I am trying to build a Flutter app that uses OAuth to connect to a user's account on another website. This requires navigating to the site's OAuth page where the user can enter their credentials, and then parsing the code that's sent back to the app when the user returns.
So my questions are:
How can I navigate to the OAuth web page?
I have figured out that I can navigate to an internal route like this:
Navigator.of(context).pushNamed('/some_page');
But what if I want to go to an external page like https://coolsite.com/oauth/authorize?
How can I do this (a) by opening the URL in the local web browser, and (b) with an in-app web view?
What URL should I redirect the user to after authenticating so that they go back to the app, and how do I parse the response?
It seems there are 2 ways:
(a) Let the user be redirected to a blank page with the authorization code in the URL and title of the page. If this method - how do I parse the page or URL?
(b) Redirect the user to some kind of scheme, like my-dart-app://coolsite-oauth?code=xyz. If this method - how do I register the scheme, and would cool site-OAuth map to a route that I specify when calling new MaterialApp, or somewhere else? And how would I parse the query param?
You can trigger a navigation using the activity service:
import 'package:flutter/services.dart';
void launchUrl(String url) {
Intent intent = new Intent()
..action = 'android.intent.action.VIEW'
..url = url;
activity.startActivity(intent);
}
There isn't currently a way to receive a navigation in Flutter, but that's something we'd like to add. I've created this issue to track this feature request: https://github.com/flutter/flutter/issues/357
Related
I have an authorisation flow that at the end redirects to our API endpoint not to the app universal link like https://api.example.com/redirect not the app://redirect
For now I am able to use WKWebView to detect that redirect was done by comparing urls and if match to close WebView.
The problem is that in this approach I cannot use google login (WebView is rejected) during this flow.
I tried to use ASWebAuthenticationSession but after redirect I am not able to detect that this redirect was done (as it hits API not the app) to close AuthenticationSession view automatically.
Is it possible at all in such case or the only way to close AS is to redirect to app universal link app:// not to the https://?
Any help really appreciated
You need to use the ASWebAuthenticationSession window with the AppAuth pattern, as described in RFC8252. This is a form of the system browser so will not be blocked by providers such as Sign in with Google.
This form of login can be used with either custom URI schemes, such as com.mycompany.myapp:/callback or with HTTPS callback URIs that require iOS universal links to be configured. You are then notified when login conpletes, or is cancelled, or fails.
A sample app of mine does logins with universal links via this code, which adapts AppAuth classes to more of a [Swift async await style. If you are new to AppAuth libraries, see also my introductory blog post.
func login(viewController: UIViewController) async throws {
try await self.authenticator.getMetadata()
try await MainActor.run {
try self.authenticator.startLoginRedirect(viewController: viewController)
}
let response = try await self.authenticator.handleLoginResponse()
try await self.authenticator.finishLogin(authResponse: response)
}
var result = await account.createVerification (url:'http://192.168.20.49:81/v1/account/verfication' );
sends a link to the mail
(http://192.168.20.49:81/v1/account/verfication?userId=63972f2f56d0c39fc9f8&secret=5025d...a&expire=2022-12-20+12%3A08%3A11.784)
Redirects to the browser and in the browser window json
{"$id":"6396bde6604188965bab","$createdAt":"2022-12-12T05:36:38.796+00:00","$updatedAt":"2022-12-12T15:44:11.741+00:00","name":"Andrey","registration":"2022-12-12T05:36:38.795+00:00","status":true,"passwordUpdate":"2022-12-12T15:44:11.741+00:00","email":"andrey253#yandex.ru","phone":"","emailVerification":true,"phoneVerification":false,"prefs":{}}
how to make sure that mail on the site is verified without redirection to the mobile? Can I create a page on the site for verification? And why verification does not happen automatically when clicking on the link, it would be very convenient!
For me a problem to receive in the userId and secret application in flutter from url http://192.168.20.49:81/v1/account/verfication? userId=63972f2f56d0c39fc9f8&secret=3ab63c4dee.41&expire=2022-12-20+19%3A42%3A10.896.
Instead of passing http://192.168.20.49:81/v1/account/verfication, you'll need to pass a URL to some page or something that will receive the secret so you can make the update verification API call. You can either host a web page to do it or set up a universal link that will link the user into your app where you can handle it in your app.
