search

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs
270 stars 243 forks source link

Android : HTTP is working, HTTPS is giving error #322

Closed ms0713 closed 2 years ago

ms0713 commented 2 years ago

I have implemented flutter_appauth and I am using Keycloak as Authentication Server.

Code snippets are as follows: Main.dart

final String _clientId = 'flutter-demo-app';
  //final String _redirectUrl = 'com.example.sampleflutterauthapp:/*';
  final String _redirectUrl = 'com.example.sampleflutterauthapp:/*';
  final String _issuer = 'https://10.0.2.2:8443/auth/realms/flutter';
  final String _discoveryUrl =
      'https://10.0.2.2:8443/auth/realms/flutter/.well-known/openid-configuration';
  final String _postLogoutRedirectUrl = 'com.example.sampleflutterauthapp://';
  final List<String> _scopes = <String>[
    'openid',
    'profile',
    'offline_access'
  ];

  final AuthorizationServiceConfiguration _serviceConfiguration =
      const AuthorizationServiceConfiguration(
    authorizationEndpoint: 'https://10.0.2.2:8443/auth/realms/flutter/protocol/openid-connect/auth',
    tokenEndpoint: 'https://10.0.2.2:8443/auth/realms/flutter/protocol/openid-connect/token',
    endSessionEndpoint: 'https://10.0.2.2:8443/auth/realms/flutter/protocol/openid-connect/logout',
  );

Future<void> _signInWithAutoCodeExchange(
      {bool preferEphemeralSession = false}) async {
    try {
      _setBusyState();

    final AuthorizationTokenResponse? result =
          await _appAuth.authorizeAndExchangeCode(
        AuthorizationTokenRequest(
          _clientId,
          _redirectUrl,
          serviceConfiguration: _serviceConfiguration,
          scopes: _scopes,
          preferEphemeralSession: preferEphemeralSession,
          allowInsecureConnections: true,
        ),
      );

build.gradle image

I am using Pixel 5 API 31 (Andoid 12.0) as virtual device.

My keycloak config are as follows:

image

If I use following http url of Keycloak Server, It is working fine. final String _issuer = 'http://10.0.2.2:8080/auth/realms/flutter';

If I use following HTTPS url of Keycloak Server, I am getting Network Error final String _issuer = 'https://10.0.2.2:8443/auth/realms/flutter';

PlatformException(authorize_and_exchange_code_failed, Failed to authorize: [error: null, description: Network error], java.security.cert.CertPathValidatorException: Trust anchor for certification path not found., null)

Kindly let me know what am I missing here to make it work with HTTPS.

I have tried following things as part of solution but did not get any success.

AndroidManifest.xml

Added intent-filter as following as work around: `<activity android:name="net.openid.appauth.RedirectUriReceiverActivity" android:exported="true">

` Added Keycloak certificate file to the resource folder of the app as following ![image](https://user-images.githubusercontent.com/12907055/165234663-09d1b186-c0ac-4e7d-8d13-d47ef14b97a3.png)
ms0713 commented 2 years ago

Also my netwotk_security_config.xml is as follows: image

ms0713 commented 2 years ago

Hi, Kindly find the workaround for development environment Self-signed-certificate-configuration