Google: Take action to continue using Google's OAuth authorization endpoint

Recep Baltaş

Well-known member
Google sent me this. What do I need to do?

We detected requests to our OAuth 2.0 authorization endpoint from one or more of your OAuth client IDs within an embedded webview context in the past 30 days.
Hello Google Developer,

We're writing to let you know that all OAuth authorization requests coming from embedded webviews will be blocked with a disallowed_useragent error starting February 6, 2023. Affected requests to our authorization endpoint will display a user-facing warning message from now until February 6, 2023.

What do I need to know?​

Embedded webview libraries are highly customizable, which can expose your Google's account login and authorization pages to potential "man-in-the-middle" attacks. Google's OAuth 2.0 Use secure browsers policy helps us protect users from these and other types of attacks.

Examples of affected embedded webview libraries include android.webkit.WebView on Android and WKWebView on iOS or macOS.

What do I need to do?​

Review the potentially impacted client ID(s) used by your projects below:

  • Project ID: [Our XenForo Forum]
For additional information regarding these changes, please read thoughtfully through the Google Developers blog post shared above.

Thanks for choosing Google OAuth.

— The Google OAuth Team
Top Bottom