Hi, I noticed that with the current auth0 Android SDK, the user is redirected to another browser app to perform the login.
Is it possible to use a webview instead, as redirecting the user to another app spoils the user experience?
Is there a way to do this without using Lock, as I understand that Lock is now considered “legacy”?
Hi!
Embedded login using the web view component is not recommended and the latest SDK does not support this.
According to the Best Current Practice for OAuth 2.0 for Native Apps, only external user agents (such as the browser) should be used by native applications for authentication flows. Using the browser to make native app authorization requests results in better security and it gives users the confidence that they are entering credentials in the right domain. It also enables use of the user’s current authentication state, making Single Sign-on (SSO) possible.
Best Current Practice for OAuth 2.0 for Native Apps:
https://www.rfc-editor.org/rfc/rfc8252.txt
Google blocks OAuth requests from embedded browsers:
1 Like
Thanks for helping on this one Marcus!