getting 403 disallowed user agent in Auth0 Lock for Android

NareshRavva picture NareshRavva · May 15, 2017 · Viewed 8k times · Source

integrated Auth0 login in my android application. for this integration i am following this one https://auth0.com/docs/libraries/lock-android

its work fine previously, but now i am facing 403 disallowed user while click on google.

while i am searching in google i found this: Google since april 20 decided to block access from embedded webviews for security purposes thats why Auth0 login with google fails.

iOS guys fixed the same issue using:

but didn't find this in android

how to resolve this. any have idea on this.

my piece of code:

compile 'com.auth0.android:lock:2.+'

Auth0 auth0 = new Auth0(getString(R.string.auth0_client_id), getString(R.string.auth0_domain));
            mLock = Lock.newBuilder(auth0, mCallback)
                    //Add parameters to the builder
                    .closable(true)
                    .build(this);
            startActivity(mLock.newIntent(this));

private LockCallback callback = new AuthenticationCallback() {
       @Override
       public void onAuthentication(Credentials credentials) {
          //Authenticated
       }

       @Override
       public void onCanceled() {
          //User pressed back
       }

       @Override
       public void onError(LockException error) {
          //Exception occurred
       }
   };

manifest:

<activity
  android:name="com.auth0.android.lock.LockActivity"
  android:label="@string/app_name"
  android:launchMode="singleTask"
  android:screenOrientation="portrait"
  android:theme="@style/MyLock.Theme">
    <intent-filter>
      <action android:name="android.intent.action.VIEW" />

      <category android:name="android.intent.category.DEFAULT" />
      <category android:name="android.intent.category.BROWSABLE" />

      <data
        android:host="quikdeal1.auth0.com"
        android:pathPrefix="/android/{YOUR_APP_PACKAGE_NAME}/callback"
        android:scheme="https" />
    </intent-filter>
</activity>

enter image description here

enter image description here

Answer

OShiffer picture OShiffer · May 15, 2017

As you said, google decided to block access from embedded WebViews. The same has happened to me and i just put the user-agent by myself. It looks like this:

public static final String USER_AGENT_FAKE = "Mozilla/5.0 (Linux; Android 4.1.1; Galaxy Nexus Build/JRO03C) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Mobile Safari/535.19";

@Override
protected void onCreate(Bundle savedInstanceState) {
    webView.getSettings().setUserAgentString(USER_AGENT_FAKE);
}