Google SSO Error: Disallowed User Agent

[mariusbolik]

Hello,

I am using the Browser to display an Open ID Login Page. Sadly, Google blocks the Browser by it's user agent. I know I can set headers, but the only persist for the first request. The google sign in screen comes after a redirect. Is there a way you can fix that?

Kind regards, Marius

Edit: Error appears on iOS and Android.

[OnlinePage]

@mariusbolik same here😔

[OnlinePage]

@riderx can we have some update on it?

[riderx]

Can you provide a reproduction repo ? it will be a bit hard to find a solution for this i believe so a bit of help will be super useful

[mariusbolik]

Oh yes, sure! Maybe it's easier for you if I just provide a code snipped:

await InAppBrowser.openWebView({
  title: 'Login',
  url: 'https://dashboard.clerk.com/sign-in',
  toolbarType: ToolBarType.NAVIGATION
});

When you click on "Continue with Google" it shows the error. If you still need a Demo Project, please let me know!

Thank you!

[mariusbolik]

Some links that clould help:

• https://github.com/RocketChat/Rocket.Chat.Cordova/issues/159
• https://forum.ionicframework.com/t/disallowed-useragent-using-google-oauth/232772
• https://www.reddit.com/r/ionic/comments/xyzx44/getting_error_403_disallowed_useragent_on_ionic/

[mariusbolik]

Android:

• System Browser: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36 - Works ✅
• Your Browser: Mozilla/5.0 (Linux; Android 13; SM-A528B Build/TP1A.220624.01WV) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/115.0.5790.13 Mobile Safari/537.36 - Does not work 🚫

iOS

• System Browser: Mozilla/5.0 (iPhone; CPU iPhone OS16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Mobile/15E148 Safari/604.1 - Works ✅
• Your Browser: Mozilla/5.0 (iPhone; CPU iPhone OS16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 - Does not work 🚫

Seems like google does not allow the exact device model name in the user agent string. For iOS I don't know yet what faces the problem.

[riderx]

/bounty 50

[algora-pbc[bot]]

💎 $50 bounty created by riderx 🙋 If you start working on this, comment /attempt #66 to notify everyone 👉 To claim this bounty, submit a pull request that includes the text /claim #66 somewhere in its body 📝 Before proceeding, please make sure you can receive payouts in your country 💵 Payment arrives in your account 2-5 days after the bounty is rewarded 💯 You keep 100% of the bounty award ℹ️ If something is not clear ask before working on it, otherwise your chance to rework it is high 👨‍👩‍👧‍👦 Join the Discord to get help 📏 Check all Bounty rules 🙏 Thank you for contributing to Cap-go/capacitor-inappbrowser!

Attempt	Started (GMT+0)	Solution
🟢 @neo773	Sep 2, 2023, 2:55:23 PM	#80

[algora-pbc[bot]]

💡 @neo773 submitted a pull request that claims the bounty. You can visit your org dashboard to reward.

[neo773]

/attempt #66

Options

• Cancel my attempt

[algora-pbc[bot]]

🎉🎈 @neo773 has been awarded $50! 🎈🎊

[jaderinoo]

Has this issue been resolved? I noticed that the package was updated to version 1.2.7. I gave it a try using the iOS simulator, but unfortunately, I'm still encountering the disallowed_useragent error.

[neo773]

@jaderinoo That's odd, have you ruled out cached packages by running npx cap sync ios ?

[jaderinoo]

Yes, I've also gone through and checked the version in the files, and they're all pointing to 1.2.7.

[neo773]

@jaderinoo I see, I'll look into it further in morning. Also what iOS version were you running?

[jaderinoo]

@neo773 Thanks for being so quick about it. The simulator is running ios 17.0.

[jaderinoo]

@neo773 Any update on this?

[neo773]

@jaderinoo

https://github.com/Cap-go/capacitor-inappbrowser/assets/62795688/f3a8b7f1-ec4c-47c2-87d5-4b1c568e9d38

Hey, I just tested it, I'm unable to reproduce it on my end. Maybe you're using a bad user-agent

Could you try with mine?

 InAppBrowser.openWebView({
  title: 'Login',
  url: 'https://dashboard.clerk.com/sign-in',
  toolbarType: ToolBarType.NAVIGATION,
  headers: {
    'user-agent': `Mozilla/5.0 (iPhone; CPU iPhone OS16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Mobile/15E148 Safari/604.1`
  }
});

[jaderinoo]

@neo773 Thanks for the tip, I’ll check it out a little later.

[mariusbolik]

Shouldn't it work out of the box without setting a user agent? If I am using the standard iOS In-App-Browser it also works out of the box.

[jaderinoo]

@mariusbolik That's what I had expected as well

[neo773]

That's just standard WKWebView behavior. Remember, WKWebView !== Safari. Although they may appear similar on the surface, they have many differences under the hood.

The default user-agent on the left is from Safari, while the one on the right is from WKWebView. This issue has nothing to do with the library, which is why you are getting the disallowed_useragent when a custom user-agent isn't set.

[jaderinoo]

@neo773 I get what you're saying, but how would one handle this in production? I tested using the custom user agent you posted and that works just fine, but how would we handle this on different devices?

[neo773]

@jaderinoo What do you mean by “different devices” all iPhones have same user agent it doesn’t reveals the exact iPhone model. So a hardcoded one should work perfectly fine in production.

[jaderinoo]

@neo773 Sorry, I should've been more specific. I'm building my app for web, android, and ios. So, in this case, I'd be using the same useragent for all 3 unless I specify presets for each platform.

[neo773]

@jaderinoo Does using Capacitor’s native APIs to detect the platform and setting the user-agent conditionally not work for you?

https://www.npmjs.com/package/@capacitor/device#interfaces

[jaderinoo]

@neo773 I'll give that a shot, it's been a long week and I've been fogged up a bit. Not sure why I didn't think of this.

[mariusbolik]

Just a friendly reminder that this issue still isn't fixed. The problem is, that this browser does not work with OAuth out of the box. Yes, it's possible to set a custom user agent, but it would be great if the browser would work with OAuth without further configuration :)

[OnlinePage]

@mariusbolik ya , for this in app browser Google shows insecure or if u use custom user agents then, you have to login fresh for Google account (device account won't show up).😕