Social Login (OAuth)Customize

Unsupported WebView for OAuth

In scenarios where you are accessing a company's page or a website via LinkedIn or any other native app and try to log in using Google, you may encounter an 'Access Blocked' or a '403 disallowed_useragent' error. This is a known, common, and very strict limitation imposed by some providers (e.g., Google). It occurs because you cannot run OAuth from a WebView, which goes against Google's 'Use secure browser' policy.

Steps to reproduce

  1. Search for any company on native LinkedIn App which redirects to a website with a Google sign in.
  2. Click on "Visit Website" button or company's website link provided on the company's page.
  3. Sign in via Google.

You will see the error pop up as shown below.

Error 403

How does Descope handle this?

Descope supports a conditional key device.oauthSupport which can be used to identify an unsupported WebView for Google OAuth.

  1. Head over to your flows, and select the one you want to integrate this condition with.
  2. Select a Condition block from the Blue +.
  3. Add an if else condition to handle routes if webview is identified.

Webview condition

  1. You can implement whatever logic you'd like for the else condition which encounters the "access blocked" situation.
  2. Finally, connect the blocks together, add the rest of your flow logic, and you're done!

Test the condition

As an example, this flow below handles the error by telling the user to sign in directly from the website using a browser therefore avoiding the "access blocked" error.

Webview flow

Either host your own application to use this flow example or use Descope Explorer (https://explorer.descope.com/?project=YOUR_DESCOPE_PROJECT_ID&flow=FLOW_ID) and provide your project and flow ID in the link. Send this link as a message on LinkedIn and test the flow.

There are several ways of handling this once the condition is set in Descope Flows as shown above. Users can either choose not to show the Google button in WebView or provide the button but display a screen/message guiding the user to copy the link and open the page in a native browser (Safari, Chrome, etc.).

If you have any other questions about Descope or our flows, feel free to reach out to us!

Was this helpful?

Previous

Utilizing A User Picture from OAuth Provider

Next

SSO (Single Sign-on) Authentication

On this page

Unsupported WebView for OAuthSteps to reproduceHow does Descope handle this?Test the condition