search

ThexXTURBOXx / flutter_web_auth_2

Flutter plugin for authenticating a user with a web service
https://pub.dev/packages/flutter_web_auth_2
MIT License
53 stars 54 forks source link

Redirect url fails with Windows AD authentication - msauth links are blocked #24

Closed Flutter36 closed 1 year ago

Flutter36 commented 2 years ago

Describe the bug

When I login with windows AD authentication, redirect url gets blocked on successful authentication. The redirect url would be somthing as msasuth://com.xxx.xxxxx

This works fine for azure cloud but not for windows AD with same web_auth2 library.

To Reproduce

Steps to reproduce the behavior:

  1. Callback url scheme is set as msauth

  2. Androidmanifest.xml file has below details - image

  3. On trying authenticating with a windows AD server, a pop up is shown to enter user name and password. After entering the user name and password, the in app browser shows msauth links blocked.

  4. Same configuration works for Azure AD but not for windows AD using authorization code flow.

  5. The tricky part is, when we immediately try to authenticate the system, it works fine.

Expected behavior

After successful authentication, should be redirected back to

Screenshots

If applicable, add screenshots to help explain your problem.

Device (please complete the following information!)

Additional context

Add any other context about the problem here.

ThexXTURBOXx commented 2 years ago

Why does your data tag have the android:host tag also set? If you try without, does it work?

Flutter36 commented 2 years ago

Thanks for the reply. I have tried without that and it doesnt work without that as well.

image

Flutter36 commented 2 years ago

Just a point to add, same redirect urls on azure AD works fine and fails with windows AD. Let me know if you need some more info.

ThexXTURBOXx commented 2 years ago

It seems like this is an issue with the backend. There are also similar bug reports on stack overflow: https://stackoverflow.com/questions/72317727/market-links-are-blocked All of them link at some point to bug reports for Custom Tabs. They appearently have strict regulations on how a redirect should work. Windows AD seems to have issues with following these regulations. At least that is the only way I could explain this behavior.

Flutter36 commented 1 year ago

Hi,

Is this fixed with 2.0.2 now? I see a new version mentioning the fix?

ThexXTURBOXx commented 1 year ago

Hi, no progress has been done on this. I also did not mention a fix in the changelog as far as I can tell

Flutter36 commented 1 year ago

ahh sorry. I dint read completely when I saw the release. Got confused with below one.

https://github.com/ThexXTURBOXx/flutter_web_auth_2/releases/tag/2.0.2

Meanwhile, any other suggestions for a fix or workarounds? I tried having a dummy web page but that doesnt seem to work as well.

ThexXTURBOXx commented 1 year ago

Sadly, I am unsure about other ways to handle this. You could try a different web browser or specifying a different callback scheme (if possible). Otherwise, my hands are pretty much tied since I cannot "hack" custom tabs

Flutter36 commented 1 year ago

As I said, I tried with https by creating a dummy webpage and that doesn't work as well. Do you think we can have a short call sometime to discuss a bit on this?

ThexXTURBOXx commented 1 year ago

In that case, it seems like there is something else wrong on your end. Please follow the troubleshooting guide in that case.

Flutter36 commented 1 year ago

Hi,

This is the android xml file details

image

And I am passing https as custom uri cheme. Do you think something wrong here?

I would really appreciate if we can have a quick 10 mins call on this?

Flutter36 commented 1 year ago

https://XXXX/connect/authorize?response_type=code&client_id=o&redirect_uri=https%3A%2F%2F&scope=openid%20profile%20offline_access%20&state=f475lZ857l47M203296wxK2&code_challenge=zTQbo6qQoLgvN7FiUBA0_SYuY0ebFs6NWq_oo8cPM&code_challenge_method=S256

This is the url

custom uri schema passed is https

ThexXTURBOXx commented 1 year ago

I think, it might be good to start this all over: Your initial bug report does not have the section Device (please complete the following information!) filled out. This makes it much harder for me to figure out what is going on. Please, also share the entire AndroidManifest.xml (you can censor entries that should not be shown). Also, what is the difference between Windows AD and Azure AD? The following link:

https://xxxx/connect/authorize?response_type=code&client_id=[...]

seems to not have msauth as a scheme. If you want flutter_web_auth_2 to react to https links, you almost certainly have to do it another way. Additionally, you should get another error message now, since https links are definetly not blocked.

These are details that are essential in solving this problem, otherwise we will just keep going in circles. I am not a fan of calls about issues since other users will not be informed about proper solutions in the future.

Flutter36 commented 1 year ago

Instead of msauth redirect, I was trying to have a https scheme as a redirect uri to try as an alternative and still it doesnt work.

Azure AD is authenticated directly with Azure active directory using the the azure login.microsoft.com authorize url.

WIndows AD is authenticated with a backend developed ontop of Identity Server.

Below is the full android xml. I am not sure if its visible entirely for you. XMLs are not getting posted for some reason here.

image

image

ThexXTURBOXx commented 1 year ago

still it doesnt work

Does it just not redirect back into the app or is there another error message somewhere?

You could also try to replace <data android:scheme="https"/> by the following: If the callback URL is for example https://example.windows.com/somepath, then this:

<data
    android:host="example.windows.com"
    android:pathPrefix="/somepath"
    android:scheme="https"/>
Flutter36 commented 1 year ago

The redirect uri is a website hostname Ex: https://XXX.XX.XX

It goes to IIS website page and stops there. Same issue as msauth where it gets blocked. But when u try to connect again it gets redirected because the browser already holds the details, it gets redirected. But the second try doesnt even work on the https redirect uri.

Flutter36 commented 1 year ago

When we pass on the custom uri schema in calling the authenticate function from platform, I am just passing on https.

Should it be also https://XXXX.XX.XX

Update - Tried this and doesnt work.

ThexXTURBOXx commented 1 year ago

Okay, I think, these should be enough details to conclude that Custom Tabs do not support the way Windows AD seems to redirect the browser. It could be best to report this as a bug to the Windows AD support instead as there is nothing else we can do here. If not even registering the entire callback scheme in the AndroidManifest.xml works, there must be something else wrong.

Passing on just https is the right way btw.

I will keep this issue open until the issue is fixed on Windows AD's side of things.

Flutter36 commented 1 year ago

Hi,

I did check with Microsoft community but ended up no where. Do you know if something was done as part of this? Or you had some time later after our previous conversation to have a look at this?

Thanks

ThexXTURBOXx commented 1 year ago

Hi, sadly, I don't think I can do anything about that issue, I am sorry!

ThexXTURBOXx commented 1 year ago

Possible troubleshooting steps have been added to the README