devdennysegura / flutter-auth0 Goto Github PK

I have configured my app following your instruction. When using web authorize I ran into a problem that the login page is always blank if I use any different accounts from my first setup. But when I changed it to my first setup account, my app ran correctly. I inspected my device I got this error.
Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.

It would be nice to do a release of this project to make it downloadable package now that flutter 1.0 is out.

I'm getting type '_InternalLinkedHashMap<String, dynamic>' is not a subtype of type 'Future<dynamic>' when calling .userInfo({'token': token})

What can it be?

Thanks for building this plugin, it made things a lot easier for me.

After i ingested your plugin into my app, I had some logic that showed a modal when the user put a bad password in or user didn't exist etc.

One suggestion would be to allow for the passback of the error message from auth0. Specifically error_description.

{error: invalid_grant, error_description: Wrong email or password.} .

Logout (auth0.webAuth.clearSession()) Issues:

If the user is signed in, it will logout the user but it will not return to the app. Instead, it will continue on to the login page on the web browser. And once logged in, it will proceed to the account profile page. Basically it is treated as a normal web session and will never exit the browser and return to the app.

If the user is NOT signed in, it will crash and exit the app, without event throwing errors/exceptions.

Login (auth0.webAuth.authorize()) Issues:

If the user is already signed in, it will crash and exit the app, without event throwing errors/exceptions.

Flutter 1.0 uses AppDelegate.swift and needs the following code:

import flutter_auth0

and within the AppDelegate class:
override func application( _ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:] ) -> Bool { return FlutterAuth0Plugin.application(app, open:url, options:options) }

unauthorized_client: Grant type 'http://auth0.com/oauth/grant-type/password-realm' not allowed for the client.

Followed you instructions (which are kinda lacking to be honest), looked at the sample to actually find the files you mentioned and did everything you described there but when actually trying WebAuth PKCE i get the following error:;

W/ActivityThread( 7705): handleWindowVisibility: no activity for token android.os.BinderProxy@74aad5c D/AndroidRuntime( 7705): Shutting down VM E/AndroidRuntime( 7705): FATAL EXCEPTION: main E/AndroidRuntime( 7705): Process: com.blangr.fairpay, PID: 7705 E/AndroidRuntime( 7705): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.blangr.fairpay/com.blangr.fairpay.RedirectUriReceiver}: java.lang.IllegalStateException: Reply already submitted E/AndroidRuntime( 7705): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2913) E/AndroidRuntime( 7705): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3048) E/AndroidRuntime( 7705): at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78) E/AndroidRuntime( 7705): at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108) E/AndroidRuntime( 7705): at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68) E/AndroidRuntime( 7705): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1808) E/AndroidRuntime( 7705): at android.os.Handler.dispatchMessage(Handler.java:106) E/AndroidRuntime( 7705): at android.os.Looper.loop(Looper.java:193) E/AndroidRuntime( 7705): at android.app.ActivityThread.main(ActivityThread.java:6669) E/AndroidRuntime( 7705): at java.lang.reflect.Method.invoke(Native Method) E/AndroidRuntime( 7705): at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) E/AndroidRuntime( 7705): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) E/AndroidRuntime( 7705): Caused by: java.lang.IllegalStateException: Reply already submitted E/AndroidRuntime( 7705): at io.flutter.view.FlutterNativeView$1.reply(FlutterNativeView.java:174) E/AndroidRuntime( 7705): at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler$1.success(MethodChannel.java:203) E/AndroidRuntime( 7705): at io.flutter.plugins.flutterauth0.FlutterAuth0Plugin.resolveWebAuthentication(FlutterAuth0Plugin.java:91) E/AndroidRuntime( 7705): at com.blangr.fairpay.RedirectUriReceiver.onCreate(RedirectUriReceiver.java:18) E/AndroidRuntime( 7705): at android.app.Activity.performCreate(Activity.java:7136) E/AndroidRuntime( 7705): at android.app.Activity.performCreate(Activity.java:7127) E/AndroidRuntime( 7705): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1271) E/AndroidRuntime( 7705): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2893) E/AndroidRuntime( 7705): ... 11 more

Hi @devdennysegura! I'm trying to use your component in a small smoke test for migrating an existing webapp that uses Auth0 to its mobile version. I'm struggling for a few days to make it work. Today I compared the code published at https://pub.dev/packages/flutter_auth0 (version 0.5.0, the one I'm using) and the lastest code here at Github and the one from pub.dev seems outdated, especially without important @sawankumarbundelkhandi PR's that you merged.

Am I right? What do you suggest in terms of the latest code? Forget pub.dev and use a local version from Github?

Thanks.

When the status code is not 200 the response is not a proper JSON.

Check the below screenshot the response for status code 401 is just "Unauthorized" which can't be jsonDecode.

Maybe we should check for status code and then wrap the response in AuthException.

When building your project after the latest API28 Android updates, Gradle throws a build error with dependency mismatch. The error you get is dependent on your project and can be misleading. The root cause is migration away from old support libs to new androidx libs. This is revealed by adding the following to your android/gradle.properties (see https://developer.android.com/jetpack/androidx/migrate):
android.useAndroidX=true
android.enableJetifier=true

flutter-auth0 uses the old libs and needs updating.

in the above mentioned position, I'm getting some error and not able to open auth0 authentication page in any of my browsers.

