Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting action advised email from google console. #410

Closed
codal-mpawar opened this issue Mar 29, 2023 · 2 comments
Closed

Getting action advised email from google console. #410

codal-mpawar opened this issue Mar 29, 2023 · 2 comments

Comments

@codal-mpawar
Copy link

Hello Google Developer,

We're writing to let you know that we detected the use of an embedded webview in requests to Google's OAuth 2.0 authorization endpoint in the past 120 days associated with one or more of your OAuth client IDs listed in this email.

Any affected authorization endpoint requests will be blocked with a disallowed_useragent error starting July 24, 2023. Affected requests to our authorization endpoint will display a user-facing warning message starting in May until July 24, 2023.

What do you need to know?
Embedded webview libraries are highly customizable, which can expose Google's login and account authorization pages to potential "man-in-the-middle" attacks. Google's OAuth 2.0 "Use secure browsers" policy helps us protect users from these and other types of attacks.

Examples of affected embedded webview libraries include android.webkit.WebView on Android and WKWebView on iOS or macOS.

What do you need to do?
Review our June 2021 Google Developers blog post, Security changes to Google's OAuth 2.0 authorization endpoint in embedded webviews, to determine potential next steps.
Consider how enterprise and educational users might be impacted by embedded webviews in your app(s).
If you are able to modify the authorization requests of your app, you can choose to test your application for compatibility with our "Use secure browsers" policy after making the necessary changes.
Note: Suppression of the user-facing warning message is not supported.

Does anyone have any idea how we can handle this? because in future we getting this warning. I am using this library for google login from aws-amplify.

here is a little bit of code.

urlOpener: async function urlOpener(url, redirectUrl) {
            await InAppBrowser.isAvailable();
            const { type, url: newUrl } = await InAppBrowser.openAuth(url, redirectUrl, {
                showTitle: false,
                enableUrlBarHiding: true,
                enableDefaultShare: false,
                ephemeralWebSession: true
            });
            const splitUrl = `${redirectUrl}?${newUrl.split('#_=_')[0].split('?')[1] || ''}`;
            if (type === 'success') {
                Linking.openURL(splitUrl);
            }
        }


package.json
"react": "16.13.1",
"react-native": "0.64.2",
"react-native-inappbrowser-reborn": "3.7.0"
@codal-mpawar
Copy link
Author

@jdnichollsc @vincent-paing @chrismerino Can you please help me on this..

@jdnichollsc
Copy link
Member

We'are not using embedded webviews in this project, check the README of the repo https://github.com/proyecto26/react-native-inappbrowser#authentication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdnichollsc @codal-mpawar