diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0d7f6c2a8..8be94c79a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,6 @@
 # Unreleased
 - Add SwiftUI + Swift Package Manager sample app under `Examples/Example-iOS_Swift-SPM`. ([#952](https://github.com/openid/AppAuth-iOS/pull/952))
+- Removed external browser (Safari) fallback from `OIDExternalUserAgentIOS`. If `ASWebAuthenticationSession` fails to start (e.g., Guided Access is enabled), the authorization flow now fails with an error instead of opening an external browser.
 
 # 2.0.0
 - Raise minimum supported iOS version to iOS 12. ([#918](https://github.com/openid/AppAuth-iOS/pull/918))
diff --git a/README.md b/README.md
index 540feda72..c9f44a41c 100644
--- a/README.md
+++ b/README.md
@@ -41,9 +41,7 @@ For tvOS, AppAuth implements [OAuth 2.0 Device Authorization Grant
 
 AppAuth supports iOS 12 and above.
 
-iOS 9+ uses the in-app browser tab pattern
-(via `SFSafariViewController`), and falls back to the system browser (mobile
-Safari) on earlier versions.
+Authentication is performed using `ASWebAuthenticationSession`.
 
 #### Authorization Server Requirements
 
diff --git a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h
index 4ab6c7452..c7916a52e 100644
--- a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h
+++ b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h
@@ -41,8 +41,8 @@ API_UNAVAILABLE(macCatalyst)
 /*! @brief The designated initializer.
     @param presentingViewController The view controller from which to present the authentication UI.
     @discussion The specific authentication UI used depends on the iOS version and accessibility
-        options. iOS 12+ uses @c ASWebAuthenticationSession (unless Guided Access is on),
-        otherwise local browser is used.
+        options. Uses @c ASWebAuthenticationSession. If Guided Access is enabled or the session
+        cannot be started, the method returns NO and the authorization flow fails with an error.
  */
 - (nullable instancetype)initWithPresentingViewController:
     (UIViewController *)presentingViewController
@@ -52,8 +52,9 @@ API_UNAVAILABLE(macCatalyst)
     @param presentingViewController The view controller from which to present the browser.
     @param prefersEphemeralSession Whether the caller prefers to use a private authentication
         session. See @c ASWebAuthenticationSession.prefersEphemeralWebBrowserSession for more.
-    @discussion Authentication is performed with @c ASWebAuthenticationSession (unless Guided Access
-        is on), setting the ephemerality based on the argument.
+    @discussion Authentication is performed with @c ASWebAuthenticationSession, setting the
+        ephemerality based on the argument. If Guided Access is enabled or the session cannot
+        be started, the method returns NO and the authorization flow fails with an error.
  */
 - (nullable instancetype)initWithPresentingViewController:
     (UIViewController *)presentingViewController
diff --git a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m
index 7a3fa2278..95acdc16c 100644
--- a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m
+++ b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m
@@ -133,12 +133,9 @@ - (BOOL)presentExternalUserAgentRequest:(id<OIDExternalUserAgentRequest>)request
       openedUserAgent = [authenticationVC start];
     }
   }
-  // If all else failed use the local browser.
-  if (!openedUserAgent){
-    [[UIApplication sharedApplication] openURL:requestURL
-                                       options:@{}
-                             completionHandler:nil];
-    openedUserAgent = YES;
+  if (!openedUserAgent) {
+    [self cleanUp];
+    return NO;
   }
 
   return openedUserAgent;