flutter_appauth icon indicating copy to clipboard operation
flutter_appauth copied to clipboard
verified publisher icon MaikuB

webview closes when I call authorizeAndExchangeCode and throw PlatformException on Android devices [HEELP]

Open Juniorlpes opened this issue 3 years ago • 4 comments

I use this package since 2020, but a month ago a bug appear for a lot of users... (maybe in the same time when I upgraded the flutter version and the packages version from my project)

The bug appear for many users, but to others keep working normally (it's very strange).

The exception throwed is:

PlatformException(authorize_and_exchange_code_failed, Failed to authorize: [error: null, description: Invalid ID Token], ID Token expired, null)

I searched issues, server side bugs, standards on devices and I'm lost.... can you help me? any idea? something wrong? My code:

flutter_appauth: ^2.4.1 (before I used ^1.0.0)

    authResult = await appAuth.authorizeAndExchangeCode(
      AuthorizationTokenRequest(
        environment.clientId!,
        environment.redirectUri!,
        discoveryUrl: [...],
        issuer: [...],
        scopes: environment.scope,
        serviceConfiguration: AuthorizationServiceConfiguration(
          authorizationEndpoint: environment.authorizeEndpoint!,
          tokenEndpoint: environment.tokenEndpoint!,
          endSessionEndpoint: environment.logoutEndpoint,
        ),
      ),
    );

   <queries>
      [...]
      <intent>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="https" />
      </intent>
      <intent>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.APP_BROWSER" />
        <data android:scheme="https" />
      </intent>
    </queries>

    defaultConfig {
        applicationId [...]
        minSdkVersion 21
        targetSdkVersion 30
        versionCode flutterVersionCode.toInteger()
        versionName flutterVersionName
        multiDexEnabled true
        
        //Auth Config
        manifestPlaceholders += [
            'appAuthRedirectScheme': 'memobile'
        ]
    }

Juniorlpes avatar Apr 29 '22 18:04 Juniorlpes

version flutter_appauth: 1.0.0 works fine, but version > 1.1.1 do not work

Juniorlpes avatar May 02 '22 19:05 Juniorlpes

Well, it's a strange bug. As I said, many users keep working normally, but others the error is throwed. I don't know if it's a browser settings, my oauth service, the package or else.

I did a test with a near user with differents flutter_appauth versions. the version 1.0.0 and 1.1.0 work, but 1.1.1 didn't work. I saw that in version 1.1.0+2 you update native sdk https://github.com/MaikuB/flutter_appauth/commit/2307f7cfadc3ce1d852c5d7140d98ed62302b086 does this have any relationship? @MaikuB

Juniorlpes avatar May 03 '22 14:05 Juniorlpes

Potentially as AppAuth Android SDK turned on ID token validation but given the error, it would mean an issue with the ID token you've gotten back. Can't help you much here and an expired token would suggest an issue you'd need to look more into e.g. if there are devices where the clock has the wrong value or a logic issue. The issue that others really see more of to do with the bump is to do with a nonce mismatch. No one else has mentioned ID token's being expired. A similar issue has been reported at https://github.com/openid/AppAuth-Android/issues/733 that is to do with devices where clock is set to a time in the future so I would believe your situation is similar. You may need to consider forking etc

MaikuB avatar May 17 '22 10:05 MaikuB

Thank you very much for explaining. Yes, I forked it. I created a tag using the v1.0.0, but migrated the jcenter to maven on android. It is working for now, but I'll search a proper solution later.

Juniorlpes avatar May 17 '22 14:05 Juniorlpes

Hello @Juniorlpes , can you tell me what you did and how you did it , have the same error bec Egypt changed the time so not all devices work right now, please help

MahmoudMamdoouh avatar May 02 '23 11:05 MahmoudMamdoouh

Hello @Juniorlpes , can you tell me what you did and how you did it , have the same error bec Egypt changed the time so not all devices work right now, please help

Hi @MahmoudMamdoouh , I created a fork from this package on tag v1.0.0 (old native sdk worked) and just migrated the maven on android files, you can do the same thing.

Today in my project I use this fork, but I don't recommend it because it's old and outdated (both the package and the native sdks).

If you have any further questions, I'm at your disposal.

You can see the fork here: https://github.com/Juniorlpes/flutter_appauth my pubspec.yaml today:

flutter_appauth: 
    git:
      url: https://github.com/Juniorlpes/flutter_appauth.git
      path: flutter_appauth
      ref: flutter_appauth-v1.0.0-migrate-maven

Juniorlpes avatar May 02 '23 14:05 Juniorlpes