Today I've got following email from Google:
We are writing to let you know that Google will discontinue support for sign-ins to Google accounts from embedded browser frameworks, starting January 4, 2021. We have detected the use of an embedded browser framework with one or more of your OAuth clients that may be blocked on or after January 4, 2021. Please review your use of Google Account authorization flows in the following Google OAuth client IDs and make any required changes before January 4, 2021:
This is strange as my B2C web application isn't loaded in an embedded browser nor in a web view. It's even not an mobile app using an embedded browser or a web view. There's no embedded browser or web view at all where users could log in. My web application is just a simple public B2C "website" which does 2 things:
So I'm wondering why I've got this email. Advice is very much appreciated as it seems as Google plans to limit/block my Google API clientID and I'm a bit concerned by website will break.
Update 1:
Update 2:
The Google blog article about this topic describes that "The browser must have JavaScript enabled" and "The browser must identify itself clearly in the User-Agent" in order to do an OAuth Sign-In.
I'm wondering if an server side API call to YouTube data API with an offline access token is considered as an OAuth Sign-In (which it basically is). But offline access is made for API access without user interaction (a browser). So I think this should not be the problem but who knows...
Google Sign-In manages the OAuth 2.0 flow and token lifecycle, simplifying your integration with Google APIs. A user always has the option to revoke access to an application at any time.
Update: on Google Analytics we see that some of our users are logging in with "Android Webview" which might be the cause of these warning emails. We are still looking into it though.
We got the same email and we are baffled.
We have a Cordova app on Android and iOS which has been using the native auth flow for years so we do not think that is the problem.
We also have a companion website with the standard Google Sign In.
Ideas are welcome
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With