firebase-as3 icon indicating copy to clipboard operation
firebase-as3 copied to clipboard

Published 20 hours ago verified publisher icon PhantomAppDevelopment

Google Policy Issue

Open aldyahsn opened this issue 8 years ago • 11 comments

Can you authenticate google account? I had tried your samples, it was okay long time ago when you released first commit. But unfortunately right now I can't do that again. It seems google has new policy for web view. When I tried to authenticate my firebase using google got this message

403 Error

"This user-agent is not permitted to make OAuth authorisation request to Google as it is classified as an embedded user-agent (also known as a web-view). Per our policy, only browsers are permitted to make authorisation requests to Google. We offer several libraries and samples for native apps to perform authorisation request in browser."

aldyahsn avatar Mar 15 '17 13:03 aldyahsn

Hi,

Thanks for reporting this.

I just tried the following on my live version of PizzaApp.

  1. I relogged with my Google Apps account (which is the same as Gmail), had no problem.
  2. I deleted my account from the Firebase console and signed up fresh and still no issues.

You can try the following:

In StageWebView/Feathers WebView there's a setting to use the native web view or the built in from AIR. Try setting that to true and false to see if there's any difference.

agentphantom avatar Mar 15 '17 15:03 agentphantom

Hi,

Have you read this? https://www.theregister.co.uk/2016/08/23/google_to_block_web_views_from_using_its_oauth/

Even though I followed your example in Auth section, the problem still hasn't been solved yet.

problem pic

But when I copied url of webview.location from function changeLocation() to chrome, authentication UI showed off.

I think google only allows access the url only from browser to provide security.

aldyahsn avatar Mar 16 '17 14:03 aldyahsn

Anyway I installed your Pizza App. It works well. I don't know when you update it. My guess is maybe google allows access from app which published on early 2017 but it is blocking latest released app due to blocking time next month. I think you should try to deploy new one to test it.

aldyahsn avatar Mar 16 '17 15:03 aldyahsn

I did read the post from the google dev blog and they mentioned they won't allow generic web views but you can still use native web views (which AIR provides).

Try to debug on your phone on both native and non native web views to see if there's any difference since the user agent is different there.

I also have been using the latest versions of AIR. You can try using the just released version 25.

You can go further and try the apk from the Releases tab in the PIzzaApp repository. That version is not linked to the PlayStore.

agentphantom avatar Mar 16 '17 15:03 agentphantom

I just gave it a try in a new app.

In new apps it doesn't work at all, it only works on old apps and it's very likely to break in the next weeks.

I tried setting a different userAgent, changing to native and non native but nothing worked. The only thing to do is not to use Google login for the meantime.

I researched what have the AIR competitors done (Cordova, Ionic, Xamarin) and they opted to follow Google's guidelines with their equivalent of ANEs.

agentphantom avatar Mar 16 '17 22:03 agentphantom

But we can use e-mail/password connections ?

benkhachouch avatar Mar 16 '17 22:03 benkhachouch

Yes, Email with Pass and Anonymous auth should work with no problem since they are tied directly with Firebase.

Facebook and Twitter should work fine for the time being.

I was thinking that there may be a simple fix for Google. I will investigate about custom URI schemas in AIR.

agentphantom avatar Mar 16 '17 23:03 agentphantom

Thanks you😀

Le 17 mars 2017 00:34, "Mr. Phantom" [email protected] a écrit :

Yes, Email with Pass, Anonymous should work with no problem since they tied directly with Firebase.

Facebook and Twitter should work fine for the time being.

I was thinking that there may be a simple fix for Google. I will investigate about custom URI schemas in AIR.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/PhantomAppDevelopment/firebase-as3/issues/10#issuecomment-287224358, or mute the thread https://github.com/notifications/unsubscribe-auth/AMYpy_hr9IVdbM9FMB8Vsvh6Jer8AHeuks5rmccOgaJpZM4Md89W .

benkhachouch avatar Mar 17 '17 06:03 benkhachouch

Good news.

I was able to implement one of the new methods Google suggests.

You can check it here: https://github.com/PhantomAppDevelopment/socialmedia-as3/tree/master/google

If it works for you I can try and port it so it can work with Firebase.

agentphantom avatar Mar 22 '17 06:03 agentphantom

I tried on mobile device. Still doesn't work. It only works on Desktop when url is opened with browser. However it doesn't happen on mobile browser. Weird.

aldyahsn avatar Mar 23 '17 04:03 aldyahsn

Thanks for reporting back.

In which mobile device do you tested? I had success with an Android 5.1 on AIR 25.

agentphantom avatar Mar 23 '17 05:03 agentphantom