For what its worth, I implemented this using Lock / Universal Login with the following changes to the javascript:
var allowedConnections = ['facebook', 'Username-Password-Authentication']; var webViewRegexRules = [ // if it says it's a webview, let's go with that 'WebView', // iOS webview will be the same as safari but missing "Safari" '(iPhone|iPod|iPad)(?!.*Safari)', // Android Lollipop and Above: webview will be the same as native but it will contain "wv" // Android KitKat to Lollipop webview will put Version/X.X Chrome/{version}.0.0.0 'Android.*(;\\s+wv|Version/\\d.\\d\\s+Chrome/\\d+(\\.0){3})', // old chrome android webview agent 'Linux; U; Android' ]; var webViewRegExp = new RegExp('(' + webViewRegexRules.join('|') + ')', 'ig') var isWebView = !!window.navigator.userAgent.match(webViewRegExp); if(!isWebView){ allowedConnections.push('google-oauth2'); } // Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration var lock = new Auth0Lock(config.clientID, config.auth0Domain, { allowedConnections: allowedConnections, // Lots of other settings... });
I used the WebView detection logic from this library: GitHub - atomantic/is-ua-webview: 📱tiny/simple npm module for detecting webview status of a user-agent