Auth0 Home Blog Docs

Using Lock with Ionic 2 leads to a 403 (disallowed_useragent) for Google authentication

lock
auth0-lock
lock-google
ionic2

#1

Auth0 Lock using Ionic 2 seems to have stopped working (for me…) - it was OK just a week ago but now, once I run the app on android, trying to login (with google) I get a 403:

Error: disallowed_useragent
This user-agent is not permitted to make an OAuth authorization request to Google...

So I’m fairly sure that is down to the way lock works.
Is this something that will get ‘fixed’ or get an ‘official’ workaround - or does the change with google mean the end of the road for lock (at least in an app with google as the OAuth provider)?

I have looked at the Auth0 guides (both ionic 1 and 2 quickstarts, and a number of github repos) - I can’t see any mention of this issue (maybe it is too new an issue? Saying that, I found a link in the old auth0 forum that refers to it back in January…)

I had a look at updating https://github.com/auth0-samples/auth0-ionic2-samples/tree/master/01-Login so that it compiles - but that is broken too. If I don’t install cordova-plugin-inappbrowser, then I just get ‘ok’ in a webpage, nothing fires back to the app and I never log in. If I do add it, I get the same 403 error. I guess if there were currently a workaround, auth0’s own sample/demo files would use it.

I have seen this link: https://community.auth0.com/questions/542/lock-google-403-disallowed-useragent
which is the same issue - and in the comments there is reference to a plugin: https://github.com/auth0/auth0-cordova

Is using that the recommended way to go now? Stop using lock, use auth0-cordova plugin? Given this is buried in the comments and has no mention in the docs, I’m unsure about it.
I also have had no luck at all trying to get that plugin working in ionic 2 (angular 2/typescript) - has anyone?


#2

For cordova based applications you can follow the recommendation included in the last post you mentioned (https://community.auth0.com/questions/542/lock-google-403-disallowed-useragent). The link to the repository (https://github.com/auth0/auth0-cordova) was provided in the comments mostly because it was provided at a later time than the original answer and as a direct reply to a previous comment.

In conclusion, you would use that library to have your application redirect to the hosted login page using the OS browser and the OAuth 2.0 code grant flow with Proof Key for Code Exchange. At this time, I don’t believe there are available samples specific for Ionic2 so if you’re having issues setting that my recommendation would be for you to create a separate question with more details about the exact problem you are experiencing.


#3

Thanks for the reply and clearing that up @jmangelo.

Sounds like it’ll take quite a big refactor to get it working without the lock, so I best take another look at doing that…

Thanks again


#4

Thanks for the reply and clearing that up @jmangelo.

Sounds like it’ll take quite a big refactor to get it working without the lock, so I best take another look at doing that…

Thanks again


#5