Closed Sembauke closed 1 year ago
ThexXTURBOXx
commented
1 year ago Good question. I would think that it will not work out of the box. However, a workaround could be either implementing the native way of authentication or just opening the browser instead of a custom tab.
rafalbednarczuk
commented
1 year ago The article says that on Android, webviews shouldn't be allowed for handling OAuth2 and Android Custom tabs should be used instead.
From what I see inside android plugin implementation, Android Custom tabs are used, so using this plugin should be allowed after February 6, 2023.
val intent = CustomTabsIntent.Builder().build()
val keepAliveIntent = Intent(context, KeepAliveService::class.java)
intent.intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP or Intent.FLAG_ACTIVITY_NEW_TASK)
if (preferEphemeral) {
intent.intent.addFlags(Intent.FLAG_ACTIVITY_NO_HISTORY)
}
intent.intent.putExtra("android.support.customtabs.extra.KEEP_ALIVE", keepAliveIntent)
intent.launchUrl(context!!, url)Moreover, the article explains how to test if the authentication is compatible with the incoming changes.
To test it, use google OAuth2 with disallow_webview=true parameter. I tested google authorization process with disallow_webview parameter and it works fine.
I think this issue can be closed.
ThexXTURBOXx
commented
1 year ago @rafalbednarczuk That's exactly what I thought. Thanks for confirming that! I will close this issue then :)
Hey I have been using a WebView to login my users in through Google.
Google will disallow login in with WebViews through auth0 on February 6, 2023.
This is an outdated link but might still be relevant: https://developers.googleblog.com/2021/06/upcoming-security-changes-to-googles-oauth-2.0-authorization-endpoint.html
Will logging in through Auth0 still be allowed through this plugin, if yes, why?