适用于嵌入式浏览器中网站的Google OAuth [英] Google OAuth for websites in embedded browsers

问题描述

Google不再允许嵌入式Web视图，因为它是OAuth登录的 disallowed_useragent .在大多数情况下，这是完全可以的，并且有一种解决方法.但是，我遇到了这样的情况，即这种情况使网站无法使用Web服务器OAuth实现.

Google no longer allowing embedded webviews as it is a disallowed_useragent for OAuth sign in. For most situations, this is completely fine and there is a workaround. However, I have run into a situation where this prevents websites from being able to use a web-server OAuth implementation.

使用其O-Auth实现运行Google PHP SDK的Nginx PHP服务器.除嵌入浏览器外，此方法在所有其他工具上均能正常工作.通常这是可以的，但是，如果用户尝试在使用嵌入式浏览器的应用程序中登录我们的网站，则会收到 disallowed_useragent 错误(请参见底部图片).这在Android Facebook Messenger中似乎不是问题，但可以在iPhone 7 Plus Facebook Messenger上复制.

Nginx PHP server running the Google PHP SDK, using their O-Auth implementation. This works fine on everything except embed browsers. Typically this is okay, however, if a user tries to sign up to our website in an app which uses an embedded browser, we get the disallowed_useragent error (See picture at bottom). This doesn't appear to be a problem in Android Facebook Messenger but can be replicated on the iPhone 7 Plus Facebook Messenger.

我试图寻找明确的解决方法.例如.强制在主电话浏览器(例如Safari应用)中打开链接的方法，但所有实现都指向应用端修复，而这些修复不能在网站上完成.

I tried to look for explicit workarounds. E.g. ways to force the link to open in the primary phone browser (e.g. Safari app) but all implementations point to app side fixes, which can't be done from a website.

当某些用户可能正在使用这些嵌入式浏览器时，如何在不使用户采取额外的手动操作(例如在Safari/Chrome中打开)的情况下，如何实现Google Oauth?

How can I implement Google Oauth when some users may be using these embedded browsers, without making the user to take an extra manual action (e.g. Open in Safari/Chrome)?

推荐答案

还有另一种情况引起问题.如果您拥有Web应用程序-而不是具有嵌入式浏览器的本机应用程序-用户始终可以选择将快捷方式放置到iOS中的HomeScreen.但是，当他们转到该HomeScreen快捷方式运行该应用程序时，它将从用户代理字符串中删除"Safari/6xx.x".现在，Google将其视为嵌入式浏览器"，并拒绝访问OAuth.

There's another scenario that is causing issues. If you have a web app - not a native app with an embedded browser - the user can always choose to put the shortcut to the HomeScreen in iOS. But when they go to that HomeScreen shortcut to run the app, it will strip "Safari/6xx.x" from the user agent string. Now, Google sees this as an "Embedded Browser" and denies access to OAuth.

所以-为您没有Web应用功能"！

So - "No Web-App-Capable" for you!

如果您关闭此元标记:

<meta name="apple-mobile-web-app-capable" content="yes"/>

iOS中发生两件事:现在，该网站在Safari浏览器窗口中打开，而不是在更清洁的Web-App方法中打开.该网站使用完整的Safari用户代理，该代理将允许OAuth正常工作.

two things happen in iOS: The website now opens in the Safari browser window instead of the cleaner Web-App method. The website uses the complete Safari useragent which will allow OAuth to work.

这里真正的遗憾是，Google(拒绝非标准浏览器访问OAuth)和Apple(删除用户代理中用于主屏幕快捷方式的Safari版本)的决定使我们陷入了困境.可能在网络应用模式下看起来真的很好，但是无法利用Google的OAuth.

The real shame here is that the decisions of Google (To deny non-standard browsers to access OAuth) and Apple (To remove the Safari version in the user agent for homescreen shortcuts) have backed us into the corner where any site that could look really nice in web-app mode can't utilize this OAuth from google.

我一直在尝试欺骗用户代理以将safari版本添加到其中，以便所有功能都可以在主屏幕Web应用程序中使用，但我认为我无法使其正常运行.Safari浏览器似乎不允许您更改navigator.userAgent，最重要的是，我不确定它如何处理WebApp模式下的新弹出窗口.

I've been trying to find a way to spoof the user agent to add the safari version into it so that everything works in homescreen web-apps, but I don't think I can make it work. It seems that safari doesn't allow you to change the navigator.userAgent and on top of that, I'm not sure how it would handle new popup windows in WebApp mode.

这篇关于适用于嵌入式浏览器中网站的Google OAuth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！