search

EddyVerbruggen / cordova-plugin-googleplus

:heavy_plus_sign: Cordova plugin to login with Google Sign-In on iOS and Android
567 stars 630 forks source link

Question about Google dropping support for sign-ins to Google accounts from embedded browsers #719

Open mirko77 opened 3 years ago

mirko77 commented 3 years ago

Dear All,

We got an email from Google saying they identified the use of an authentication flow from an embedded browser in our app which uses this plugin for authentication, version 7.0.2.

We have detected the use of an embedded browser framework with one or more of your OAuth clients that may be blocked on or after January 4, 2021. Please review your use of Google Account authorization flows in the following Google OAuth client IDs and make any required changes before January 4, 2021

Is this plugin the cause? I thought it was not using the in-app browser approach anymore, could anyone confirm that? Any suggestions?

is #311 related?

Thanks

Balti2016 commented 3 years ago

Have also received the same email, did you find, any solution

nexneo commented 3 years ago

@mirko77 @Balti2016 We also received same and I was under impression this plugin doesn't use embedded browser for authentication. Did you found any solution?

mirko77 commented 3 years ago

@nexneo by looking at Google Analytics, we found a few users accessing our web app by using an embedded browser, which probably caused the email from Google. It does not seem related to this plugin.

Balti2016 commented 3 years ago

@nexneo by looking at Google Analytics, we found a few users accessing our web app by using an embedded browser, which probably caused the email from Google. It does not seem related to this plugin.

Thanks for the reply, we have also found embedded browser(webview) usage in web app, in google analytics. But we were not sure, what specifically we had to look at in google analytics. As we thought, webview usage is to be expected, especially if users open web app, from within inapp browsers of apps like telegram or twitter. As we thought, if that was the issue, then more people be should be getting this mail(have to admit, we are assuming this issue is not very widespread). We did find that we were using an oauth webclient id, when calling the plugin, to additionally recieve id token from google.

nexneo commented 3 years ago

@nexneo by looking at Google Analytics, we found a few users accessing our web app by using an embedded browser, which probably caused the email from Google. It does not seem related to this plugin.

Thank you!