Wednesday , August 23 2017

Google will disable third-party OAuth app logins from web-views over the next year

Google-Logo
Web security is important to everyone and as one of the leaders in shaping the future of the web, Google is invested in ensuring security of users using OAuth logins – the simple transaction that lets you login to websites with your Facebook, Google etc. logins. To this end, they’ve announced that they will be shutting down support for OAuth logins using web-views.

Google’s Web-View has been superceded in most cases by Chrome Custom Tabs, and on iOS by the SFSafariViewController, and with these other options available, Google will be pushing requests from custom web-views to the device browser. To that end, Google advised:

In the coming months, we will no longer allow OAuth requests to Google in embedded browsers known as “web-views”, such as the WebView UI element on Android and UIWebView/WKWebView on iOS, and equivalents on Windows and OS X.

The possibility of having apps ‘inspect and modify content in a web-view’, but with the device browser it offers a better experience not only with UX, but in that users need only sign into OAuth once, whereas in a custom web-view, a user will have to sign in over and over again.

The phasing out of third-party OAuth App login support will begin in October this year, with Google advising that from the 20th of October they will begin preventing new OAuth clients from using web-views if there is a viable alternative available, with existing web-view clients getting a ‘user-facing notice’ i.e expect a toast notification to pop up. Next year, Google will phase out OAuth requests from web-views all together, advising from the 20th of April next year, they will start blocking web-view requests on any platform that has a viable alternative.

It’s definitely a bit more secure to be using the more up to date browser options, there will of course be some users using edge-case devices and systems affected, but in the long run your security is more important.

 
Source: Google Developers.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

Be the First to Comment!

avatar
wpDiscuz

Check Also

Google releases Android 8.0 images for supported Pixel and Nexus devices

Google has just finished announcing Android Oreo as the latest version of their operating system, …