Recep Baltaş
Well-known member
Google sent me this. What do I need to do?
We're writing to let you know that all OAuth authorization requests coming from embedded webviews will be blocked with a disallowed_useragent error starting February 6, 2023. Affected requests to our authorization endpoint will display a user-facing warning message from now until February 6, 2023.
Examples of affected embedded webview libraries include android.webkit.WebView on Android and WKWebView on iOS or macOS.
Thanks for choosing Google OAuth.
— The Google OAuth Team
We detected requests to our OAuth 2.0 authorization endpoint from one or more of your OAuth client IDs within an embedded webview context in the past 30 days.
Hello Google Developer,We're writing to let you know that all OAuth authorization requests coming from embedded webviews will be blocked with a disallowed_useragent error starting February 6, 2023. Affected requests to our authorization endpoint will display a user-facing warning message from now until February 6, 2023.
What do I need to know?
Embedded webview libraries are highly customizable, which can expose your Google's account login and authorization pages to potential "man-in-the-middle" attacks. Google's OAuth 2.0 Use secure browsers policy helps us protect users from these and other types of attacks.Examples of affected embedded webview libraries include android.webkit.WebView on Android and WKWebView on iOS or macOS.
What do I need to do?
- Review our June 2021 Google Developers blog post, Upcoming security changes to Google's OAuth 2.0 authorization endpoint in embedded webviews, to follow instructions for impacted developers. Note that suppression of the user-facing warning message is not supported.
- If you are able to modify the authorization requests of your app, you may choose to test your application for compatibility with our Use secure browsers policy after making the necessary changes.
- Project ID: [Our XenForo Forum]
Thanks for choosing Google OAuth.
— The Google OAuth Team
