Using Google OAuth 2 on embedded Android-based device

Question

We have an application for embedded Android-based device, it uses WebView and inside it we use Google OAuth 2 to login to the app. Unfortunately Google will soon block OAuth 2 inside WebView, and we have lots of restrictions:

• The device doesn't have Google Services installed, so probably no 'official' way of logging in would work (or maybe any of them would work without Google Services?)
• We can't just invoke Android browser to do login, because it shows address bar, which would allow the user to surf the internet, which we can't allow
• We don't fully control the software installed on the device: can't install Google Services, update Android version, install Google Chrome, etc..., we can just update our app.

What else could we do having those restrictions?

Answer 1

Implementation through a browser:

1) Register custom URI scheme (How to implement my very own URI scheme on Android), for example, app-oauth2://

2) Make access request in user's browser

https://accounts.google.com/o/oauth2/v2/auth?
scope=...
access_type=offline&
include_granted_scopes=true&
state=state_parameter_passthrough_value&
redirect_uri=http://example.com/oauth2-handler&
response_type=code&
client_id=...

3) If user accept or denied requested rights in the confirmation dialog, it will be redirected to redirect_uri (http://example.com/oauth2-handler) with some params

4) On the side of redirect_uri handler (http://example.com/oauth2-handler), mare a redirect to custom URI scheme with params:

• Success: app-oauth2://?state=state_parameter_passthrough_value&code=...&scope=...#
• Failure: app-oauth2://?error=access_denied&state=state_parameter_passthrough_value#

5) In your app you can parse URI scheme app-oauth2:// from option 4 and receive the code for future usage or error for displaying to the user.