Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

getting 403 disallowed user agent in Auth0 Lock for Android

integrated Auth0 login in my android application. for this integration i am following this one https://auth0.com/docs/libraries/lock-android

its work fine previously, but now i am facing 403 disallowed user while click on google.

while i am searching in google i found this: Google since april 20 decided to block access from embedded webviews for security purposes thats why Auth0 login with google fails.

iOS guys fixed the same issue using:

but didn't find this in android

how to resolve this. any have idea on this.

my piece of code:

compile 'com.auth0.android:lock:2.+'

Auth0 auth0 = new Auth0(getString(R.string.auth0_client_id), getString(R.string.auth0_domain));
            mLock = Lock.newBuilder(auth0, mCallback)
                    //Add parameters to the builder
                    .closable(true)
                    .build(this);
            startActivity(mLock.newIntent(this));

private LockCallback callback = new AuthenticationCallback() {
       @Override
       public void onAuthentication(Credentials credentials) {
          //Authenticated
       }

       @Override
       public void onCanceled() {
          //User pressed back
       }

       @Override
       public void onError(LockException error) {
          //Exception occurred
       }
   };

manifest:

<activity
  android:name="com.auth0.android.lock.LockActivity"
  android:label="@string/app_name"
  android:launchMode="singleTask"
  android:screenOrientation="portrait"
  android:theme="@style/MyLock.Theme">
    <intent-filter>
      <action android:name="android.intent.action.VIEW" />

      <category android:name="android.intent.category.DEFAULT" />
      <category android:name="android.intent.category.BROWSABLE" />

      <data
        android:host="quikdeal1.auth0.com"
        android:pathPrefix="/android/{YOUR_APP_PACKAGE_NAME}/callback"
        android:scheme="https" />
    </intent-filter>
</activity>

enter image description here

enter image description here

like image 559
NareshRavva Avatar asked May 15 '17 06:05

NareshRavva


3 Answers

Since Google blocks requests from a WebView, we need to set a user agent ourselves before making the request.

Using a hard-coded fake user agent as given in other answers has a disadvantage. Gmail sends email to the user telling that their account has been logged in from a particular device (which is not their device, and may lead to suspicion).

Using the System's default user agent worked for me.

webView.getSettings().setUserAgentString(System.getProperty("http.agent"));
like image 103
Nabin Bhandari Avatar answered Oct 17 '22 15:10

Nabin Bhandari


As you said, google decided to block access from embedded WebViews. The same has happened to me and i just put the user-agent by myself. It looks like this:

public static final String USER_AGENT_FAKE = "Mozilla/5.0 (Linux; Android 4.1.1; Galaxy Nexus Build/JRO03C) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Mobile Safari/535.19";

@Override
protected void onCreate(Bundle savedInstanceState) {
    webView.getSettings().setUserAgentString(USER_AGENT_FAKE);
}
like image 11
OShiffer Avatar answered Oct 17 '22 14:10

OShiffer


It worked for me:

private WebView mWebView;

public static final String USER_AGENT = "Mozilla/5.0 (Linux; Android 4.1.1; Galaxy Nexus Build/JRO03C) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Mobile Safari/535.19";

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    mWebView.getSettings().setUserAgentString(USER_AGENT);
}
like image 8
Joby korah george Avatar answered Oct 17 '22 15:10

Joby korah george