Open LukasPoque opened 2 years ago
LukasPoque
commented
2 years ago https://github.com/luis901101/oauth_webauth Looks nice too. But in my opinion, it is more insecure if a custom browser is used than the system one because the users can't be sure that the app won't stole their credentials. Therefore an independent browser is better.
LukasPoque
commented
2 years ago There is now a new class AppAuthFlow which uses the FlutterAppAuth package when running on android/ios and throws unsupported errors on the other platforms.
LukasPoque
commented
2 years ago One important note: See Android Setup and iOS Setup to prepare the app to be used with the new package.
LukasPoque
commented
2 years ago There is a problem with AppAuth if the client contains a colon ":" as we use in the S3I for all clients. This is a big problem cause either AppAuth fixes this bug or we need an option to create a new client without the s3i:UUID syntax.
LukasPoque
commented
2 years ago Another problem with the current AppAuth implementation is that only ios and android are supported. Since we can't conditional export only for those two platforms we're losing Windows/Linux/MacOS support in s3i_flutter. See the last pub dev score run: ["sdk:flutter","platform:android","platform:ios","platform:web","is:null-safe","license:mit"]
LukasPoque
commented
2 years ago Maybe this package worth a shot too: https://github.com/4D-Technologies/openidconnect_flutter
AppAuth is a client SDK for native apps to authenticate and authorize end-users using OAuth 2.0 and OpenID Connect. See: https://appauth.io/
Maybe it's a good idea to use this flutter wrapper and use the internal S3I OAuthProxy only on the web.