the AuthorizationService created inside AppAuthWebView should be disposed when not used anymore otherwise it creates a leak.
also, the service creates a binding to a CustomTabManager which may be problematic (and is also something you wished not to use in the first place, but use the web view instead). i think the AppAuthConfiguration should be set with a browser matcher that will always return false.
the AuthorizationService created inside AppAuthWebView should be disposed when not used anymore otherwise it creates a leak.
also, the service creates a binding to a CustomTabManager which may be problematic (and is also something you wished not to use in the first place, but use the web view instead). i think the AppAuthConfiguration should be set with a browser matcher that will always return false.