Google Login: after app verification on Android 11 devices appears: Error 403 disallowed_useragent

FrancoBaz 16 Reputation points
2021-06-15T14:10:43.037+00:00

I made a Xamarin Forms app using Xamarin.Auth 1.7.0 which had no problems in Google authentication until it was waiting the verification of the consent screen. Since the consent screen has been successfully verificated, suddenly on some devices (not all!!!) the authentication produces
"Error 403 disallowed_useragent
Google can't sign you in safely inside this app. You can use Google sign-in by visiting this app's website in a browser like Safari or Chrome"
response_type=code
access_type=offline
scope=https://www.googleapis.com/aut/userinfo.email
Please note that I use
_auth = new OAuth2Authenticator(clientId, string.Empty, scope,
new Uri(AuthorizeUrl),
new Uri(redirectUrl),
new Uri(AccessTokenUrl),
null, true);
and it works perfectly on the Android 9 /10 devices we tried.
After lots of app uninstallations, removing Google accounts on the Android 11 devices, reset Chrome as default browser, exactly one time I managed to authenticate, so the consent screen appeared and the authentication worked, but then trying a counter-proof, after deleting the refresh token on the SecureStorage and trying a new authentication Error 403 always appears.

Xamarin
Xamarin
A Microsoft open-source app platform for building Android and iOS apps with .NET and C#.
5,366 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Антон Полименов 16 Reputation points
    2021-09-27T10:26:14.68+00:00

    I had the same issue AND I FOUND HOW TO FIX IT!

    I was so angry this was the only page 100% describing my problem without a fix, but I found it my self :)

    For all of you having the same issue - Android 11 requires some lines in the app manifest in order to be able to read the browsers installed that supports custom tabs.

    In order to do that you need to put the following in your AndroidManifest.xml file:

    <manifest ...>
                <queries>
                            ...
                            <intent>
                                        <action android:name="android.intent.action.VIEW" />
                                        <category android:name="android.intent.category.BROWSABLE" />
                                        <data android:scheme="https" />
                            </intent>
                            <intent>
                                        <action android:name="android.support.customtabs.action.CustomTabsService" />
                            </intent>
                            ...
                </queries>
                ...
    </manifest>
    

    This can be see in this manifest file:
    https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/614c06eb8210069af6d089e6c97e79fb5c8cffb3/common/src/main/AndroidManifest.xml

    Beers are more than welcome :)

    Best regards,
    Anton Polimenov

    3 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.