Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Social login Google - disallowed_useragent

This thread has been viewed 11 times

  • 1.  Social login Google - disallowed_useragent

    Posted Sep 01, 2017 07:36 AM

    When using social login for google+ and we don't enable 'bypass Apple CNA', the clients (mostly iOS) receive and error 403 This user-agent is not permitted to make an OAuth auth request to Google as it is classified as an embedded user-agent (also known as a web-view).

    This is quite annoying since not using the Apple CNA, makes it tedious for the user to manually open a browser and open an URL.

    Is there any way to circumvent this behaviour?



  • 2.  RE: Social login Google - disallowed_useragent
    Best Answer

    EMPLOYEE
    Posted Sep 01, 2017 07:39 AM
    Unfortunately no. You need to bypass CNA. You can thank Apple for making the CNA so restrictive.


  • 3.  RE: Social login Google - disallowed_useragent

    Posted Sep 01, 2017 07:44 AM

    Thanks for the quick answer, I'll have to dissapoint the customer unfortunatly.



  • 4.  RE: Social login Google - disallowed_useragent

    EMPLOYEE
    Posted Sep 01, 2017 09:14 AM
    Please ask them to send their feedback to their Apple respresentative. They don't listen to us. 😊


  • 5.  RE: Social login Google - disallowed_useragent

    EMPLOYEE
    Posted Jun 02, 2018 12:50 PM
    Google will put your client ID on a whitelist. You need to email oauth-help@google.com If you explain the use case they allow it


  • 6.  RE: Social login Google - disallowed_useragent

    Posted Jun 08, 2018 03:39 PM

    I just had a client ask google for the excemption no issues. Now the google logins work inside the CNA. Thanks LiptonJ!

     



  • 7.  RE: Social login Google - disallowed_useragent

    Posted Dec 06, 2017 02:43 PM

     Same Story

     

    I ended up hiding the google button when inside the Apple CNA that way they can't click on it and get the error. 

     

    {if ($_wpl.browser.is_iphone || $_wpl.browser.is_ipad) && $_wpl.browser.is_mobile && (strpos($_wpl.browser.user_agent, 'Safari') == false)}
    {literal}
    <script>
    var x = document.getElementsByClassName("btn-google");
    var i;
    for (i = 0; i < x.length; i++) {
    x[i].style.display = "none";
    }
    </script>
    {/literal}
    {else}

    {/if}



  • 8.  RE: Social login Google - disallowed_useragent

    Posted Apr 06, 2020 11:07 AM

    Hi Tim, 

     

    As it has been a while since the original post - has there been an official fix for using Google accounts for social logon (without manually having to whitelist the user by emailing oauth-help@google.com, or pasting and editing the URL into a browser?). 

     

    Thanks, Adam