OAuth requests to Google in embedded browsers
In the coming months, Google will no longer allow OAuth requests in embedded browsers. In our projects we are using Awesomium as a web component and I actually do not know If this change will also affect our services. Google says:
Starting October 20, 2016, we will prevent new OAuth clients from using web-views on platforms with a viable alternative, and will phase in user-facing notices for existing OAuth clients.
Now I do not see any user-facing notices. Could anyone tell me how them looks like? How can I test my services if they are ready?
Currently we're only seeing them in iOS embedded views on Google's "consent page." The consent page is where you have accept the application's request to access your Google user information.
The blog post you cited above has been updated to say, "On March 1, 2017 we will post the same notification on the Android consent page."
We've been able to simulate it internally by spoofing the user-agent from the web views.
FWIW, the page also indicates this is going to break for macOS and Windows applications too, but there's no indication of any dates for messaging.
Here's a sample image of the messaging:
- 3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
- Apim policy to validat token for b2b and as well as b2c tenant token endpoints
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Google APIs Console - missing client secret
- Automating access token refreshing via interceptors in axios
- Supabase does not append code parameter to the redirect URL after OAuth login
- How/why is login page redirect required?
- Where can I find a list of scopes for Google's OAuth 2.0 API?
- Using ASP.Net Core Identity in parallel with OpenIdConnect OAuth2
- Spring security JWT without OAuth
- Add OAuth authentication for HTTP request triggers
- Get email, phone, etc from OAuth2 login
- BFF pattern for native apps in OAuth 2.0?
- Why is PKCE `code_verifier` calculated server-side in BFF pattern?
- Apache strips down "Authorization" header
- Fake Firebase Auth Tokens for Test Environment
- Access Not Configured for Google OAUTH Login
- Authenticating to Microsoft 365 SMTP servers via OAuth2 only works for users without MFA
- Getting user data through an Azure AD OAuth login - React Native Expo App
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- spring oauth client (v6.4.2): does not redirect to oauth-server
- NextJs: server component vs server action
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- DelegateAuthenticationProvider not found after updating Microsoft Graph
- How to generate and pass CSRF token for a route in spring cloud gateway with Spring Security
- How to set up an (Azure) OAuth2 application for personal Outlook.com accounts (Exchange) for usage with exchangelib?
- Is there a raw Http request way of OAuth2ing with Google?
- What is the purpose of the 'state' parameter in OAuth authorization request
- AWS API Gateway Access vs Id Token