FlutterWebAuth2.authenticate() is returning SAML consume url when authenticating via Google with 2FA code.

[tiffanywei]

Describe the bug

I'm currently implementing SSO for my company's mobile flutter app. Our service provider's server is an Elixir/Phoenix app using Samly (https://hexdocs.pm/samly/readme.html) to implement SAML. Right now we're internally testing using our Google org as an IdP.

While using Google SSO to login with an authenticator code as the 2FA method, the url being returned from await FlutterWebAuth2.authenticate(...) is the SAML consumer url https://staging.our-app.com/saml/sp/consume/foo-uuid rather than our-app-mobile://?token=foo. Oddly, when using Google Prompts as the 2FA method, the correct url is returned and the app is able to sign in. Our web implementation also has no issues signing in via Google with any 2FA method.

To Reproduce

Steps to reproduce the behavior:

1. Follow iOS steps to implement the library for a SAML service provider.

   final result = await FlutterWebAuth2.authenticate(
       url: 'https://staging.our-app.com/saml/auth/signin/some-uuid',
       callbackUrlScheme: "our-app-mobile",
       preferEphemeral: true
     );

2. Sign in using Google SSO and 2FA code.
3. see error parsing the url params
4. print result and see https://staging.our-app.com/saml/sp/consume/foo-uuid instead of our-app-mobile://?token=foo

Expected behavior

The library should allow our app to sign in regardless of 2FA method.

Screenshots

If applicable, add screenshots to help explain your problem.

Device (please complete the following information!)

• Device: IPhone 15 Pro Max
• OS: iOS 17.0
• flutter_web_auth_2 version: 2.2.1
• sdks flutter: ">=3.10.0", dart: ">=3.0.0 <4.0.0"

Additional context

Add any other context about the problem here.

Checklist

• [x] I have read and followed the entire troubleshooting guide and it has not provided the solution I need.
• [x] I have provided all the information I can (incl. auth URL etc.)

[ThexXTURBOXx]

Thanks for the detailed bug report! However, I think that either Apple or Google is actually at fault here (most probably Apple). The internal code of flutter_web_auth_2 uses a completion handler which returns the URL that is being provided by the relevant authentication session object (which knows about the callback URL scheme).

[tiffanywei]

Thanks for the quick reply @ThexXTURBOXx. We tried using Azure as an IdP and got the issue regardless of 2FA method, so then we tried the app on Android and were able to sign in with Google and Azure. Like you said, Apple is the most probable culprit.

Do you have any suggestions to work around this issue? I am looking into using an html ("go back to app") landing page, or possibly Universal Links, but was wondering if you had any more guidance to give.

Thanks again,

Tiffany

[ThexXTURBOXx]

You're welcome! But that's a good question. You could certainly try setting up Universal links, you could also try whether versions ^3.0.0-alpha.4 of this package work (most certainly they also don't, but it's worth a try) Otherwise, such a landing page would probably best. It does not even need to show "go back to app", but just needs to redirect by itself to some URL that can be caught by flutter_web_auth_2.

[tiffanywei]

We went down a few paths investigating our SAML service implementation, IdP configs, and the landing page, all to no avail. I also wasn't able to get our app to build with ^3.0.0-alpha.4.

  flutter_web_auth_2:
    dependency: "direct main"
    description:
      name: flutter_web_auth_2
      sha256: "2620dd23521e17c98343e0c5967f3b77456c171e9032622852a9bc1034f8be4e"
      url: "https://pub.dev"
    source: hosted
    version: "3.0.0-alpha.4"
  flutter_web_auth_2_platform_interface:
    dependency: transitive
    description:
      name: flutter_web_auth_2_platform_interface
      sha256: "0a6d726eddd07fe4ef809a4472f5dd92d90526334c49aced517eb4a6f8aa34f7"
      url: "https://pub.dev"
    source: hosted
    version: "3.0.0-alpha.3"
...
sdks:
  dart: ">=3.0.0 <4.0.0"
  flutter: ">=3.10.0"

Launching lib/main.dart on iPhone 15 Pro in debug mode...
Running pod install...                                              4.4s
Running Xcode build...                                          
Xcode build done.                                           39.6s
Failed to build iOS app
Swift Compiler Error (Xcode): Value of optional type 'Bool?' must be unwrapped to a value of type 'Bool'
/Users/tiffany/.pub-cache/hosted/pub.dev/flutter_web_auth_2-3.0.0-alpha.4/ios/Classes/SwiftFlutterWebAuth2Plugin.swift:94:71

Swift Compiler Error (Xcode): Cannot find 'completionHandler' in scope
/Users/tiffany/.pub-cache/hosted/pub.dev/flutter_web_auth_2-3.0.0-alpha.4/ios/Classes/SwiftFlutterWebAuth2Plugin.swift:121:81

Swift Compiler Error (Xcode): 'nil' requires a contextual type
/Users/tiffany/.pub-cache/hosted/pub.dev/flutter_web_auth_2-3.0.0-alpha.4/ios/Classes/SwiftFlutterWebAuth2Plugin.swift:124:39

Could not build the application for the simulator.
Error launching application on iPhone 15 Pro.

We have a fairly vested interest in getting this working, so I'm happy to continue helping test this library as an iOS user.

[ThexXTURBOXx]

Thank you very much! Since I do not have any apple device, I cannot check for compile errors and hence rely on information given by others to deal with them. I will try to push a fix within the next few hours. I will keep you updated.

[ThexXTURBOXx]

I have now released 3.0.0-alpha.5. Feel free to report back whether it works now :)

[tiffanywei]

Hi,

We finally found the root cause of the issue which is that our app currently matched every path in our server domain to a Universal Link in the apple-app-site-association file. This was prematurely interrupting the auth flow whenever a user interaction was involved (eg submitting a 2FA code form). We excluded our auth paths in the file and now the flow works perfectly!

I did get a chance to try building the app with 3.0.0-alpha.5 and got one last compiler error:

Launching lib/main.dart on iPhone 15 Pro in debug mode...
Running Xcode build...                                          
Xcode build done.                                           36.6s
Failed to build iOS app
Swift Compiler Error (Xcode): Cannot assign value of type 'AnyObject' to type 'Bool'
/Users/tiffany/.pub-cache/hosted/pub.dev/flutter_web_auth_2-3.0.0-alpha.5/ios/Classes/SwiftFlutterWebAuth2Plugin.swift:97:90

Could not build the application for the simulator.
Error launching application on iPhone 15 Pro.

Using fvm to run flutter version 2.4.1, same sdk versions as before.

[ThexXTURBOXx]

Perfect, nice to hear that everything is working fine now! And thanks for sharing your solution, it might help other people in the future if they have a similar or even the same issue!

Also, thanks for sharing the compile error; I hope that I fixed it in the 3.0.0-alpha.6 release. I am sorry for needing so many tries - I am trying to get my hands on some Apple hardware, but it just costs too much for my needs (just this package basically - and that's not really worth 300 € or something)

[ThexXTURBOXx]

I was finally able to get a macOS VM running (basically, I run an iOS simulator in a macOS QEMU VM running in WSL on my Windows 11 system). Sadly, my poor PC crashed 4 times already because something was happening which it did not really like (too much power consumption for the power supply, I don't know (?)). However, no compile errors exist anymore and hence I closed this issue as all of the current issues have been fixed as far as I can tell :) The new fixes are now available in 3.0.0