There was a past thread about this, but it was closed without being answered: Google - Disallowed user agent when using Auth0 Lock
I also cross-posted this question to Stack Overflow, and from there linked a couple other relevant Stack Overflow questions.
Google disallowed logging into Google from webviews a few years ago, and Auth0 also made a blog post about workarounds, but it all seems to focus on native apps, not web apps that offer Google as a login option.
But my company’s app is a web-app, and we’d like it if when someone shares a link to our site on Facebook Messenger/Facebook posts, users can log in with Google even if they don’t pop out the native Safari browser. Based on the above documentation it would seem that that’s not possible - but actually I discovered that Pinterest’s “Sign in with Google” button does work! So it appears there’s a way to get Google login working (not sure if they swung a special deal with Google, or if they’re doing something we/Auth0 can be doing too, though).
Repro steps:
- Open Facebook Messenger in iOS (this should roughly work with Facebook too, but this demonstrates the issue)
- Send yourself a message with the URL
https://community.auth0.com
- Click on the link to the Auth0 Community forum
- Click on Log In
- Click on Log in with Google
- See that you get a 403: disallowed_useragent error.
And to prove that there does seem a way for this to be done in the wild:
- Ensure Pinterest isn’t installed on your iOS device so links to it don’t open in-app
- Open Facebook Messenger in iOS
- Send yourself a message with the URL
https://pinterest.com
- Click on the Pinterest link
- Click on “Sign in with google”
- Somehow, it doesn’t error when Pinterest does it!
What does the Auth0 team/community think? Thanks!