I have the following code in flutter trying to retrieve an oauth2 token via auth code with PKCE flow:
final FlutterAppAuth appAuth = FlutterAppAuth();
final request = AuthorizationTokenRequest(
B2C_CLIENT_ID,
B2C_REDIRECT_URI,
discoveryUrl: 'https://$B2C_DOMAIN/.well-known/openid-configuration',
scopes: ['openid', 'profile', 'offline_access'],
// promptValues: ['login']
);
final AuthorizationTokenResponse result =
await appAuth.authorizeAndExchangeCode(request);
When this code is run in iOS, the browser opens and I can see it tries to load the signin page, but then immediately closes. No exceptions are thrown or anything. The code basically hangs at appAuth.authorizeAndExchangeCode almost like it doesn't know that the browser has closed.
I am not sure what could be causing this.
The code correctly determines the url for showing credentials using the discoveryUrl (i.e. it makes the http request first using the discoveryUrl) but not sure why it basically hangs after.
I am using azureb2c for authentication here.
Edit
Ok turns out this is a problem with using azure b2c in particular as tried it with a different identity provider and works fine.
I managed to locate the issue and fix it now a login page shows in the browser. After entering credentials, browser closes, but code still hangs on appAuth.authorizeAndExchangeCode(request); and does not proceed.
Also found existing issue. on github: https://github.com/MaikuB/flutter_appauth/issues/182
I managed to solve this following the below answer on the Github repository of the flutter_appauth plugin.
https://github.com/MaikuB/flutter_appauth/issues/182#issuecomment-840707729
Eventually, all I had to do was to add a trailing slash to the redirect url parameter in AuthorizationTokenRequest.
(It looks like Azure AD appends on a trailing slash to the redirect url which causes the validation in AppAuth to fail).
My app worked correctly with the slash both on Android and iOS.
P.S. If this doesn't work for someone, try to adjust the redirect url in your App Registration as suggested in the respective thread https://github.com/MaikuB/flutter_appauth/issues/223.
I suspect this is related to the call to resumeExternalUserAgentFlow, so here is a plan of action for you:
Follow the steps in my blog post to get the AppAuth Swift + Carthage sample working - which also uses a Private URI Scheme. Use my online configuration details as specified in the blog post and you should have a working solution. I have just verified that my instructions still work.
Update the same sample to use your Azure AD configuration and see if it still works. If so then there is nothing wrong with AppAuth and the problem is in the Flutter layer.
If the Swift sample fails when you update to Azure AD configuration, add some print messages for the URL being supplied to resumeExternalUserAgentFlow in the AppDelegate class, and see if this is different to the original redirect URI. If the redirect URIs are different, reset to the original value and hopefully that will resolve things.
Related
I am trying to authenticate with Okta in my iOS app, Create a app is Okta dashboard and added client id and redirect url's. After setting up and installing app in simulator. app is throwing the below error:
Please let me know if i missed any settings.
Created a native app from dashboard.
It looks like the client ID you're sending in the request is not what you think it is. You should be able to copy the URL from your browser, paste it in something like Notes, and examine the client ID. Make sure it matches what you have in your Okta org and that it doesn't contain any unexpected characters in it.
That's a common problem being faced by every newbie.
Here are some steps which will guide you to make your Okta authentication without error.
Create an application in Okta Page.
At text field & you may put your domain id. ex dev-xxxx.okta.com:/callback
Provide the same detail in your okta.plist in iOS Application.
You may refer to the Okta 'GitHub Repositories' for working samples.
Thanks.
Our iphone app allows for sign in via Foursquare via oauth. It was working fine and recently stopped working.
The error we get is: Connecting Failure: Callback uri is not valid for this consumer.
HOWEVER, if the user does not have the foursquare app installed on their phone it works fine as before. It seems as if FS is now doing a redirect to handle the oauth inside the FS app and this fails when attempting to return to the originating application. Via safari it seems to work.
This is on ios 9.
Solutions?? Thanks!
We've changed to use a SafariViewController and this seems to force Foursquare to not to this strange in-app redirect, solving the issue. This is also Apple's preferred oauth method, so probably the way to go.
Still seems like a problem on the Foursquare side that they may want to address for others however. I'm closing this question. Thanks.
Where does your redirect URL point? If you want it to launch your app after completion you should point to the iTunes store (pre-iOS9) link for your app or the universal link (iOS9 onwards).
More information on redirects for the native foursquare app is available in the README here: https://github.com/foursquare/foursquare-ios-oauth/
How to create a universal link in iOS9 https://www.appsflyer.com/blog/how-to-set-up-ios-9-universal-links-for-your-app/
A callback url is a webpage loaded after your web app has been
verified. In this case, you need to specify a page for to send data to
after authentication
Double check your Foursquare credentials and update the callback uri to a valid link. Tutorial link
Please follow the below points, may be one resolves your issue:-
Enter the callback in foursquare account in addcallback methods. Then in your code add the call back to the provider before you authorize. (Reference here).
You're getting that error because the URL you're pointing your users to (foursquare.com/oauth2/...) includes a redirect_uri parameter that doesn't match with what you configured in your app's settings under https://foursquare.com/developers/apps. Make sure these match!
I'm attempting to hook my application into Flickr but having issues during the Authentication process.
