4

I added Google OAuth2 to my website. I noticed that when the website was opened in a embedded browser (web view), redirecting to google auth page (see the link below) will fail with error:

"403 disallowed_useragent".

Here is the link:

https://accounts.google.com/o/oauth2/v2/auth?client_id=813505898895-9vocl0haapnp562pn1hmut2sibregabn.apps.googleusercontent.com&response_type=code&scope=openid%20profile%20email&redirect_uri=http%3A%2F%2Fwww.antgora.com%2Fauth1%2Fsign-in%2Fgoogle&state=6515338772758876.%2F

I get that Google no longer allows OAuthrequests to Google in web view. But here is the strange thing. The google sign in demo developers.google.com/identity/sign-in/web/sign-in work fine when opened in web view. I managed to find the client_idand redirect_uri used in the demo and replace them into the my google auth link (see the updated link below), the updated link can now magically open in web view.

https://accounts.google.com/o/oauth2/v2/auth?client_id=831371170934-udapit5jhjj56pft5l2drc9gjhfeclf3.apps.googleusercontent.com&response_type=code&scope=openid%20profile%20email&redirect_uri=storagerelay%3A%2F%2Fhttps%2Fgoogle-developers.appspot.com%3Fid%3Dauth58372&state=6515338772758876.%2F

Notice that I changed only client_idand redirect_url and nothing else. Later I found more client_idsthat also works with webview. I am wondering is there any specific settings for these client_ids to work?

Also I want to know what's the recommended fix to:

"403 disallowed_useragent"?

My website has no native app. And most likely, people will just open the website they received on online chat in a webview. I'd like to avoid showing the :

"403 disallowed_useragent"

error when they click *sign-in by Google*.

jva
  • 2,797
  • 1
  • 26
  • 41
AI YO
  • 41
  • 3

0 Answers0