you.

Please see my last post above.  The forum changed 3 items of code when posting and may produce unpredictable results if left as is.

Edited May 9, 2019 by peterbuzzin

[♥Smoky Barnable]

Thanks for this fix, it works for me. I notice when the login box pops up the background redirects to homepage.

[peterbuzzin]

53 minutes ago, Smoky Barnable said:

Thanks for this fix, it works for me. I notice when the login box pops up the background redirects to homepage.

It does indeed! 

The link generated by PayPal is dynamically produced from code and then inserted in the page on load.  The link is something like <a id="LIwPP41972473" class="LIwPP_V2 PPBlue_V2 CWPP_rectangle CWPP_medium" text="Connect with PayPal" href="#"><lots of code in here></a>.

Unfortunately because that link and html is generated at PayPal and sent back to the store there's not a lot that can be done to it.  Notice the href="#" in the a tag?  That's what's making it go to the homepage because the <base href="https://www.exoticincense.com/"> (in your case) is set to the domain root and relative URL's will always combine with the base href giving you https://www.exoticincense.com/#.  You can't change this as it will break your CSS, JS and image paths etc.

The second theory is that it's being done via PayPal javascript, but again because it's all generated by PayPal it's a lot of time/effort to look into and possibly change and my priority was to get it working again.  However, things like this do trigger my OCD, so you never know I may update the post at some point with a workaround lol.

[MrPhil]

I am looking at this patch and considering whether to include it with the Frozen patch set I maintain. The first file may have had a name change (to tpl_cm_paypal_login.php) and the code now starts 3 lines later (21 instead of 18), but other than that, it's only a hard-coded file name ('login.php' instead of FILENAME_LOGIN) that's the difference (as expected). The second file seems to match up OK.

As Frozen still ships with PayPal 5.010, does anyone know if it's safe to put this patch in? Do you need to update to 5.018 first? Perhaps I should wait until someone figures out the changes needed for Frozen patches to be PayPal 5.018 as-installed, and then add in these fixes, unless someone can state for sure that it works for 5.010 (and won't interfere with upgrading to 5.018). Does Edge ship with PayPal 5.018? If it does, I could compare files between Frozen and Edge and generate a patch for that.

[douglaswalker]

thanks for this... and the 2nd change

 

[peterbuzzin]

12 hours ago, MrPhil said:

I am looking at this patch and considering whether to include it with the Frozen patch set I maintain. The first file may have had a name change (to tpl_cm_paypal_login.php) and the code now starts 3 lines later (21 instead of 18), but other than that, it's only a hard-coded file name ('login.php' instead of FILENAME_LOGIN) that's the difference (as expected). The second file seems to match up OK.

As Frozen still ships with PayPal 5.010, does anyone know if it's safe to put this patch in? Do you need to update to 5.018 first? Perhaps I should wait until someone figures out the changes needed for Frozen patches to be PayPal 5.018 as-installed, and then add in these fixes, unless someone can state for sure that it works for 5.010 (and won't interfere with upgrading to 5.018). Does Edge ship with PayPal 5.018? If it does, I could compare files between Frozen and Edge and generate a patch for that.

Hi MrPhil,

If you need assistance, could you create a separate topic for it and provide the files, I may have time to look at it.  This is intended for the default PayPal App v5.018 as found here https://apps.oscommerce.com/fZMiN&paypal-app (although you can't actually download v5.018 from here you have to auto-update once installed which has always bugged me, every version should be available on there. And another annoyance is when you download osCommerce 2.3.4.1 it doesn't come with the PayPal App). 

This will help keep this topic on point and prevent others who might be less technical from getting the code mixed up/confused.

[MrPhil]

Pete, "Frozen" has PayPal Pro built in -- it doesn't use the paypal-app you linked to. However, it's at 5.010, so my concern is whether you need to install, configure, upgrade, and then apply the patches above, or if the Frozen files could be updated ahead of time (via my Frozen patch). The best would be to update Frozen (via patches) to PayPal 5.018 so that when installed, it's there (along with the patches above). No further manual operations for the store owner. I will try to find a Frozen implementation that's been updated to 5.018, and compare files, and see if I can first update my Frozen patches to 5.018, then apply the patches found above. That would be the most desirable thing for anyone using Frozen.

Update: I've started looking at the PayPal app vs. what's in Frozen. A lot of the differences in Frozen are trivial stuff -- use of $_GET/$_POST, __construct, hard coded file and table names, etc. However, it looks like Frozen is still at PayPal 4.039 while the app is 5.010. There are a lot of non-trivial differences between the two that will take some thinking about (which one is correct to use). Then, there is still the issue of various fixes proposed in this and other threads, and whether they can be applied to 5.010, and whether it's possible to upgrade Frozen to have 5.018 out of the box. (does the "upgrade" change the PHP files?) This is not going to be quick.

Edited May 16, 2019 by MrPhil
Frozen is older PayPal app

[peterbuzzin]

Hi Phil,

I'm not familiar with Frozen/patches but I'm sure it's/they're not too different.  First question: can PayPal in Frozen auto-update like it can in the default/stock osC PayPal App?  If it can then the change is likely to be overwritten at some point.  If there's updates available it would be a good idea to update first and then apply the changes for the fix and then apply them to the repository of where the codebase lives for auto-update.

I'm happy to look over this and use my code comparison tools.

Again not familiar with Frozen but generally with osC it's best not to use naked $_POST/$_GET in code (as you're probably aware already) and as long as application_top.php is loaded before the PayPal files then those variables will available via $HTTP_POST_VARS and $HTTP_GET_VARS as declared by includes/functions/compatibility.php which also escapes special characters if need be.

