{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 等我变得足够好 的问题《Google OAuth 2.0 and Captive portal with Embedded》','https://www.manongdao.com/q-153246.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Both Android and IOS devices have a mechanism to detect captive portal on Guest Wifi networks. Whenever a captive portal is detected, these devices start an embedded browser in order to show up the captive portal.
My captive portal allows my guest wifi to use their Google auth credentials in order to allow access to my wifi.
The portal triggers an OAuth 2.0 with Google service and get back the user profile.
All was working fine, unfortunately, Google decided to stop supporting OAuth 2.0 in Embedded browser on April 22nd.
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html
As far as I know, there is no way to force IOS or Android devices to start a real browser during the captive portal detection process.
Since this embedded browser can't be controlled, what option do I have to allow my guests to use their Google credentials? If there is no alternative option, I will have to migrate to Facebook auth modules which doesn't have this restriction as of today.
Thanks, William
Thanks William for this note regarding Captive portal. We (Google Identity team) need to do some investigation to decide how to best support your use case. I'll reply back on this thread. Stay tuned.
Update (4/7/2017): For now we have decided that we'll not break the Google sign-ins within captive portals. If you do have a client that is broken, send me the client id.
I'm not cool enough to comment apparently, so I'll just reply that despite @nvagr stating that google will not be broken in the CNA, it is. You cannot log in using Google oAuth on an iOS device. You'll get a 403: disallowed_useragent because it uses the CNA.