We recently noticed a major change in the way the oAuth handshake happens for a user on an iPhone. Now it seems if we initiate the process of requesting access to a user's account in a browser window, the user gets moved in to the Garmin Connect app to approve the request, then the app redirects to the callback URL, but the browser is switching causing a huge problem.
Here's full details:
The change was that garmin now handles oAuth handshakes from the garmin app instead of the user authenticating themselves to accept the account access request in a browser window. In our case, and I'm sure many others, the oAuth handshake begins in an embedded webkit/safari browser, where we header the user to the garmin authorization URL that now launches the app instead of prompting the user to log in from this same browser window, then your app finishes the oAuth process by redirecting the user back to the partner website in a browser window. This is fine except if the user has configured their iPhone such that the default browser is Chrome or something other than Safari then there's no continuity and the oAuth handshake can't be completed because servers can't cookie a user when they switch browsers (thankfully, from a privacy standpoint).
I checked all of the forums and places where Garmin can post updates and news to developers and this is never mentioned but it causes huge issues. With a little heads up this would be such an avoidable issue.