I've followed instructions in:
https://github.com/devedup/FlickrKit
I've created a CFBundleURLTypes for my application (let's call it myapp://) and tested that it works (i.e. I type myapp:// in a safari). I've successfully called the authentication URL in Flickr, it shows the login, asks the user to grant my app the necessary permissions then instead of redirecting back to my app via my URL...it does nothing, and the app is not authenticated.
I used FlickrKit demo app replacing its api key/secret/CFbundleUrltypes with mines and the issue is the same, so the problem is not in the code but rather in the way i registered my app in flickr. Said that...I just followed the instructions in Flickr "Edit Authentication Flow" so I guess the issue is with the callback url I put in flickr. I used myapp://auth? as described in many posts in the internet but does not authenticate or call back my app.
This is not the same issue reported here:
Flickr Authentication Flow and iPhone
but rather similar to the unanswered post:
flickr callback URL not working
The Info.plist for the custom URL handler and the AppDelegate code are a copy&paste from the flickrKit demo app [no need to reinvent the wheel] and anyway even after changing api key secret and url in flickrKit demo app with mines...the app is not called back, so it must be something wrong in my app registration.
Anybody experienced a similar behavior ? i ruled out objective-c code and callback url as the issue, so what is left is the flickr part but not sure where to look for help... so i wrote this post.
Thanks for any tip,
dom
Probably this is a problem of api signature calculation. All the parameters passed via method should be used to calculate an api signature.
I'm developing an app using Phonegap and it implements a Facebook login to save some data using the user_id as a reference. I'm using OAuth.io library to implement the login dialog and everything runs smoothly in the web browser and in Android but when I test the app in XCode and I tap the login button the following error appears.
Cannot find hostname in file:/// from static
code: InvalidHeader
message: Cannot find hostname in file:/// from static
My guess is that it has something to do with phonegap not making an external request since the app is not actually hosted in a domain but running locally... any thoughts?
Seems like you are using oauth.js library instead of phonegap version
In your main page "index.html" add reference to the correct js file
<script src="oauth-phonegap.js"></script>
Then follow the instructions here to build your application
I had a simular issue using oauth.io. Turns out it was my Ajax prefilter changing the REQUEST to Facebook(it was adding parameters to the header for each request). Wether this is your issue or not, what you need to do is compare a successful REQUEST to Facebook to an unseccussful one, that will show you where things go wrong. Alternativly a blank phonegap app with no extra code other then the required oauth code should work and will be a Good starting point to isolate your issue.
I have been using Phonegap 2 years before.Though I didn't connect to facebook before,I connected to other website by OAuth.I can show you my solution.
Firstly,you should know how OAuth works.You can read OAuth 2.0 from facebook developer website or other websites.
Secondly,you should know your target:token,uid,expires_time.The most important thing is token.
Thirdly,just do it.In 2010,I solve this problem by using Phonegap Childbrowser plugin(now Phonegap have a inAppBrowser) and a light server.
Why I should use a light server?The server can help me to handle the redirecting in OAuth service and do cache.
Step 1 : I wrote script to connect with my server,and my server connect to OAuth Service(facebook).
Step 2 : OAuth Service(Facebook) do response and redirect to Facebook login page.
Step 3 : After input username and password,OAuth Service(Facebook) will redirect to another url and do a callback with some code or token.
Step 4 : If you get the token,save it and use it to connect OAuth Service(Facebook) if you want.
When I saw "Cannot find hostname in file:/// from static " in your description,I know that maybe you get confuse in OAuth.Now,I suggest you some server side code to handle it and make your OAuth process possible.
I have a BlackBerry java-based app that works with salesforce data and uses oauth 2 for authentication. It has been working fine until recently when users have been complaining that once they get to the accept/deny salesforce oauth page, clicking on Accept button displays a salesforce 404 page.
I attached a debugger to the bb simulator (OS7) and found that everything was working fine up to the point where a POST is made to salesforce on pressing the ACCEPT button in the final stage of authentication/authorisation via salesforce oauth2 user agent flow. At this point, the post would succeed and the response body would contain some markup with a small JavaScript block that just performs a document.location.href assignment to force the browser to navigate to a new URL. I noticed that the URL was not what I was expecting - I was expecting to see the redirect_uri callback address + the access token etc data appended to the end of it (as per the sf oauth2 documentation). What I saw instead was a URL that when navigated to leads the user back to a login page with a message saying that they are attempting to access a resource that requires authentication.
If I perform the same flow in say chrome the URL after the post is what I expect. This all used to work just fine so I am confused as to why it would stop working all of a sudden. I've heard that Salesforce changed their oauth 2 implementation back in late 2011 slightly so I wonder if this has broken my client although I don't see how.
As an experiment I removed all of my code except for an embedded BrowserField and made it navigate to the oauth URL as constructed by combining consumer key and various other values as per the documentation and it still fails with a 404 page at the point of clicking on the accept button after a successful login.
If I try the same bootstrap oauth URL in the built in bb browser the full authentication flow works fine and I am eventually redirected to the final callback URL with access token information appended.
Has anyone else out there had trouble with oauth2 user agent flow on BrowserField (from field2 package)?
Have you tried using the "scope=mobile" parameter? This parameter puts you into a very simplified oauth flow that is optimized for blackberry...we've found they generally have trouble getting through the richer flows designed for iOS/Android. That said, I haven't heard of them having issues on BB7...only the 5 and sometimes 6 series
If that fails, could you open a support case with us?
Try also "display=mobile" and "scope=api web" (with a space), depending on what you are trying to access after OAuth.