Invalid redirect_uri in keycloak

[idc77]

Hello,

this is probably not this plugin's error, still, who knows, I don't.

I have an older Flutter project, authskel (for auth skeleton). It has

        manifestPlaceholders += [
            'appAuthRedirectScheme': 'de.icod.authskel'
        ]

and used to work with Keycloak. AppAuth's version back then was 4.2.1. I don't know what Keycloak's version was. So nothing has changed except the Keycloak version and Flutter's version. That suggests it's Keycloak's fault.

Now I was running the same project and Keycloak complains that invalid parameter: redirect_uri.

  final String _clientId = 'flutter-dev';
  final String _redirectUrl = 'de.icod.authskel:/oauthredirect';
  final String _issuer = 'https://connect.icod.de/auth/realms/bicki';
  final String _discoveryUrl = 'https://connect.icod.de/auth/realms/bicki/.well-known/openid-configuration';
  final String _postLogoutRedirectUrl = 'de.icod.bicki:/';

[adrianwinau]

make sure to add the redirectUrl in Keycloak: Admin Console > Clients > your-client-name > Settings > Valid redirect URIs

[idc77]

The flutter-dev client has * as "Valid redirect URIs", "Valid post logout redirect URIs" and "Web origins" It would be a new change that * no longer acts as a wildcard and one has to explicitly enter the redirect_uris. I'm doing something else and will get back to this when I have time.

[idc77]

It was indeed that I had to explicitly state the appAuthRedirectScheme's redirect_uri, in the form of, going by this initial post's example: de.icod.authskel:*

[adrianwinau]

Indeed, they changed that behavior in version 21.1.2 as mentioned here. I think it's best not to use a wildcard there, at least not in production 😅.