search

singpass / Android-Singpass-in-app-browser-login-demo

This repository demonstrates and details the implementation using Chrome Custom Tabs or external web browsers to initiate a Singpass login using Oauth PKCE flow
2 stars 2 forks source link

Error: Failed to authorize: [error: null, description: Response state param did not match request state] #6

Open HasithMbiz opened 1 year ago

HasithMbiz commented 1 year ago

In my flutter mobile app, I've been using the flutter_appauth package for SingPass SSO integration and I'm facing an issue during the authorization phase. Specifically, the following error is returned when the application is redirected back from the browser after the user has authenticated:

PlatformException(authorize_and_exchange_code_failed, Failed to authorize: [error: null, description: Response state param did not match request state], null, null)

Here is the code I'm using for the authorizeAndExchangeCode method:

import 'package:flutter_appauth/flutter_appauth.dart';

class SingPassLogin {
  final FlutterAppAuth appAuth = FlutterAppAuth();

  Future login() async {
    // configuration of the SingPass authentication
    final AuthorizationServiceConfiguration _serviceConfiguration =
    AuthorizationServiceConfiguration(
        authorizationEndpoint: 'https://test.api.myinfo.gov.sg/com/v4/authorize',
        tokenEndpoint: 'https://test.api.myinfo.gov.sg/com/v4/token'
    );

    try {
      final AuthorizationTokenResponse? result = await appAuth.authorizeAndExchangeCode(
        AuthorizationTokenRequest(
          'STG2-MYINFO-SELF-TEST',
          'sg.gov.singpass.app://ndisample.gov.sg/rp/sample',
          issuer: 'https://test.api.myinfo.gov.sg',
          scopes: ['name',],
          additionalParameters: <String, String>{
            'purpose_id': 'demonstration'
          },
          serviceConfiguration: _serviceConfiguration,
          responseMode: 'code',
        ),
      );

      print('Access token: $result');
    } catch (e) {
      print('Error occurred during login: $e');
    }
  }
}

My understanding is that flutter_appauth should be handling the state parameter automatically. I do not manually set the state parameter anywhere.

Any help or guidance on this issue would be greatly appreciated.

kenneth-leong-gt commented 1 year ago

i think you should be able to set that state as null as myInfo v4 api does not require state.