Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question / tutorial] using the plugin for Flutter WEB #3

Open
fvisticot opened this issue Dec 26, 2019 · 3 comments
Open

[question / tutorial] using the plugin for Flutter WEB #3

fvisticot opened this issue Dec 26, 2019 · 3 comments

Comments

@fvisticot
Copy link

Hello,
I have discovered this plugin and I have a few questions:

  1. Can you please confirm that this plugin is working with Flutter WEB ?
  2. Can you please document / make a tuto explaining how to use the plugin

Can you please explain what is required for the

  • redirectUri: ?
  • silentRedirectUri: ?

Tx for your help
@fvisticot fvisticot changed the title [question / tutorial] [question / tutorial] using the plugin for Flutter WEB Dec 26, 2019
@fvisticot
Copy link
Author

I have made some tests and it seems i get some redirection errors:
══╡ EXCEPTION CAUGHT BY FLUTTER FRAMEWORK ╞═════════════════════════════════════════════════════════ The following message was thrown: Could not navigate to initial route. The requested route name was: "/access_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9

@jolleekin
Copy link
Owner

Init

SilentAuth tries to load the access token (and other data) stored in the storage object passed to the constructor (localStorage by default).

If the access token is still valid, SilentAuth will schedule a renewal; otherwise, it checks if an access token is available in the URL fragment and uses it (this happens after user gets redirected back to the app after logging into the identity server).

Login

SilentAuth redirects user to the identity server's authorize endpoint with query parameter redirect_uri set to redirectUri. This is the URI of your application.

After user logs in, the identity server will redirect user to the provided redirect URI.

SilentAuth will then extract the access token from window.location.hash

The application can now use the access token and make API requests.

Renewal

SilentAuth uses a hidden iframe to access the identity server's authorize endpoint with query parameter redirect_uri set to silentRedirectUri. silentRedirectUri must have the same origin as redirecUri. Usually, this points to a dummy HTML file (http://localhost:12345/silent_auth.html, for example).

If user's session on the identity server is still active, the identity server will redirect the hidden iframe to the provided redirect URI, passing the new access token.

SilentAuth will then access the iframe and extract the access token from the iframe's window.location.hash.

Then it will schedule the next renewal.

@jolleekin
Copy link
Owner

I never used it with flutter web, so I don't know if it works. In order for it to work, SilentAuth must process the URL before flutter.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fvisticot @jolleekin