integrated Auth0 login in my android application. for this integration i am following this one https://auth0.com/docs/libraries/lock-android
its work fine previously, but now i am facing 403 disallowed user while click on google.
while i am searching in google i found this: Google since april 20 decided to block access from embedded webviews for security purposes thats why Auth0 login with google fails.
iOS guys fixed the same issue using:
but didn't find this in android
how to resolve this. any have idea on this.
my piece of code:
compile 'com.auth0.android:lock:2.+'
Auth0 auth0 = new Auth0(getString(R.string.auth0_client_id), getString(R.string.auth0_domain));
mLock = Lock.newBuilder(auth0, mCallback)
//Add parameters to the builder
.closable(true)
.build(this);
startActivity(mLock.newIntent(this));
private LockCallback callback = new AuthenticationCallback() {
@Override
public void onAuthentication(Credentials credentials) {
//Authenticated
}
@Override
public void onCanceled() {
//User pressed back
}
@Override
public void onError(LockException error) {
//Exception occurred
}
};
manifest:
<activity
android:name="com.auth0.android.lock.LockActivity"
android:label="@string/app_name"
android:launchMode="singleTask"
android:screenOrientation="portrait"
android:theme="@style/MyLock.Theme">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="quikdeal1.auth0.com"
android:pathPrefix="/android/{YOUR_APP_PACKAGE_NAME}/callback"
android:scheme="https" />
</intent-filter>
</activity>
Since Google blocks requests from a WebView
, we need to set a user agent ourselves before making the request.
Using a hard-coded fake user agent as given in other answers has a disadvantage. Gmail sends email to the user telling that their account has been logged in from a particular device (which is not their device, and may lead to suspicion).
Using the System's default user agent worked for me.
webView.getSettings().setUserAgentString(System.getProperty("http.agent"));
As you said, google decided to block access from embedded WebView
s.
The same has happened to me and i just put the user-agent by myself.
It looks like this:
public static final String USER_AGENT_FAKE = "Mozilla/5.0 (Linux; Android 4.1.1; Galaxy Nexus Build/JRO03C) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Mobile Safari/535.19";
@Override
protected void onCreate(Bundle savedInstanceState) {
webView.getSettings().setUserAgentString(USER_AGENT_FAKE);
}
It worked for me:
private WebView mWebView;
public static final String USER_AGENT = "Mozilla/5.0 (Linux; Android 4.1.1; Galaxy Nexus Build/JRO03C) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Mobile Safari/535.19";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
mWebView.getSettings().setUserAgentString(USER_AGENT);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With