Google Oauth in embedded browser

Since a few days ago, when the component TMSFMXCludDrive in my android application connects with GoogleDrive I receive a warning stating: We are no longer allowing OAuth requests in embedded browsers known as "web-views." He warns that since April 20 this form of authentication will no longer work. How do I use the browser device for OAuth requests instead of an embedded web-view? Thank you



We are aware of this issue and are currently investigating how we can work around this breaking change in the Google Drive API.

Do you have any news about this issue?

This was addressed already in TMS FMX Cloud Pack v3.2.4.0

See:  New : ExternalBrowser support added for Android and iOS on all Google Services 

okay, this is the solution of this issue. I will take a look on it.


I updated TMS Cloud Pack for FireMonkey to the latest version (, and made the changes in the project mentioned in the developers guide to enable external browser support for Google services:

- Disable the file android-support-v4.dex.jar
- Add the files android-support-v13.jar and CustomTabs.jar
(In the Android Libraries section of the Target Platforms list of a project)

The project compiles but gives the error [PAClient Error] Error: E2312 when I try to deploy.
If I revert this changes the project starts on the android device, but the "Enable external browser support" option does not work.
I have been trying for several days and I can not generate the distribution of the project. 
I have also tested with a new project that has only the component TMSGdrive and gives the exact same error, in my 2 computers. Also deleted AndroidManifest.template.xml with no sucess. I checked all the paths mentioned in the error text and appear to be valid.
I do not know how to fix it. Any help will be greatly appreciated. 
Thank you!!

Delphi XE 10.1
Windows 10 y Windows 7
Android devices version 4.4.4, 4.0.4 and 4.2.2

Full error text:
[PAClient Error] Error: E2312 Unable to execute '"C:\Users\Public\Documents\Embarcadero\Studio\17.0\PlatformSDKs\android-sdk-windows\build-tools\22.0.1\Aapt.exe" package -f -M "D:\proyectos\Gestion Documental Android\Android\Debug\GestionDocumentalFMX\AndroidManifest.xml" -F "D:\proyectos\Gestion Documental Android\Android\Debug\GestionDocumentalFMX\bin\GestionDocumentalFMX-unsigned.apk" -I "C:\Users\Public\Documents\Embarcadero\Studio\17.0\PlatformSDKs\android-sdk-windows\platforms\android-25\android.jar" -S "D:\proyectos\Gestion Documental Android\Android\Debug\GestionDocumentalFMX\res" -A "D:\proyectos\Gestion Documental Android\Android\Debug\GestionDocumentalFMX\assets" "D:\proyectos\Gestion Documental Android\Android\Debug\GestionDocumentalFMX\library" "D:\proyectos\Gestion Documental Android\Android\Debug\GestionDocumentalFMX\classes"' (Error 1)

It could be related to using such old version of Android.

You have no device with 5.1 or newer to test with?
Hi Bruno:
I just tested with an android 6 device and the exact same error occurs.


Can you please confirm if you have update 2 installed for Delphi 10.1 Berlin?


I use also the TMS FMX Cloud Pack and I can confirm that it works also with Delphi 10.1 Update 1 and under "old" Android version 4.4.2

IMHO it seems to be another problem:


In Delphi 10.1 it should be:
> Customizable ExternalBrowser message strings added

How can I change the browser text: "Application successfully authorized. You can close this browser window". 
It is a resourcestring..

Updating to Delphi 10.2 solved the problem! Thank you very much to all.

You'll have to manually include the custom text as a resource.


is it possible that the new TMSFMXCloudGDrive has a bug?

After the authentification the PersistTokens will be saved in ini file. 

Before the new non embedded browser authentification it was possible to communicate with Google Drive with the saved tokens. This isnt possible anymore. After a new start of the app I have to authenticate again and again. 

I also checked your CloudStorage demo. The same problem. I do connect, authenticate and get the folder list. Also after disconnect and reconnect. But if  I start the app again, I have to authenticate again in the browser.

With debugging I found that LJSSLConext is NIL in FMX.TMSCloudBase (line 4202). Only after OAuth the LJSSLConext isn't NIL.

Is this normal that I have to authenticate every time?

I have not been able to reproduce this issue.

Can you please make sure the control is configured correctly to store the retrieved access token? (See the CloudStorageDemo for an example)

If the problem persists, please provide the following information so I can further investigate this:
- Your PersistTokens settings for the TTMSFMXCloudGDrive control
- Which version of Delphi are you using
- On which platform does the issue occur
- Does the issue occur with ExternalBrowser enabled or disabled or both 

Although with version 10.2 I could make the deploy, the application gave many runtime errors and could not connect with GDrive.
Finally I
 downgraded to 10.1 update 2 and is running ok.

As I described the problem occurs in you actual CloudStorageDemo! The only thing I did was to cativate the ExternalBrowser porperty, which wasn't active by default.

The problem occurs on two Android smartphones and one tablet. (The windows version works correct).

- Your PersistTokens settings for the TTMSFMXCloudGDrive control
DataSource: <empty>
Key: meine.ini
location: pINIFile
Section: TOKENS

- Which version of Delphi are you using
Delphi Berlin 10.1 Update 2

- On which platform does the issue occur
Android 4.4 and Android 6

- Does the issue occur with ExternalBrowser enabled or disabled or both 
I can only use ExternalBrowser because GDrive doesn't allow me to use an embedded browser.

> I have not been able to reproduce this issue.

Please connect to Google Drive and close the app completely. Restart the app and you have to auth again.  
On Android you can use the following setting to save the ini file on your device:

  TMSFMXCloudgdrive1.PersistTokens.Key := TPath.GetDocumentsPath + '\gdrive.ini';

If that technique fails, you can use the TokenAsString property to get and set the token and manually save/load it in/from a location of your choice.

Sorry, there isn't a problem to write the ini file. The ini file has the decrypted information of ACCESS_TOKEN, AUTH_TOKEN, REFRESH_TOKEN and so on.

The problem is still here after restart the app:
LoadTokens loads the data.
TestToken is false, because the GetJSONObject() is NIL, because the result of HttpsGet is '' (empty), because LJSSLContext is not assigned.
Thats why the app tries to RefreshAccess; The Result is also false because the result of HttpsPost() is 0 because LJSSLContext is still not assigned.

After a restart of the app the LJSSLContext is ever NIL, because only the function DoAuth calls the procedure InitializeSSLCert to initialize the LJSSLContext...

The only second possibility to initialize the variable is to call the function FMX.TMSCloudBase.Connect, but this function is protected. 

That's why your CloudStorageDemo can't call the Connect() function and that's why you have to authenticate every restart of the app.

Please make a review of this issue or give us an example how we can call the Connect() function of the CloudBase unit.

The only solution is to use the TMSFMXCloudGDrive.Connect() function.

But you can not use the step by step solution LoadTokens, TestTokens, RefreshAccess.

In the VCL version you can use the step by step possibility. Please make it also available for the Android version. 

Many thanks.