Google Oauth2 in embedded browser (web view) - google-api

I added Google OAuth2 to my website. I noticed that when the website was opened in a embedded browser (web view), redirecting to google auth page (see the link below) will fail with error:
"403 disallowed_useragent".
Here is the link:
https://accounts.google.com/o/oauth2/v2/auth?client_id=813505898895-9vocl0haapnp562pn1hmut2sibregabn.apps.googleusercontent.com&response_type=code&scope=openid%20profile%20email&redirect_uri=http%3A%2F%2Fwww.antgora.com%2Fauth1%2Fsign-in%2Fgoogle&state=6515338772758876.%2F
I get that Google no longer allows OAuthrequests to Google in web view. But here is the strange thing. The google sign in demo
developers.google.com/identity/sign-in/web/sign-in work fine when opened in web view. I managed to find the client_idand redirect_uri used in the demo and replace them into the my google auth link (see the updated link below), the updated link can now magically open in web view.
https://accounts.google.com/o/oauth2/v2/auth?client_id=831371170934-udapit5jhjj56pft5l2drc9gjhfeclf3.apps.googleusercontent.com&response_type=code&scope=openid%20profile%20email&redirect_uri=storagerelay%3A%2F%2Fhttps%2Fgoogle-developers.appspot.com%3Fid%3Dauth58372&state=6515338772758876.%2F
Notice that I changed only client_idand redirect_url and nothing else. Later I found more client_idsthat also works with webview. I am wondering is there any specific settings for these client_ids to work?
Also I want to know what's the recommended fix to:
"403 disallowed_useragent"?
My website has no native app. And most likely, people will just open the website they received on online chat in a webview. I'd like to avoid showing the :
"403 disallowed_useragent"
error when they click *sign-in by Google*.

Related

No URL for Apple ID Authorization - React Native

seeing a weird error when opening a web link in an embedded web view. This is a React Native application, and I am using react-native-webview for the embedded web view. The web link tries to load then either sits on a blank page or shows a "404 - there is no content available".
When I debugged in Xcode, the only error log that was shown was this one:
No URL for Apple ID Authorization
I have searched all over and could not find any reference to this error online. Has anyone run into this before? I am not using any SSO functionality, so not sure why I would be seeing an error like this. I reviewed the Apple documentation for the Apple SSO functionality and nothing jumped out to me.

Firebase web push notification in iframe is only working in firefox

I am using firebase for web push notification it is working perfect when I used it in same domain, but I have only one ssl domain and many non ssl website. So I have plan to use it in iframe and integrate this facility in all my non ssl websites too.
URL is
https://htmlcodeplay.com/notification/notification/index.html?websiteid=3
I have integrate it through iframe like below
<iframe src='https://htmlcodeplay.com/notification/notification/index.html?websiteid=3'></iframe>
I have integrate this lines into my blogger https://allinworld99.blogspot.in. But it is working perfectly in Firefox browser but not in chrome browser. No errors also displayed.
As per this link Does my web application require SSL for Firebase Cloud Messaging for Web to work?. It should not work, but how it is working in firefox browser.
I am not able to find a reference right now, but you want to do
embed a "push notification webpage" inside another via iframe
is blocked by Chrome for security reasons.

Javascript Origins for Embedded Feeds in Mobile Webview

I have developed an app which loads a html document from the mobile app storage that contain Yammer Embedded Feed javascript.
Recently, our company's Yammer admin received a message from yammer, telling that all Yammer Embedded Feed javascript will not work unless the domains have been specified in the "Javascript Origins" section.
However, since we are loading the html page directly from mobile, it is just like opening a html page in web browser with "file://" as domain. Can I add "file://" in the "Javascript Origins"? I have tried to "alert" the "window.location" and it returns "about:blank" on the mobile browser.
Thanks!
I answered this question over on the O365 Network, but let me add the answer here too in case someone has a similar question in the future.
The recent push to update your Yammer app's JavaScript Origins (documented/instructions here http://naomimoneypenny.com/2015/02/11/yammer-apps-javascript-origins-update/) affects only those using the JS SDK (specifically https://c64.assets-yammer.com/assets/platform_js_sdk.js).
It does not affect those using the Embed feed (specifically https://c64.assets-yammer.com/assets/platform_embed.js)

firefox web developer toolbar - can i see the posted data?

I am stuck using the Firefox web developer tool for testing out a web app.
I would like to see the contents of the "post" data that is sent - using the web developer tool, I can see a log of all the gets/posts and their responses, and I can see a little box called "Inspect Network Request".... but I cannot see the contents of the POST data.
Is there some way to set the web developer to be slightly more useful?
Here is what I have to work with:

Javascript Error on Facebook Login using Chrome - Unsafe JavaScript attempt to access frame with URL. Domains, protocols and ports must match

I have been running the facebook c# sdk successfully for a good year or more, and it stopped working early december. This was due to the API changes at Facebook, and an informative error told me that i needed to use some new parameters in my calls (specifically oAuth: true )
I read up on the changes, and updated the sdk via nuget, which is now running on version 5.4.1.0 of Facebook.JavascriptMvcWebsite and FacebookWebMvc and the other required libraries that make up the facebook c# sdk.
Now, when clicking the facebook login button i get a different error...
Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/login.php?api_key=251066398241630&skip_api_login=1&display=popup&cancel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.%23cb%3Df3570617%26origin%3Dhttp%253A%252F%252Fgem.local%252Ffbb4f09e%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df1c822218c&fbconnect=1&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D251066398241630%26redirect_uri%3Dhttps%253A%252F%252Fs-static.ak.fbcdn.net%252Fconnect%252Fxd_proxy.php%253Fversion%253D3%2523cb%253Df3570617%2526origin%253Dhttp%25253A%25252F%25252Fgem.local%25252Ffbb4f09e%2526relation%253Dopener%2526transport%253Dpostmessage%2526frame%253Df1c822218c%26sdk%3Djoey%26display%3Dpopup%26response_type%3Dtoken%252Csigned_request%26fbconnect%3D1%26from_login%3D1&rcount=1 from frame with URL http://gem.local/Account/LogOn. Domains, protocols and ports must match.
The console window in Chrome then racks up about 5 of these errors a second, all coming from the facebook login dialog.
I have tried modifying the fbChannel.ashx file to explicity use http:// instead of just // (which respects the current protocol) and also have done the same in FacebookInit.cshtml, but none of this is making any difference.
I also modified my facebook app settings to allow deprecated code...
What am i missing here? I understand why the browser is having a fit over cross domain access, but what is causing this? Have facebook completely switched to https? can i still use facebook logins over http?
I have a test site up where you can see the error in action
Any help appreciated.
Clear the App Domain Field (leave it blank) in Facebook Application --> Basic Info

Resources