[Documentation] Important OAuth changes

[BananaMasterz]

Google has recently made a change (see this article: https://developers.googleblog.com/2023/10/enhancing-oauth-app-impersonation-protections.html)

And I think in the documentation for android setup there should now be this:

It says not recommended but I couldn't get sign in to work otherwise. (would give error 400: "Custom URI scheme is not enabled for your Android client.") So until another solution is available, one should go to their Google Console > Credentials > Select the android OAuth client ID you want, and scroll to the bottom to "ADVANCED SETTINGS", there you will find the above screenshot. I'm not sure if existing client ids are affected but for new ones this is the case. I am also not sure if this is true also for iOS.

[MaikuB]

This is specific to an identity provider so whilst it maybe helpful to some, is outside the scope of the plugin. The native AppAuth SDKs support https schemes so the plugin should as well but this requires doing the appropriate setup on the domain you specify as it needs to be a domain you own. I believe this step is being missed and this is actually not to with the plugin setup either but to do with the native OS requirements on handling deep linking to the app

[MaikuB]

Hmm apologies misread, thought the article was for Google sign but actually to do with Android clients in general. Would you able to submit a PR to update the documentation?

Took a closer look and what you originally wrote. The steps mentioned are all for OAuth clients using Google APIs and therefore using Google as the identity provider. The error screens shown also show this. With that in mind, will be closing this in light of what I originally said around this