12

We have custom devices which run on Android OS but dont have Google Play services incorporated.
We have Google login using Webview Oauth2.0 authentication. And as per the documentation it has been deprected.
I read that there is a way https://developers.google.com/identity/sign-in/android/ but this seems that it requires gradle incorporation for play services.
So which way could I use for google authentication?
I found 2 options as below but will they be helpful in my case?
1. https://firebase.google.com/docs/auth/android/start/
2. https://developers.google.com/api-client-library/java/google-api-java-client/oauth2

Which can be the most suitable for my requirement
Please help.
Regards,
Shraddha

Cheticamp
  • 61,413
  • 10
  • 78
  • 131
Shraddha Shravagi
  • 1,096
  • 1
  • 9
  • 22

1 Answers1

12

Yes, indeed google quite some time ago has blocked the possibility to login to it's services via app's internal WebView. The reason is that Google does not trust external app providers, where it is't aware of security of connection. It forces external app providers to use Google's methods of login to it's services.

Source: Modernizing OAuth interactions in Native Apps for Better Usability and Security

Indeed you have found the right methods to use Google services, however, Firebase and Google Sign In have disadvantage that makes them unusable by you, namely both need Google Play Services. Firebase needs them and Google Sign-in needs them. So there is no official way of using both on devices not having Google Play Services.

There is yet another way: Chrome Custom Tabs. However, they require Chrome installed on the device. And since a long time it also uses Google Play Services. Moreover, Chrome Custom Tabs have been introduced later than Chrome has incorporated Google Play Services

However, there's a hack. Declare app's internal WebView's User Agent as Chrome. Here is the documentation. As seen at the bottom of this page, you could remove following Strings from WebView User Agent String:

  • Version/_X.X_ on Kitkat Devices
  • wv on Lollipop+ devices.

However, I do not recommend this method and kindly encourage to stick to Google Policy, if there is a possibility.

Hope that this explanation is enough.

EDIT: As per comment below, Goole Api Java Client does not need Google Play Services, so this might be an option.

Sazzad Hissain Khan
  • 37,929
  • 33
  • 189
  • 256
R. Zagórski
  • 20,020
  • 5
  • 65
  • 90
  • Hello, Thanks a lot for your time. As per the answer on SO : https://stackoverflow.com/questions/22142641/access-to-google-api-googleaccountcredential-usingoauth2-vs-googleauthutil-get Google APIs Client Library for Java is a generic library to access Google Services from all application types (web, installed, or Android application). So it can be a generic way without play services installed. RIGHT? – Shraddha Shravagi Sep 20 '17 at 06:09
  • 1
    Ok. As per this part [Google Api Java Client](https://developers.google.com/api-client-library/java/google-api-java-client/oauth2#android) does not need Google Play Services. So you might try that. I did not notice, that _Google Api Java Client_ and _Google Sign-In_ are two different things. – R. Zagórski Sep 20 '17 at 06:37
  • 4
    Thanks. But how do we get the token and authorize the user? – Shraddha Shravagi Sep 21 '17 at 10:06