Update Connect IQ browser to allow OAuth login to 3rd party (disallowed_useragent error)

I'm unable to complete a OAuth 2 login flow to Google on my Garmin 6 PRO due to a "disallowed_useragent" error in the login browser. This cought me by surprise since it works perfectly in the simulator and there's no mention of this limitation in the docs.

I know that this was already addressed by the dev team, but I can't wrap my head around why this isn't a planned fix. To me, allow developer easy access to Google Auth services without the need of a companion app is a no brainer.

Is there any issue that I'm not seeing (perhaps license/security related?). Is there an undocumeted alternative flow that doesn't require creating a separate app?

Former Member

Former Member over 5 years ago
After 2 weeks of work, I was able to develop a login flow robust enough to be used in production, that doesn't require a companion app (but still requires an external server). I'm posting it here as a suggestion to anyone else who stumbles upon this limitation.

MY WORKAROUND:

Avoid using the Connect IQ SDK OAuth flow. Instead implement an external server to handle the login via Web and then retrieve the tokens in a second moment.
1. Generate a unique and robust device ID token using System.getDeviceSettings().uniqueIdentifier and some level of encription;
2. Using Communications.openWebPage open a webpage to an your external service. On your external server:
  
  Register the device ID request for login;
  
  Redirect the user to the OAuth login page passing the ID as 'status', and a callback to your server;
  
  Intercept the callback, store the tokens and generate a 4 digit access code using the callback 'status' as key
  
  Display the 4 digit access code on a web page
3. Back on the device, prompt the user to enter the 4 digit code using a number picker.
4. Using Communications.makeWebRequest, request from the server the tokens using the 4 digit code and the device ID as access password
The process is far from ideal, very convoluted and prone to errors.

PROPOSED SOLUTION FOR GARMIN:

Garmin should simply allow the option to perform the login on an external browser, implementing a callback to the ConnectIQ app. The app can intercept the callback and pass to the Garmin app that has requested it.

At the moment the code is a little bit messy, but I could put together a Git repo for the login code if someone is interested.
- Cancel
- Up +1 Down
- More
- Cancel
jim_m_58 over 5 years ago in reply to Former Member

Search the main forum for "Google OAUTH".

I doubt it will change, as this came up a while back and comes up once in a while.

People just pulled apps or re-worked things to not use google or maybe wrote a companion app..

I'm not sure I'd call it a bug or an issue - it was a decision by Google to not allow it, and I don't think there is a work around..
- Cancel
- Up 0 Down
- More
- Cancel
Former Member over 5 years ago in reply to jim_m_58

This is the forum post I was referring to. It seems that Google OAuth process doesn't allow embedded WebViews to handle the login.

This is a change that was announced in 2016 and finalized in 2017. In 2020 there's no plan to address this issue.

Garmin could at least provide an alternative login flow.
- Cancel
- Up 0 Down
- More
- Cancel
jim_m_58 over 5 years ago

This is something that was done by google and has been the case for some time.

See https://forums.garmin.com/developer/connect-iq/f/legacy-bug-reports/5106/makeoauthrequest---google-signin---disallowed_useragent/48279#48279
- Cancel
- Up 0 Down
- More
- Cancel