search

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs
270 stars 243 forks source link

Passing claims in AuthorizationRequestion additionalParameters causes crash on Android #291

Closed garry-jeromson closed 2 years ago

garry-jeromson commented 2 years ago

The claims parameter is an optional part of the OpenID standard when making an authorization request (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).

Currently, this parameter is not supported by the Flutter interface layer, so the only way to pass it is via the additionalParameters argument when constructing an AuthorizationRequest. This, however, leads to the following error on Android:

FATAL EXCEPTION: main
E/AndroidRuntime( 7453): Process: ch.some.app, PID: 7453
E/AndroidRuntime( 7453): java.lang.IllegalArgumentException: Parameter claims is directly supported via the authorization request builder, use the builder method instead
E/AndroidRuntime( 7453):    at net.openid.appauth.Preconditions.checkArgument(Preconditions.java:132)
E/AndroidRuntime( 7453):    at net.openid.appauth.AdditionalParamsProcessor.checkAdditionalParams(AdditionalParamsProcessor.java:62)
E/AndroidRuntime( 7453):    at net.openid.appauth.AuthorizationRequest$Builder.setAdditionalParameters(AuthorizationRequest.java:1050)
E/AndroidRuntime( 7453):    at io.crossingthestreams.flutterappauth.FlutterAppauthPlugin.performAuthorization(FlutterAppauthPlugin.java:336)
E/AndroidRuntime( 7453):    at io.crossingthestreams.flutterappauth.FlutterAppauthPlugin.access$400(FlutterAppauthPlugin.java:42)
E/AndroidRuntime( 7453):    at io.crossingthestreams.flutterappauth.FlutterAppauthPlugin$2.onFetchConfigurationCompleted(FlutterAppauthPlugin.java:262)
E/AndroidRuntime( 7453):    at net.openid.appauth.AuthorizationServiceConfiguration$ConfigurationRetrievalAsyncTask.onPostExecute(AuthorizationServiceConfiguration.java:417)
E/AndroidRuntime( 7453):    at net.openid.appauth.AuthorizationServiceConfiguration$ConfigurationRetrievalAsyncTask.onPostExecute(AuthorizationServiceConfiguration.java:358)
E/AndroidRuntime( 7453):    at android.os.AsyncTask.finish(AsyncTask.java:771)
E/AndroidRuntime( 7453):    at android.os.AsyncTask.access$900(AsyncTask.java:199)
E/AndroidRuntime( 7453):    at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:788)
E/AndroidRuntime( 7453):    at android.os.Handler.dispatchMessage(Handler.java:106)
E/AndroidRuntime( 7453):    at android.os.Looper.loop(Looper.java:223)
E/AndroidRuntime( 7453):    at android.app.ActivityThread.main(ActivityThread.java:7656)
E/AndroidRuntime( 7453):    at java.lang.reflect.Method.invoke(Native Method)
E/AndroidRuntime( 7453):    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
E/AndroidRuntime( 7453):    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)

The behaviour on iOS also looks suspect, but I haven't been able to verify this yet.

In any case: I suggest that add the claims as a named argument to the AuthorizationRequest constructor and deal with accordingly in the platform-specific implementations so that it can be used.

garry-jeromson commented 2 years ago

Took a first pop at the Android fix; would be most grateful for some assistance with iOS, as Objective-C makes my head explode.

MaikuB commented 2 years ago

Closing this now as PR has been merged in and pushed the changes out as part of 2.3.0. Thanks for the contribution :)