search

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs
271 stars 244 forks source link

refreshtoken http issue #277

Closed hexes128 closed 2 years ago

hexes128 commented 2 years ago

PlatformException(token_failed, Failed to get token: [error: null, description: Invalid ID Token], Issuer must be an https URL, null)

Im using http connection, so far login and ens session works fine to me, but refresh token dont allow me using http. the same issue happens on 'appauth android', I found solution there, but for flutter I havent find any fixing yet image

MaikuB commented 2 years ago

Have you tried setting allowInsecureConnections to true? There was a PR done a while back related to this in #228

hexes128 commented 2 years ago

yeah, I did set allowInsecureConnections to true both in autocodeexchange and refresh ,authexchange works fine, the refresh function throw 'PlatformException(token_failed, Failed to get token: [error: null, description: Invalid ID Token], Issuer must be an https URL, null)'

heres my code and execute result autoexchange login ok with all the token return image

but refresh didnt work image

if i dont add allowInsecureConnections: true the app will just crash directly

MaikuB commented 2 years ago

Perhaps what you're after isn't possible. If it is then you'll need to look into it and submit a PR

hexes128 commented 2 years ago

hello, sir, I just visit my identityserver4 refresh endpoint via postman I paste all the parameters from my appauth login postman works fine , result as below image

so there should be no problem with identityserver4 but something wrong when using appauth token I didnt change much but only paste ip address and scopes image

MaikuB commented 2 years ago

As mentioned in my previous post, this will be an issue you'll need to look into yourself. That it works in Postman doesn't mean the SDKs used by the plugin will support what you're after, especially when it comes to plain http connections. From memory, iOS doesn't support http at all

Edit: in case you hadn't looked into what's been documented for this plugin, the plugin makes use of SDKs (e.g. on Android it's https://github.com/openid/AppAuth-Android) that is actually responsible for making all of the requests. When I said "Perhaps what you're after isn't possible.", I meant that the Android SDK may not support what you're after. You may need to look further into that library, submit a PR or switch to https