How to fix a "403 - disallowed_useragent" with the native Google Drive iOS SDK?

Question

I'm following the instructions given at: https://developers.google.com/drive/ios/quickstart?ver=swift.

Yesterday it was working but this morning it seems to always fail. The weird part is that I'm using their native SDK. I don't know why does it believe I'm using a web-view. The exact error is:

This user-agent is not permitted to make an OAuth authorization request to Google as it is classified as an embedded user-agent (also known as a web-view). Per our policy, only browser are permitted to make authorization requests to Google. We offer several libraries and samples for native apps to perform authorization request in the browser.

I cloned: https://github.com/googledrive/ios-quickeditor and got the same error.

Answer 1

Here is the unfortunate answer: Yes, you are using the example from Google's iOS Quickstart, the "native SDK" as you call it. That's outdated, however, as it uses exactly the embedded web view that Google doesn't want you to use anymore.

If it did work before, but has stopped doing so all of a sudden (like I experienced myself), it may have to do with you changing something related to the client ID. For client IDs that exist for some time, there seems to be a longer grace period until Google hard-blocks the web view use (there should still be just some warning for now, I understand). A new client ID I created recently for unrelated reasons, seems to have caused just that, getting me stuck in having to replace Google Drive authentication code for a new release at short notice.

As to the options (that the so far only other respondent to your question lists from the Google blog post), after a bit of research GTMAppAuth seems to be the most viable option to me, as I am not interested in complete user sign-in and -out. But I may be wrong there.

GTMAppAuth has sample code for iOS, yet just in Objective-C. I have yet to make it through that. In general, your code logic will change like so: Your current solution does authentication purely within your app. It's asynchronous, but doesn't leave your app. The new solution requires you to initiate authentication within your app while preparing and remembering your callback functionality. The authentication initiation then opens a browser outside, which, once done causes a URL callback in your app delegate. In your app delegate, you then check for your prepared callback and, depending on the result status of the outside call, notify the user about success or failure of the outside authentication.

Answer 2

try this, it will works for "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"

Google restrict the authentication from webviews. it's accepting safari webkit useragent .override useragent with above useragent string it will works.

Answer 3

Add this code to your AppDelegate.m (assuming it is in ObjC):

NSString *userAgent = @"Mozilla/5.0 (iPhone; CPU iPhone OS 10_3 like Mac OS X) AppleWebKit/603.1.23 (KHTML, like Gecko) Version/10.0 Mobile/14E5239e Safari/602";

// set default user agent
NSDictionary *dictionary = [[NSDictionary alloc]initWithObjectsAndKeys:userAgent,@"UserAgent", nil];
[[NSUserDefaults standardUserDefaults] registerDefaults:(dictionary)];

Answer 4

You can solve this issue by using the 3rd party SDK by CloudRail which works fine for Google Drive and the new authentication restrictions. This tutorial exactly shows you how to use an external browser rather than a web -view.