Closed michelerenzullo closed 5 months ago
Interesting. Will definitely bring this to the team and have it discussed.
Another alternative approach is maybe we can contribute a PR to the flutter_appauth
and make it support resource
param. So you don't have to config it through the additionalParameters
.
I asked today but seems that the author doesn't want because flutter_appauth is an abstraction, a wrapper, of Auth0, so is suggesting that the change shall be in Auth0... Link here
I had a fast look and I didn't find a doable way in flutter_appauth because is bringing everything to the lower level calling platform methods of Auth0 binary (java/swift), therefore the patch shall be done there. What I read on forums, auth0 refuses to implemente this feature for security reasons or logic, they call it "multiple audiences(resources)" "array of audiences". I just want to append some &resource ... Lmao
Looks to me a lot like the organisations scopes logic, is kinda the same process under the hood I guess?
Resources --> Organisations
Roles --> Organisation_roles
adding just 1 resource=urn:logto:resource:organizations
in the authorisation code request is equivalent to pass many &resource...
retrieve the token for the specific resource scoped authorisation code: is done with organization_id: <id_of_test.com_org>
rather than indicating a specific resource: test.com
Thanks for the additional information. The team will have it discussed this week, and I'll post you the updates in this ticket
Hey, quick question, what if you pass the resources as an array through the additionalParameters
? E.g.
additionalParameters: {
resource: ['foo', 'bar']
}
Would it parse it into something like resource=foo%2cbar
? (%2c is comma
encrypted)
additionalParameters: {
'resource': 'https://api1.com/,https://ap2.com/',
}
is encoded as --> &resource=https%3A%2F%2Fapi1.com%2F%2Chttps%3A%2F%2Fapi2.com%2F
so the comma can be used in your source code as feature to split. yes
additionalParameters: { 'resource': 'https://api1.com/,https://ap2.com/', }
is encoded as -->
&resource=https%3A%2F%2Fapi1.com%2F%2Chttps%3A%2F%2Fapi2.com%2F
so the comma can be used in your source code as feature to split. yes
Thanks for the confirmation. Then it sounds like we can support the comma separated format. Will add this to our roadmap
This feature should be avalable in the next release. Please stay tuned.
Yes thanks!
Adding multiple resource param when doing the AuthorizationRequest seems non-standard at least compared with Auth0 implementation, I understand if it is as it is with your services but would be nice to have a way to make it work generally since I can't request an authorisation code for multiple resources at same time right now if I don't use your dart sdk.
Example: using flutter_appauth we can use "additionalParameters" that is a Map<String,String> but can't define more than 1 resource. The problem is not arising with your dart sdk, but I was thinking if is possible to concatenate so that we gonna have
{'resource': 'http://test.com/feedback http://test.com/books'}
so the request won't look as a concatenation of resources but one ad only separated by a char, and the logto server will unpack it correctly
&resource%3Dhttps%3A%2F%2Ftest.com%2Ffeedback&resource%3Dhttps%3A%2F%2Ftest.com%2Fbooks
&resource%3Dhttps%3A%2F%2Ftest.com%2Ffeedback%20https%3A%2F%2Ftest.com%2Fbooks