Bug 467900

Summary: Security concern for login in with KDE Online Accounts
Product: [Frameworks and Libraries] kio-gdrive Reporter: silocoder
Component: generalAssignee: Elvis Angelaccio <elvis.angelaccio>
Status: REPORTED ---    
Severity: wishlist CC: openmindead, silocoder
Priority: NOR    
Version First Reported In: 22.08.1   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: KDE Online Account popup hard to identify target or browser.

Description silocoder 2023-03-28 21:09:55 UTC 
Created attachment 157675 [details]
KDE Online Account popup hard to identify target or browser.

The issue is when I want to connect KDE Online Accounts and I get what looks like the Google login page. The login page should be a separate browser based window showing the complete google url that you want to use to connect. Currently it is just a plain popup which means I have no way of trusting it with my password that in fact it is KDE's Online Accounts popup or someone else's man in the middle popup as KDE.

Here is the example signup window I am talking about:
[url]https://ibb.co/HNkMLFd[/url]

Normally when I connect accounts using google, Chrome or some other legit browser pops up with the full URL displayed at the top that you can verify the request is going to Google for authentication.

I think it should looks something like this. Notice how it is a browser window with full URL in display.
https://ibb.co/zm53QT8

Is there possibly another way to connect the KDE Online Account that clearly shows a legitimate browser and it's URL.