RedirectURL

[jasonhtpham]

Hi, I just have a small question regarding the implementation under the hood. I am working on an app that needs to interact with Fitbit using OAuth 2.

Fitbit's documents tell me to give them a redirectURL in order for the authentication process to work. But when I use oauth_webauth, it works with any redirectURL.

Why does this happen and will there be any problems in the future? Thank you.

[luis901101]

Hi, what you mean by:

It works with any redirectURL

This plugin expects for the redirectURL in order to succeed Check the code at oauth_web_view.dart line 269

bool onNavigateTo(String url) {
    if (url != 'about:blank') showLoading();
    if (url.startsWith(redirectUrlEncoded)) {
      onSuccess(url);
      return false;
    }
    return true;
  }

  void onSuccess(String responseRedirect) async {
    responseRedirect = responseRedirect.trim().replaceAll('#', '');
    final parameters = Uri.dataFromString(responseRedirect).queryParameters;

    try {
      final client =
          await authorizationCodeGrant.handleAuthorizationResponse(parameters);
      widget.onSuccess(client.credentials);
    } catch (e) {
      onError(e);
    }

It should only succeed if the url to navigate to is the redirect url.

If you set a redirectURL to the plugin different to the one set on Fitbit confs then the authorization should not succeed, assuming that Fitbit is using the redirectURL you set. Check if you set more than one redirectURL on Fitbit confs, and check if you are using a redirectURL that is the same of the url used to authenticate. Nevertheless if the authorization is successful it means the query parameters found in the redirectURL are the ones to generate a code grant authorization and finally get the authorization credentials. Check oauth_web_view.dart line 284

[jasonhtpham]

Hi, sorry, I checked and realized that I have the identical redirectURL on both sides. Thank you for your detailed and timely response. Much appreciate!