Closed Sembauke closed 1 year ago
Good question. I would think that it will not work out of the box. However, a workaround could be either implementing the native way of authentication or just opening the browser instead of a custom tab.
The article says that on Android, webviews shouldn't be allowed for handling OAuth2 and Android Custom tabs should be used instead.
From what I see inside android plugin implementation, Android Custom tabs are used, so using this plugin should be allowed after February 6, 2023.
val intent = CustomTabsIntent.Builder().build()
val keepAliveIntent = Intent(context, KeepAliveService::class.java)
intent.intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP or Intent.FLAG_ACTIVITY_NEW_TASK)
if (preferEphemeral) {
intent.intent.addFlags(Intent.FLAG_ACTIVITY_NO_HISTORY)
}
intent.intent.putExtra("android.support.customtabs.extra.KEEP_ALIVE", keepAliveIntent)
intent.launchUrl(context!!, url)
Moreover, the article explains how to test if the authentication is compatible with the incoming changes.
To test it, use google OAuth2 with disallow_webview=true
parameter. I tested google authorization process with disallow_webview
parameter and it works fine.
I think this issue can be closed.
@rafalbednarczuk That's exactly what I thought. Thanks for confirming that! I will close this issue then :)
Hey I have been using a WebView to login my users in through Google.
Google will disallow login in with WebViews through auth0 on February 6, 2023.
This is an outdated link but might still be relevant: https://developers.googleblog.com/2021/06/upcoming-security-changes-to-googles-oauth-2.0-authorization-endpoint.html
Will logging in through Auth0 still be allowed through this plugin, if yes, why?