ThexXTURBOXx
commented
9 months ago Thank you very much for this excellent PR! I will merge and publish this ASAP! :)
Closed rundfunk47 closed 9 months ago
ThexXTURBOXx
commented
9 months ago Thank you very much for this excellent PR! I will merge and publish this ASAP! :)
rundfunk47
commented
9 months ago Thanks for doing so, and thanks for maintaining this library 🙂 Really useful!
adrian-moisa
commented
4 months ago @rundfunk47 Thank you for such a great contribution! What can you advice about native devices. How can we configure the auth client to maintain longer sessions? I have a custom Keycloak setup and I have various options to control the length of a session. As far as I understand a one hour expiry is desired for tokens and then a week long continuous use session if the user is active. What can you advice on this topic? Thank you!
rundfunk47
commented
4 months ago Thanks, @adrian-moisa. You can use the offline_access scope in Keycloak settings for longer sessions. For the auth client, ensure it handles token refresh using the refresh token. Implement background token refresh logic to maintain session continuity. For example, when making a network call, if you get a token expiry error (or if the token is old on the client side), use the refresh token to get a new access token.
adrian-moisa
commented
4 months ago Thank you @rundfunk47 for the quick answer. In the meantime I studied more your commit and the codebase overall to better understand how it all fits together. I made use of the silentAuth flag. Really happy how the code turned out. Nice and crisp. Once I find some time I'll share a full sample. I know lots of people struggle really hard to stitch everything the right way (was hard for me as well, but this is the 3rd client already so it's a bit easier to make sense of it). Cheers!
Overview
This PR integrates a hidden iFrame for silent authentication in the FlutterWebAuth2WebPlugin, enhancing token refreshes and ensuring smooth user experiences in environments where popup blockers might impact traditional authentication methods.
Key Updates
Silent Authentication Implementation: Incorporation of a hidden iFrame, a standard in web authentication, enables background token refreshing without user interruption. Security Focus: Ensured security through URL sanitization and rigorous origin checks to prevent vulnerabilities like XSS.
Rationale Behind Silent Authentication
Seamless User Experience: Maintains session continuity in single-page applications by eliminating repeated login prompts. Popup Blocker Avoidance: Addresses the issue of popup blockers in modern browsers, ensuring more reliable authentication.