app with keycloak working on android 7 but not working on v9 and v10

[rakeshborole007]

The flutter app with keycloak as UAA working with android version 7 but in android 9, 10 after successful login with keycloak app throws error

Following is my code snippet:

import 'package:flutter_appauth/flutter_appauth.dart';
Future<bool> oidcLogin() async {
  print("entering oidclogin.........");
  FlutterAppAuth appAuth = FlutterAppAuth();
  final TokenResponse result = await appAuth.authorizeAndExchangeCode(
    AuthorizationTokenRequest(CLIENT_ID, REDIRECT_URL,
        serviceConfiguration: AuthorizationServiceConfiguration(
            AUTHORIZATION_END_POINT, TOKEN_END_POINT),
        scopes: [SCOPES],
        allowInsecureConnections: true),
  );
  return true;
}

Following is error

Error:

PlatformException(authorize_and_exchange_code_failed, Failed to authorize: [error: null, description: Network error], null)

Stack trace:

#0 StandardMethodCodec.decodeEnvelope (package:flutter/src/services/message_codecs.dart:569:7)
#1 MethodChannel.invokeMethod (package:flutter/src/services/platform_channel.dart:321:33)

#2 MethodChannelFlutterAppAuth.authorizeAndExchangeCode (package:flutter_appauth_platform_interface/src/method_channel_flutter_appauth.dart:31:57)
#3 FlutterAppAuth.authorizeAndExchangeCode (package:flutter_appauth/src/flutter_appauth.dart:7:44)
#4 oidcLogin (package:taskManagementApp/services/oidc-connector.dart:24:46)
#5 _SplashScreenState.tryAccessToken (package:taskManagementApp/pages/splashScreen.dart:174:11)
#6 _SplashScreenState.navigationPage (package:taskManagementApp/pages/splashScreen.dart:97:22)

#7 _rootRun (dart:async/zone.dart:1122:38)
#8 _CustomZone.run (dart:async/zone.dart:1023:19)
#9 _CustomZone.runGuarded (dart:async/zone.dart:925:7)
#10 _CustomZone.bindCallbackGuarded. (dart:async/zone.dart:965:23)
#11 _rootRun (dart:async/zone.dart:1126:13)
#12 _CustomZone.run (dart:async/zone.dart:1023:19)
#13 _CustomZone.bindCallback. (dart:async/zone.dart:949:23)
#14 Timer._createTimer. (dart:async-patch/timer_patch.dart:23:15)
#15 _Timer._runTimers (dart:isolate-patch/timer_impl.dart:384:19)
#16 _Timer._handleMessage (dart:isolate-patch/timer_impl.dart:418:5)
#17 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:174:12)

Device parameters:

id: QP1A.190711.020
androidId: fd3b98bfb6a914f4
board: exynos7904
bootloader: M205FDDU3CSL5
brand: samsung
device: m20lte
display: QP1A.190711.020.M205FDDU3CSL5
fingerprint: samsung/m20ltedd/m20lte:10/QP1A.190711.020/M205FDDU3CSL5:user/release-keys
hardware: exynos7904
host: SWDH2815
isPsychicalDevice: true
manufacturer: samsung
model: SM-M205F
product: m20ltedd
tags: release-keys
type: user
versionBaseOs:
versionCodename: REL
versionIncremental: M205FDDU3CSL5
versionPreviewSdk: 0
versionRelase: 10
versionSdk: 29
versionSecurityPatch: 2019-12-01
I checked on keycloak, the user session is created successfully. But inside flutter_appauth code throwing exception.

C:\flutter\bin\flutter.bat doctor --verbose
[√] Flutter (Channel stable, v1.12.13+hotfix.8, on Microsoft Windows [Version 10.0.17763.1039], locale en-IN)
    • Flutter version 1.12.13+hotfix.8 at C:\flutter
    • Framework revision 0b8abb4724 (3 weeks ago), 2020-02-11 11:44:36 -0800
    • Engine revision e1e6ced81d
    • Dart version 2.7.0
[√] Android toolchain - develop for Android devices (Android SDK version 29.0.3)
    • Android SDK at C:\Users\avs02\AppData\Local\Android\sdk
    • Android NDK location not configured (optional; useful for native profiling support)
    • Platform android-29, build-tools 29.0.3
    • Java binary at: C:\Program Files\Android\Android Studio1\jre\bin\java
    • Java version OpenJDK Runtime Environment (build 1.8.0_202-release-1483-b03)
    • All Android licenses accepted.
[√] Android Studio (version 3.5)
    • Android Studio at C:\Program Files\Android\Android Studio1
    • Flutter plugin version 43.0.1
    • Dart plugin version 191.8593
    • Java version OpenJDK Runtime Environment (build 1.8.0_202-release-1483-b03)
[√] VS Code, 64-bit edition (version 1.24.1)
    • VS Code at C:\Program Files\Microsoft VS Code
    • Flutter extension version 2.21.1
[√] Connected device (1 available)
    • SM J600G • 52006fac59e36583 • android-arm • Android 9 (API 28)
• No issues found!
Process finished with exit code 0

[MaikuB]

This sounds like a potential duplicate of #91 and not an issue with the plugin. See https://github.com/openid/AppAuth-Android/issues/420. You may need to do more configuration. Bear in mind that this plugin is a wrapper for the iOS and Android AppAuth SDKs, so if you run into problems, it's more likely to do with the SDK itself that I would suggest you check their appropriate repositories for more details.

Closing this as is it's not something I can address

[rakeshborole007]

I solved it. First changed authorizeAndExchangeCode method to seperate call to authorize and token method. This shows proper error stacktrace.

The error is due to not using https url endpoint of keycloak. So configured server for ssl and used signed certificate.

Downloaded certificate

echo "" | openssl s_client -host phoenixelectricals.in -port 443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > phoenixelectricals.pem

In AndroidManifest.xml added following entry

<application
        .....
        android:networkSecurityConfig="@xml/network_security_config">

The network_security_config.xml contains following setting

<network-security-config>
    <base-config>
        <trust-anchors>
            <!-- Trust preinstalled CAs -->
            <certificates src="system" />
            <!-- Additionally trust user added CAs -->
            <certificates src="user" />
        </trust-anchors>
    </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">phoenixelectricals.in</domain>
        <trust-anchors>
            <certificates src="@raw/phoenixelectricals"/>
        </trust-anchors>
    </domain-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="@raw/phoenixelectricals"/>
        </trust-anchors>
    </debug-overrides>
</network-security-config>