search

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs
273 stars 246 forks source link

Error: Failed to authorize: [error: null, description: Response state param did not match request state] #436

Closed HasithMbiz closed 1 year ago

HasithMbiz commented 1 year ago

In my flutter mobile app, I've been using the flutter_appauth package for SingPass SSO integration and I'm facing an issue during the authorization phase. Specifically, the following error is returned when the application is redirected back from the browser after the user has authenticated:

PlatformException(authorize_and_exchange_code_failed, Failed to authorize: [error: null, description: Response state param did not match request state], null, null)

Here is the code I'm using for the authorizeAndExchangeCode method. The problem is that the flutter_appauth plugin doesn't seem to have a property to pass the state.

import 'package:flutter_appauth/flutter_appauth.dart';

class SingPassLogin {
  final FlutterAppAuth appAuth = FlutterAppAuth();

  Future login() async {
    // configuration of the SingPass authentication
    final AuthorizationServiceConfiguration _serviceConfiguration =
    AuthorizationServiceConfiguration(
        authorizationEndpoint: 'https://test.api.myinfo.gov.sg/com/v4/authorize',
        tokenEndpoint: 'https://test.api.myinfo.gov.sg/com/v4/token'
    );

    try {
      final AuthorizationTokenResponse? result = await appAuth.authorizeAndExchangeCode(
        AuthorizationTokenRequest(
          'STG2-MYINFO-SELF-TEST',
          'sg.gov.singpass.app://ndisample.gov.sg/rp/sample',
          issuer: 'https://test.api.myinfo.gov.sg',
          scopes: ['name',],
          additionalParameters: <String, String>{
            'purpose_id': 'demonstration'
          },
          serviceConfiguration: _serviceConfiguration,
          responseMode: 'code',
        ),
      );

      print('Access token: $result');
    } catch (e) {
      print('Error occurred during login: $e');
    }
  }
}

My understanding is that flutter_appauth should be handling the state parameter automatically. I do not manually set the state parameter anywhere.

Any help or guidance on this issue would be greatly appreciated.

MaikuB commented 1 year ago

Your understanding is correct but would be something you'll need to look into. Should this error be happening then it's an indicator that the server returned a different state value. There's been no issues around this with other IdPs so this error would indicate SingPass itself returns a different value. You may need to see what exactly it is returning, perhaps it's not returning anything at all. You may need to come up with your own solution to address this