This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 41%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
We are using Azure AD B2C along with MSAL sdk for native Android and iOS Applications. We have also configured google SSO(Sign In with google).
As per the instructions mentioned in Upcoming security changes to Google's OAuth 2.0 authorization endpoint in embedded webviews , we have modified the redirect URIs by going to Google cloud console -> Credentials -> Authorized redirect URIs.
As per the instruction given in Test for compatibility , we have added the query param "disallow_webview=true" to the redirect URIs.
After doing this we are getting the following error,
Please suggest the further steps on resolving this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Thanks for reaching out.
This is a known scenario and if your apps authenticate users with an embedded web-view and you're using Google federation with Azure AD B2C, Google Gmail users won't be able to authenticate.
You need to modify your apps to system web-views for authentication. All MSAL SDKs use the system browser by default.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Hi Shweta,
Thankyou for the reply.
An additional query,
For native android and iOS apps we are using MSAL sdk and the sign in page is opening via external browser,
Android : https://github.com/AzureAD/microsoft-authentication-library-for-android (Version: 4.6.1)
iOS : https://github.com/AzureAD/microsoft-authentication-library-for-objc (Version: 1.2.12)
and while running on the simulator/device we are able to see the below screens.
Android :
iOS :
Is it expected that we make any changes for native Android and iOS to prevent the "Error 400: redirect_uri_mismatch" while performing google sign in.
We are using the MSAL Sdk's as you have mentioned and we have added the query param "disallow_webview=true" as mentioned in the google auth policy, but still we are getting the error.
Can you please confirm do we need to explicitly make any changes to the Authorized redirect URIs or in the native Android and iOS applications?
Could you share the manifest of the application registered in the Azure AD and that same must be configured in your application.
This is the OAuth url inside the manifest
And this is the manifest on the Azure Portal
For security purpose we have strike off the url but the url is same in both the screenshots.
Also, are you passing the same redirect URI in your application as well or are you passing along with query param disallow_webview=true?
For now we have only set the disallow_webview=true, in the Authorised Redirect URI's section under Google cloud console -> Credentials -> Authorized redirect URIs as per the instructions given in Test for compatibility document and nowhere else the query param is added.
Hi @Shweta Mathur ,
Can you please suggest if we have to make any changes are our end or is this handled by MSAL Sdk? We are awaiting your reply for further action. Please respond as soon as possible.
Hi @Shweta Mathur ,
We are still awaiting your response on the query. Kindly let us know if we have to make any changes at our end.