[MrPhil]

On 5/16/2019 at 5:11 AM, peterbuzzin said:

Hi Phil,

I'm not familiar with Frozen/patches but I'm sure it's/they're not too different.  First question: can PayPal in Frozen auto-update like it can in the default/stock osC PayPal App?  If it can then the change is likely to be overwritten at some point.  If there's updates available it would be a good idea to update first and then apply the changes for the fix and then apply them to the repository of where the codebase lives for auto-update.

I'm happy to look over this and use my code comparison tools.

Again not familiar with Frozen but generally with osC it's best not to use naked $_POST/$_GET in code (as you're probably aware already) and as long as application_top.php is loaded before the PayPal files then those variables will available via $HTTP_POST_VARS and $HTTP_GET_VARS as declared by includes/functions/compatibility.php which also escapes special characters if need be.

Yes, Frozen's PayPal (it appears to be an earlier version of the PP app built right in) has a working Update button. I'm still looking at the differences, and where the code will come from upon pressing the Update button. I'm also concerned about a future update (say, beyond 5.018) regressing to incompatible code (e.g., expecting $HTTP_POST_VARS, etc.). If it's code maintained by HPDL, that's a very real possibility. If it's from PayPal, it still might happen.

"best not to use naked $_POST/$_GET"  could you offer some justification for that? It's been generally agreed upon that maintaining the old HTTP_ arrays is a bad thing, and one of the things @burt has been doing in the "BS" versions is changing all of them to the modern $_POST and $_GET forms. It would be stunning to discover that was a bad move!

[greasemonkey]

On 5/9/2019 at 11:03 AM, peterbuzzin said:

Hi, you are entirely correct, well spotted and that is odd!  When using the code tags in this forum, if you edit the content of a code tag after setting it (which I did a few times), it translates the &amp; into &.  Annoying!!

Correct code below, unfortunately the forum isn't allowing me to edit my posts any longer.

ANYONE READING THIS FOR THE FIRST TIME USE THE INSTRUCTIONS AND CODE BELOW AND NOT THE CODE ABOVE

First of all in your store admin, make sure Telephone Number and Seamless Checkout is unticked, then save the settings. 

Note: Possible ongoing problems.  Seamless checkout previously allowed users who have logged in via "Log In with PayPal" to continue to make payment without logging in again.  As PayPal has removed Seamless as a scope item I'm not sure if customers will have to login again to PayPal once they get to payment method selection or click a Checkout with PayPal button.  The new connect/api.js may compensate for this automatically but I haven't tested that far yet so cannot comment either way.

In includes/modules/content/login/templates/paypal_login starting line 18

Find:

<script type="text/javascript" src="https://www.paypalobjects.com/js/external/api.js"></script>
<script type="text/javascript">
paypal.use( ["login"], function(login) {
  login.render ({

<?php
  if ( OSCOM_APP_PAYPAL_LOGIN_STATUS == '0' ) {
    echo '    "authend": "sandbox",';
  }

  if ( OSCOM_APP_PAYPAL_LOGIN_THEME == 'Neutral' ) {
    echo '    "theme": "neutral",';
  }
?>

    "locale": "<?php echo $cm_paypal_login->_app->getDef('module_login_language_locale'); ?>",
    "appid": "<?php echo (OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') ? OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID : OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID; ?>",
    "scopes": "<?php echo implode(' ', $use_scopes); ?>",
    "containerid": "PayPalLoginButton",
    "returnurl": "<?php echo str_replace('&amp;', '&', tep_href_link(FILENAME_LOGIN, 'action=paypal_login', 'SSL', false)); ?>"
  });
});
</script>

Replace with:

<script type="text/javascript" src="https://www.paypalobjects.com/js/external/connect/api.js"></script>
<script type="text/javascript">
paypal.use( ["login"], function(login) {
  login.render ({

<?php
  if ( OSCOM_APP_PAYPAL_LOGIN_STATUS == '0' ) {
    echo '    "authend": "sandbox",';
  }

  if ( OSCOM_APP_PAYPAL_LOGIN_THEME == 'Neutral' ) {
    echo '    "theme": "neutral",';
  }
?>

    "responseType" : "code id_Token",
    "locale": "<?php echo $cm_paypal_login->_app->getDef('module_login_language_locale'); ?>",
    "appid": "<?php echo (OSCOM_APP_PAYPAL_LOGIN_STATUS == '1') ? OSCOM_APP_PAYPAL_LOGIN_LIVE_CLIENT_ID : OSCOM_APP_PAYPAL_LOGIN_SANDBOX_CLIENT_ID; ?>",
    "scopes": "<?php echo implode(' ', $use_scopes); ?>",
    "buttonType" : "CWP",
    "buttonShape" : "rectangle",
    "buttonSize" : "md",
    "fullPage" : "false",
    "containerid": "PayPalLoginButton",
    "returnurl": "<?php echo str_replace('&amp;', '&', tep_href_link(FILENAME_LOGIN, 'action=paypal_login', 'SSL', false)); ?>"
  });
});
</script>

 

In includes/modules/content/login/cm_paypal_login.php on line 259 (to prevent a blank/white screen once a user has logged in via PayPal when returning to the store).

Find:

echo '<script>window.opener.location.href="' . str_replace('&amp;', '&', $return_url) . '";window.close();</script>';

Replace with:

echo '<script>
		if( typeof window.opener === \'undefined\' || window.opener === null ){
			window.location.href="' . str_replace('&amp;', '&', $return_url) . '";
		}else{
			window.opener.location.href="' . str_replace('&amp;', '&', $return_url) . '";
			window.close();
		}
	</script>';

 

@peterbuzzin worked perfect..... @Harald Ponce de Leon the PayPal app needs updating... as I'm sure you are aware.