search

teranetsrl / oauth2_client

Simple Dart library for interacting with OAuth2 servers.
BSD 2-Clause "Simplified" License
95 stars 113 forks source link

Https redirect not working #83

Open j555 opened 3 years ago

j555 commented 3 years ago

The Oauth provider I am using recently moved to requiring https redirects. Everything was working when an https redirect was not required. Now when I run the app I get redirected to the https redirect I set up and the browser window doesn't close and the token is never received.

I set up the app link and tested it at https://developers.google.com/digital-asset-links/tools/generator. It gives me a success message.

When I am forwarded to the https redirect the URL contains a code variable and a state variable.

The code I am using is as follows:

  OAuth2Client client = ClioOAuth2Client(
      redirectUri: 'https://oauth.mydomain.net/oauth/approval',
      customUriScheme: 'https');

  OAuth2Helper oauth2Helper = OAuth2Helper(client,
      grantType: OAuth2Helper.AUTHORIZATION_CODE, //default value, can be omitted
      clientId: 'clientid',
      clientSecret: 'secret',
      scopes: ['tasks']);

AndroidManifest:

        <intent-filter android:label="flutter_web_auth" android:autoVerify="true">
            <action android:name="android.intent.action.VIEW" />
            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />
            <data android:scheme="https"
                android:host="oauth.mydomain.net"
                android:pathPrefix="/oauth/approval" />
        </intent-filter>

When the app runs the authorizeUrl is received but it seems to hang when it gets to final result = await webAuthClient.authenticate( url: authorizeUrl, callbackUrlScheme: customUriScheme);

Does anyone have any idea what I am doing wrong?

Thanks for the help!

okrad commented 3 years ago

Hi @j555, from your example it's not clear if the intent-filter is inside an activity tag, and if so, if it is declared correctly:

<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" >
    <intent-filter android:label="flutter_web_auth" android:autoVerify="true">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
                <data android:scheme="https"
                   android:host="oauth.mydomain.net"
                   android:pathPrefix="/oauth/approval" />
    </intent-filter>
</activity>
j555 commented 3 years ago

Sorry for the late response. The intent-filter is inside an activity tag and appears to be declared correctly, but it is still not working. It opens the redirect URI in a browser and then just sits with no error at all. Any other ideas as to what may be wrong?

Thank you

semajed commented 3 years ago

Same challenge. The URI Browser stays open. Subscribed to this thread to see if any solutions pop up.

seidlere commented 2 years ago

i'm having the same problem on iOS 14. i never get the result back from the .authenticate method. i took a look at the native iOS code in the library, and it seems to be correctly making use of ASWebAuthenticationSession. but the browser that opens for the third-party oauth login never closes, and original application remains in the background.

noe-gif commented 2 years ago

I'm having the same issue over here, the Https request is blocking the callback to my flutter app and I do not know what to do. Once the webauthentication is done the url page is correctly redirected to web 127.0.0.1 but then I just stay with an error and don't come back to my app.

KushalxPathak commented 2 years ago

Any Update on this?

supermar1010 commented 2 years ago

@j555 the intent-filter does not need to be in an activity tag, as far as I know it needs to be in the com.linusu.flutter_web_auth.CallbackActivity activity tag.

KushalxPathak commented 2 years ago

@supermar1010 @j555 declared intent-filter in com.linusu.flutter_web_auth.CallbackActivity activity tag (as per ReadMe)documentation.Issue remains the same for me too.

supermar1010 commented 2 years ago

@KushalxPathak I've never done that so I'm not sure, but did you do the verifying you own the url?

"Add verification for your deep links: Configure your app to request verification of app links. Then, publish a Digital Asset Links JSON file on your websites to verify ownership through Google Search Console. Learn more in Verify App Links." This is from the Google docs linked under app link in troubleshooting