Google SSO in app browsers (webviews)

Problem statement

We’re constrained to use the universal login page on our site within a webview in a 3rd party product, which causes a 403 for Google SSO. We can’t conditionally hide Google because existing users need to use Google to log in. The 3rd party product can’t just not use the webview because this is fundamental to their dapp browser feature, and other similar products use the same. Is there a way for auth0 to open an external user agent from within an embedded user agent in a native app?
Similar issue: Disallowed_useragent 403 error with Google sign in

Solution

Unfortunately, this is not possible. All interaction with the Universal Login is HTTP-based: an initial request to /authorize returns HTML, and a browser (a webview in this case) handles the rendering and the continuation of the flow. It would be impossible for the HTML or Javascript to force opening an external user agent, as WebView is the one handling the HTTP and HTML flows. (e.g., window.open is likely to be either blocked or forced to stay within the WebView).
The only way to comply with Google’s requirement would be to fully open your app in an external browser (which is something that the native app should be able to do on their side).

1 Like