I have an application that uses NEFilterProvider API to filter urls (allows/blocks browsing). ControlProvider and DataProvider extensions created.
So for this point I can block/allow certain urls.
I wonder if there is a way to implement redirection to custom url using NetworkExtension ?
According to NEFilterDataProvider:
If the Filter Data Provider chooses to block the web page, then a special “block” page is displayed in the WebKit browser object informing the user that their attempt to access the content was blocked. The Filter Data Provider can choose to add a link to this block page, giving the user the option of requesting access to the content.
There is no other way to redirect user besides a link from "block" page. Neither url nor page content could be changed using NEFilterProvider API. The best solution for redirection would be a VPN connection. You can find example here.
Beginner programmer here, please pardon ignorance & explanations will be really nice :)
I've tried to read the tutorials for a certain OAuth 2.0 service, but I don't understand this redirect URI... in my particular context, let's say I'm trying to build an iPhone app that uses OAuth 2.0 for some service. I have an App ID that was generated, but i need to provide some sort of redirect URI to generate the API key.
Is this a URL that I'm supposed to host somewhere myself?? As the name suggests, I would think that the redirect URL is supposed to "redirect" someone somewhere. My only guess is that it's the URL a user is redirected to after they log in to the service.
However, even if that assumption is correct, I don't understand one other thing - how can my app be opened again after I've sent them to the browser for the user login?
Read this:
http://www.quora.com/OAuth-2-0/How-does-OAuth-2-0-work
or an even simpler but quick explanation:
http://agileanswer.blogspot.se/2012/08/oauth-20-for-my-ninth-grader.html
The redirect URI is the callback entry point of the app. Think about how OAuth for Facebook works - after end user accepts permissions, "something" has to be called by Facebook to get back to the app, and that "something" is the redirect URI. Furthermore, the redirect URI should be different than the initial entry point of the app.
The other key point to this puzzle is that you could launch your app from a URL given to a webview. To do this, i simply followed the guide on here:
http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
and
http://inchoo.net/mobile-development/iphone-development/launching-application-via-url-scheme/
note: on those last 2 links, "http://" works in opening mobile safari but "tel://" doesn't work in simulator
in the first app, I call
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:#"secondApp://"]];
In my second app, I register "secondApp" (and NOT "secondApp://") as the name of URL Scheme, with my company as the URL identifier.
Take a look at OAuth 2.0 playground.You will get an overview of the protocol.It is basically an environment(like any app) that shows you the steps involved in the protocol.
https://developers.google.com/oauthplayground/
redirected uri is the location where the user will be redirected after successfully login to your app. for example to get access token for your app in facebook you need to subimt redirected uri which is nothing only the app Domain that your provide when you create your facebook app.
If you are using Facebook SDK, you don't need to bother yourself to enter
anything for redirect URI on the app management page of facebook. Just setup a
URL scheme for your iOS app.
The URL scheme of your app should be a value "fbxxxxxxxxxxx" where xxxxxxxxxxx is
your app id as identified on facebook.
To setup URL scheme for your iOS app, go to info tab of your app settings
and add URL Type.
I'm using ASP.NET MVC 3 and TweetSharp. I'm open authorization dialog with window.open(), at the end of auth program in this window tries to access to main window through window.opener.
In my application callback set to http://www.domain.com and when i'm open site from that url everything works fine, but if use just domain.com i get an error something like "Acces is denided because of different domains" when window.opener is accessed.
I have tried to set callbackUrl when app auth dialog opens, but this has no effect. Also changing callback url to http://domain.com give same result.
Only way to solve this is to use UrlRewrite to always redirect on www.domain.com. Or i'm missing something and there is another way?
Thanks.
Log in to your Twitter Dev Account (dev.twitter.com), select the appropriate Twitter Application, go to the tab "#Anywhere domains" and add www.domain.com as authorized...
works for me
i did not work with tweeter but i work with facebook the same problem are there that is why i put the canvas url there with my domain url try to put your call back url as your domain url
or try some thing like this in java script :
var url = window.location;
url = url.toString();
url = url.replace(/www.domain.com/,"domain.dev.domain.com")
window.location = url;