search

ThexXTURBOXx / flutter_web_auth_2

Flutter plugin for authenticating a user with a web service
https://pub.dev/packages/flutter_web_auth_2
MIT License
51 stars 50 forks source link

Unable to Capture Redirect URLs with 'http' or 'https' CallbackUrlScheme on Android #56

Closed BoonHianLim closed 1 year ago

BoonHianLim commented 1 year ago

Describe the bug

When the callbackUrlScheme is set to either http or https, the package fails to listen to the redirect URL on the Android platform.

To Reproduce

Steps to reproduce the behaviour:

  1. Use the example provided in the package.
  2. Change the callbackUrlScheme in AndroidManifest.xml to either http or https.
  3. Change the callback URL in main.dart to http:/success?code=1337 or https://success?code=1337.
  4. Change the callbackUrlScheme in main.dart to either http or https.
  5. Start the program. Whenever the user clicks authenticate and then clicks sign-in on the login webpage, the package fails to listen to the redirect URL, thus not redirecting the user back to the application.

I have also attempted different combinations, such as setting the callbackUrl to https://success?code=1337 while having the callbackUrlScheme set to http, and vice versa. However, these variations did not yield the desired result.

Expected behaviour

I expected the package to successfully capture the redirect URL when using http or https as the callbackUrlScheme. However, it does not work in this case. Interestingly, if I use any other string as the callbackUrlScheme, such as 'example' or 'foobar', the package successfully captures the redirect URL without any issue.

Screenshots

The following images demonstrate that the redirect URL is ignored and not captured by the package when the callbackUrlScheme is set to http or https: image image
Pixel 4 API 33 Nexus 5 API 30

As proof, the package works as expected when the callbackUrlScheme is set to any other string (e.g., 'example'):

image image)
Pixel 4 API 33 Nexus 5 API 30

Device

Checklist

Follow-up Questions

  1. Could there be limitations to how this package works on the Android platform, specifically related to capturing callback URLs that use http or https as the callbackUrlScheme?
  2. Is there any possibility that I am misunderstanding how the package is supposed to be used?

Context

I am testing the usage of http and https as callbackUrlScheme because I am attempting to capture the OAuth token and OAuth verifier returned from the Garmin API during the OAuth 1.0a process. Unfortunately, the Garmin API only allows callback URLs to start with http or https and does not support custom URL schemes.

ThexXTURBOXx commented 1 year ago

There have been other issues about http and https in this package already. You have to not only set the callbackUrlScheme inside the AndroidManifest.xml to make them work, but also set a proper host and so on

BoonHianLim commented 1 year ago

Hi @ThexXTURBOXx,

Thank you for your prompt reply!

I have extensively reviewed the other open and closed issues related to the usage of http and https, particularly issues #24 and #27. I have made modifications to the code as suggested in those discussions, but unfortunately, the issue persists.

To illustrate, the following approach also does not yield the desired outcome:

  1. I followed the provided example in the package.
  2. I updated the data label in AndroidManifest.xml to <data android:scheme="https" android:host="example.windows.com" />.
  3. The callback URL in main.dart was adjusted to https://example.windows.com/?code=1337.
  4. I set the callbackUrlScheme in main.dart to https.
  5. Upon running the program, even after the user successfully authenticates and clicks sign-in on the login webpage, the package still fails to respond to the redirect URL, thereby failing to redirect the user back to the application.

I suspect there might be a gap in my understanding of how to correctly utilize the package. Could you provide a clear example, or would you kindly review my commit on my fork where I made the said changes: https://github.com/BoonHianLim/flutter_web_auth_2/commit/933f1c9a6155b39f13792a61c973aeb382b2a8ff? I greatly appreciate your assistance.

Thank you in advance!

ThexXTURBOXx commented 1 year ago

It could be worth trying to add either a path or pathPrefix to the scheme: https://stackoverflow.com/a/45782550/5894824

ThexXTURBOXx commented 1 year ago

Here is also another example: https://github.com/cgeo/cgeo/blob/d7ab67629ac4798adaae194e563afe7df134fcd0/main/AndroidManifest.xml#L164