Google's OAuth Security changes

Google is making changes to its OAuth after which requests from embedded webview are blocked. Google has notified me that Google’s OAuth in my Indico instance will be affected by this change. Is there any way to change the how Google’s OAuth is used by Indico so that it does not use embedded webview?

Indico doesn’t use Google OAuth. Also, WebViews are a mobile app thing and not Indico-related…

Are you using Google accounts for logins in some way by any chance?

Yes, I’m using Google accounts for login through OAuth authenticator.

I don’t think any changes Google makes there matter for the way you are using it to log in to Indico.

PS: You can probably set trusted_email to true for the identity provider since AFAIK Google only provides verified emails and thus avoid the user having to verify it again while logging in to Indico.

1 Like