Upcoming security changes to Google's OAuth 2.0 authorization endpoint in embedded webviews

Google is enhancing account security by banning Google OAuth 2.0 authorization requests in embedded webviews, effective September 30, 2021, due to their security vulnerabilities. Embedded webviews, commonly used in apps, can act as "man in the middle" agents, intercepting communications and compromising user data. This change aligns with IETF guidelines, which discourage using embedded user-agents for authorization in native apps. Developers are urged to update their applications to comply with these new policies by using platform-appropriate OAuth clients. Apps should route links through default web browsers or approved methods like Android Custom Tabs or iOS's SFSafariViewController. Captive networks are advised to adopt new IETF standards for better user experience. Developers should test their apps for compatibility, making necessary adjustments before the enforcement date, and can use specific query parameters for testing and acknowledging the upcoming changes.