Hi!
I’m developping an native android app used by employees of a company only, the app is not public. And they are supposed to use their google work account to log in. The issue is that the app should run on a all-in-one bank terminal running on android, and for security concern, the device doesn’t have any web browser (and can’t be installed). Is it possible to run the universal login in a webview rather than an external browser? Should I use legacy embedded solutions like Lock.Android instead?
Thanks for the help!
Hi @jeantuffier
Welcome to the Auth0 Community!
This is a great question and after doing some research, it appears that the flow you are trying to implement is not possible, as Google Blocks OAuth Requests Made Via Embedded Browsers. Even though that is an older blog post, I was also able to find the following resources that go over this general inquiry, with unfortunately the same outcome:
I hope that I understood your flow correctly and the above resources provide some information, albeit not the outcome that we hoped for. I would recommend that you submit a Feature Request on this matter, but since it appears to be inherently blocked by Google, any workaround would require the use of web browsers, which does not suit your use case.
Hope this provided some clarity!
Best regards,
Gerald
1 Like
Hi @gerald.czifra !
I think I found a solution though with calling Auth0 APIs myself rather than using the Android SDK. I first call “https://{domain}/passwordless/start“ and then “https://{domain}/oauth/token“. With this, I successfully obtain a token. Don’t you think it would be enough? I followed the instructions here Using Passwordless APIs - Auth0 Docs.
Edit : I was probably not clear in my explanation. When I said “they are supposed to use their google work account”, I meant their work email, not neccessarly a SSO with their Google account, which would have been even nicer though.