How to handle Google Auth in Flutter Webview

General
1

Hello, okay so I created a fully site using firebase studio and firebase tools like authentication, storage and firestore, but now I want to turn my website into a flutter webview app, and my biggest problem is that I can’t handle google auth in webview, I tried lots of differents methods, even chrome custom tabs and it gave me this error. Does anyone knows how to handle google auth firebase with flutter webview?

Screenshot_2025-10-04-10-36-36-114_com.brave.browser
Screenshot_2025-10-04-10-36-36-114_com.brave.browser1080×2400 198 KB

1 Like
2

Subject: Best practice for Google Auth in Flutter + WebView

Hi Dragos_Enache

You’ve encountered a known friction point: Google’s OAuth / Firebase authentication flow is not always compatible with embedded WebView flows. Here’s a more robust approach you can try:

:locked_with_key: Preferred Flow: Native (or external) login → WebView later

  1. Launch the Google sign-in in a browser / custom tab / redirect
    Let Google handle the login in a secure, trusted browser context rather than inside your WebView.

  2. Get Firebase ID token / user credential
    Once the login completes, your app receives the authenticated Firebase user (including idToken, accessToken, etc.).

  3. Inject the token into WebView
    When you open your WebView, pass along the token (via query param, JavaScript injection, or a cookie/localStorage).
    In your web content, detect that token and call signInWithCredential(...) using the token so your web layer recognizes the user as authenticated.

:warning: Embedded WebView fallback (less reliable)

If you must attempt login inside a WebView:

  • Use javascriptMode: JavascriptMode.unrestricted

  • Set userAgent to a common browser UA

  • Watch for pages like accounts.google.com/signin/rejected and treat them as failure signals

  • On failure, fallback to native login flow

See if this helps to move your project along.

Though I caution you not to use the Embedded Webview fallback as a matter of Security for your data and your users. You may not intend to do it , this is usually inadvertently done in an attempt to do other than what is allowed for the Applications involved and their core allowances and limitations at this stage of their development. Not to mention Google is one of the leaders in Web Security and monitoring for a reason: That Embed is not Secure. It’s like me trying to guess what is or isn’t on your External Hard Drive if that makes any sense why you will have problems with that one

That reason: using applications in unique ways that don’t currently align with the apps core reasons for existing to start with; help Users create. The easiest solution to your problem is to take 72 hrs reading the Firebase Documentation and 48 hrs reviewing your applications design and intentional use when Rolled Out for distribution in closed shares or for the Consumer Market and ROI measuring sticks :upside_down_face: to say that this is Big Idea or Small Fry Friday for everyone! Yay.:partying_face:

1 Like
3

if you have not resolved this error, I have some free time to look at your issue/problems/pain points to help get your project on track. Please provide a screenshot of your Problems, Terminal, Browser Inspector.