Calling AuthorizationManagementActivity.createStartIntent causes the app to crash

While I do not agree with your statements, having reevaluated that API it was a mistake that it’s currently unusable although being public.

While I understand your intent this library is explicitly designed to not use an embedded WebView (as mentioned in the first paragraph of our Readme). Adding a change that may encourage that usage is not something that goes along with that philosophy even if it is for an exceptional use-case.

I understand your point and see how this can be a security issue, but I think this applies more when using a 3rd party provider, such as Google and Facebook, which isn’t the case here. In our case, we have our own provider, which is used only in our apps.

Alternatively, what I would encourage you here is to ask your users to install a browser they trust. https://tools.ietf.org/html/rfc8252#section-8.12 expands more on the topic.

We have this solution currently in place and the UX is so bad that we started getting negative reviews about it. Some users don’t even bother to continue with the sign in. We have apps with millions of users. Having users not being able to log in means a direct hit to our revenue.

IMO, the library shouldn’t enforce anything, but leave it to the developers. Everyone has a different use case and should be able to make the decision what’s best for their app.