4D-Technologies / openidconnect_flutter

Complete Flutter OpenIdConnect Library
75 stars 44 forks source link

Exception in logout #42

Open emaborsa opened 1 year ago

emaborsa commented 1 year ago

Hi all,

I checked out the repo, set my parameters and run the android example. It runs, I am able to get the configuration and to login. The logout throws an error in android_ios.dart:

FormatException (FormatException: Control character in string (at character 27)
{"error": "<!DOCTYPE html>
                          ^
)

when it is trying to final jsonResponse = jsonDecode(body) as Map<String, dynamic>?;

Indeed, when debugging the body of the result, it is:

"<!DOCTYPE html>
<!-- Build: 1.0.2926.2 -->
<!-- StateVersion: 2.1.1 -->
<!-- DeploymentMode: Production -->
<!-- CorrelationId: 4bde4f27-b9e3-43f7-bafb-e5f3cf206c6e -->
<!-- DataCenter: AM3 -->
<!-- Slice: 001-000 -->
<html lang="de"><head><link rel="icon" href="data:;base64,iVBORw0KGgo="><script data-container="true" nonce="kALcrf+aE7LRo2pe295r8A==">var GLOBALEX = {"CorrelationId":"4bde4f27-b9e3-43f7-bafb-e5f3cf206c6e","Timestamp":"2023-05-25 11:17:40Z","Detail":"AADB2C90036: The request does not contain a URI to redirect the user to post logout. Specify a URI in the post_logout_redirect_uri parameter field."};

// omitted the rest

As I can read, the problem is The request does not contain a URI to redirect the user to post logout. Specify a URI in the post_logout_redirect_uri parameter field, but did not understand which URI it is required and where I have to put it.

Any hint?

ahmednfwela commented 1 year ago

possible duplicate of #39

emaborsa commented 1 year ago

Well, the mai problem from the deserialization of LogoutRequest returns the parameter post_logout_redirect_url, but it has to be post_logout_redirect_uri, uri, not url.

emaborsa commented 1 year ago

I fixed it locally followings:

    final lowerBody = result.body.toLowerCase();

    final body = lowerBody.isEmpty
        ? "{}"
        : lowerBody.startsWith("{")
            ? result.body
            : lowerBody.startsWith("<html") ||
                    lowerBody.startsWith("<!doctype html>")
                ? "{}"
                : "\{\"error\": \"${result.body.replaceAll("\"", "'")}\"\}";

First startsWith is case sensitive, second the returned html starts with <!DOCTYPE html>. Don't know if it could affect other calls.

ahmednfwela commented 1 year ago

Please see the announcement for package:oidc. it supports proper logout flows.