Google users sign-in to third-party applications with their Google account in a secure and seamless way, that under the hood happen via OAuth requests.
The company has just said that keeping improved security and usability in mind, in the coming months, they’ll stop allowing OAuth requests to Google in embedded browsers.
“OAuth requests to Google in embedded browsers known as “web-views”, such as the WebView UI element on Android and UIWebView/WKWebView on iOS, and equivalents on Windows and OS X,” would no longer allowed, the company stated.
In addition, Google Sign-In on iOS prior to version 3.0 are also deprecated. If you use Google Sign-In, you should update to the latest version.
For now, Google would not remove WebView on iOS 8 support, however they may start to display notices to upgrade their device for better security.
Google said that starting October 20, 2016, they’ll prevent new OAuth clients from using web-views on platforms with a viable alternative, and will phase in user-facing notices for existing OAuth clients.
And, on April 20, 2017, they’ll start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist.
Google explains that instead of an embedded web-view, using browser for OAuth requests can improve the usability of your apps significantly as the users only need to sign-in to Google once per device.
“Modern “in-app browser tab” patterns available on some operating systems, such as Chrome Custom Tabs on Android and SFSafariViewController on iOS offer further UX improvements for browser-based OAuth flows,” the company stated.
To help you migrate, the company is offering follwing resources:
- “Google Sign-In for Android and iOS, our recommended SDK for sign-in and OAuth with Google Accounts.
- AppAuth for Android, iOS, and OS X, an open source OAuth client library that can be used with Google and other OAuth providers. We also offer GTMAppAuth (for iOS and OS X), a library which enables AppAuth support for the Google APIs Client Library for Objective-C, and the GTM Session Fetcher projects.
- Google Sign-in and OAuth examples for Windows,” google explained.