Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google OAuth 2.0 and Captive portal with Embedded browser

Tags:

android

ios

wifi

google-oauth

captiveportal

Both Android and IOS devices have a mechanism to detect captive portal on Guest Wifi networks. Whenever a captive portal is detected, these devices start an embedded browser in order to show up the captive portal.

My captive portal allows my guest wifi to use their Google auth credentials in order to allow access to my wifi.

The portal triggers an OAuth 2.0 with Google service and get back the user profile.

All was working fine, unfortunately, Google decided to stop supporting OAuth 2.0 in Embedded browser on April 22nd.

https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

As far as I know, there is no way to force IOS or Android devices to start a real browser during the captive portal detection process.

Since this embedded browser can't be controlled, what option do I have to allow my guests to use their Google credentials? If there is no alternative option, I will have to migrate to Facebook auth modules which doesn't have this restriction as of today.

Thanks, William

like image 845
Beorn Avatar asked Jan 24 '17 13:01

Beorn

People also ask

What is Google's embedded Webview policy?

As part of that work, we recently introduced a new secure browser policy prohibiting Google OAuth requests in embedded browser libraries commonly referred to as embedded webviews. All embedded webviews will be blocked starting on September 30, 2021.

How does browser detect captive portal?

The Automatic Detection of Captive Portal mechanism is based on a simple verification, done by the Operational System (OS) of the client device (smartphone, tablet, laptop). It simply tries to reach a specific URL and verify that such URL returns a well-known result.

What is Google's OAuth 2.0 policy?

OAuth 2.0 clients for web apps must use redirect URIs and JavaScript origins that are compliant with Google's validation rules, including using the HTTPS scheme. Google may reject OAuth requests that don't originate from or resolve to a secure context.

1 Answers

I'm not cool enough to comment apparently, so I'll just reply that despite @nvagr stating that google will not be broken in the CNA, it is. You cannot log in using Google oAuth on an iOS device. You'll get a 403: disallowed_useragent because it uses the CNA.

like image 51
philzy127 Avatar answered Oct 01 '22 20:10

philzy127
Sign in to Comment

Related questions

java.lang.IllegalArgumentException - dialog.dismiss
Loading image with glide is slow
Android: Handle headset buttons events and Send information to MainActivity
Android Studio ADB connection dropping wired attached device since 2.2 on Macintosh
Why is my floating action button not displaying its image properly?
Best practice check list to make Android WebView Secure
Beta: Error reading Beta build properties
NDK support is an experimental features and all use cases are not yet supported error in Android Studio?
Is it possible to reuse a layout in Kotlin Anko
How to detect MotionEvent.ACTION_DOWN in service Android
How to set the android 6.0 mock location app from adb
How to not draw zero values on a linechart while showing their X axis values on MPAndroidChart?
Offline google voice recognition on android
How to Inflate an expanding view with a fixed aspect ratio view
How do I stop music from playing in the background? (react-native-sound)
Caused by: java.lang.IllegalStateException: Fragment already added
Firebase for Android - W/PersistentConnection: pc_0 - Provided authentication credentials are invalid
Do i need to implement Serializable for model classes while using GSON(serialization/deserialization library)
How to get the Activity in nativescript plugin?
progressDialog animations pauses on large setText()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!