Google will discontinue support for sign-ins to Google accounts from embedded browser frameworks, starting January 4, 2021

Based on this Google blog post, on January 4th, 2021, Google will stop supporting sign-ins to Google accounts from embedded browser frameworks. Since Netlify Identity supports logging using your Google SSO (the ‘continue with Google’ button on the Identity Widget), this change can affect you if you are using Identity in an embedded browser framework (e.g. a mobile app, etc.).

The blog post explains how this will affect flows based on what browser a user tries using to sign in. It does not look like a change in the flow itself or any API, but their login page will start to enforce stricter checks on the environment it is shown in to defend against automated attacks.

Google will block any browser (“User-Agent”) that seems like it’s an automated browser such as Headless Chrome.

Based on the blog post mentioned above, these are the restrictions that will apply to browsers trying to login via Google SSO:

The browser must have JavaScript enabled.

The browser must not proxy or alter the network communication. Your browser must not do any of the following:

Server-side rendering
HTTPS proxy
Replay requests
Rewrite HTTP headers
The browser must have a reasonably complete implementation of web standards and browser features. You must confirm that your browser does not contain any of the following:

Headless browsers
Text-based browsers
The browser must identify itself clearly in the User-Agent. The browser must not try to impersonate another browser like Chrome or Firefox.

The browser must not provide automation features. This includes scripts that automate keystrokes or clicks, especially to perform automatic sign-ins. We do not allow sign-in from browsers based on frameworks like CEF or Embedded Internet Explorer.