I checked only for android device.

D/FlutterView(24900): Detaching from a FlutterEngine: io.flutter.embedding.engine.FlutterEngine@90557e4
W/ActivityThread(24900): handleWindowVisibility: no activity for token android.os.BinderProxy@6995768
D/FlutterView(24900): Attaching to a FlutterEngine: io.flutter.embedding.engine.FlutterEngine@90557e4
I/flutter (24900): Error: ======================>>>>>>
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
I/flutter (24900): type '_InternalLinkedHashMap<String, dynamic>' is not a subtype of type 'String'
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
I/flutter (24900):
E/flutter (24900): [ERROR:flutter/lib/ui/ui_dart_state.cc(157)] Unhandled Exception: Connection closed before full header was received
E/flutter (24900): #0 IOClient.send
package:http/src/io_client.dart:65
E/flutter (24900):
E/flutter (24900): #1 BaseClient._sendUnstreamed
package:http/src/base_client.dart:176
E/flutter (24900): #2 BaseClient.patch
package:http/src/base_client.dart:104
E/flutter (24900): #3 Auth0Client.request
package:flutter_auth0/…/networking/client.dart:70
E/flutter (24900): #4 _AsyncAwaitCompleter.start (dart:async-patch/async_patch.dart:45:6)
E/flutter (24900): #5 Auth0Client.request
package:flutter_auth0/…/networking/client.dart:56
E/flutter (24900): #6 Auth0Client.mutate
package:flutter_auth0/…/networking/client.dart:30
E/flutter (24900): #7 _AsyncAwaitCompleter.start (dart:async-patch/async_patch.dart:45:6)
E/flutter (24900): #8 Auth0Client.mutate
package:flutter_auth0/…/networking/client.dart:29
E/flutter (24900): #9 Auth0Auth.exchange
package:flutter_auth0/…/auth/index.dart:99
E/flutter (24900): #10 _AsyncAwaitCompleter.start (dart:async-patch/async_patch.dart:45:6)
E/flutter (24900): #11 Auth0Auth.exchange
package:flutter_auth0/…/auth/index.dart:87
E/flutter (24900): #12 WebAuth.authorize..
package:flutter_auth0/…/webauth/index.dart:63
E/flutter (24900): #13 _AsyncAwaitCompleter.start (dart:async-patch/async_patch.dart:45:6)
E/flutter (24900): #14 WebAuth.authorize..
package:flutter_auth0/…/webauth/index.dart:62
E/flutter (24900): #15 _rootRunUnary (dart:async/zone.dart:1134:38)
E/flutter (24900): #16 _CustomZone.runUnary (dart:async/zone.dart:1031:19)

I am getting an issue in production with Apple sign in for that I am not sure if that is something this plugin can handle. So I ask for help to understand the issue.

The issue is when the user is logged in in iPhone settings with Apple id and then I try to login using auth0, it starts the browser and instantly browser gets closed by launching a native dialog to login with the same user or to switch to a different user. If user selects the same user then it does not go back to the browser to complete the login flow. Here I believe browser is the one which redirects the user back to our application using deep linking with a payload and, in this case, the native apple sign in dialog not going back to the browser. I guess this plugin looks for only browser to send back the idToken to our app.

So, in this case after apple sign in nothing happens, user sees the login screen of our app again. When there is no user in iPhone then the complete flow is managed by browser and login happens successfully. I think because of the native interface of Apple sign in which kicks in without our control, this flow is interrupted and at the end our app does not receive any payload from the Apple servers.

Can you please suggest what is the problem here or any solution for this?

Hi,

I am sorry (I know it is not relevant in this place).

I download your repo and try to make work the example.

The example works perfectly with your credentials.

I try to put my conf:

• Application type: NATIVE
• Client ID: ya0FsfR7OJdyKbLsLkUvEEguM9wUBRY9
• Domain: dev-bfh5gcfu.auth0.com

So when I put the callback URL as it is written in the readme :
callback URL: com.example.flutterauth0://dev-bfh5gcfu.auth0.com/android/com.example.flutterauth0/callback

I can signup a new user but I cannot log ('Test Login') in successfully (no redirect in the example app) or even use 'Test Refresh Token' or 'Test Clear Sessions'.

The only thing I modify in the code is the Client ID value by mine and the domain value by mine.

I suspect I need to set :

• Allowed Web Origins
• Application Login URI
• Allowed Logout URLs
• Allowed Origins (CORS) ?

Best Regards

When a user does not complete the pkce login process in ios, and instead clicks the "Done" button of the in-app browser an exception occurs.

"PlatformException (PlatformException(Error, a0.session.user_cancelled, User cancelled the Auth))"

The example provided does not use AppDelegate.swift. Hoping someone else has ran into this issue and has a working sample. Below is my AppDelegate.swift file. This issue only occurs on the ios simulator. Android simulator working just fine. Would greatly appreciate any help with this. Thank you!

AppDelegate.swift:

"import UIKit
import Flutter
import flutter_auth0


@UIApplicationMain
@objc class AppDelegate: FlutterAppDelegate {
  override func application(
    _ application: UIApplication,
    didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]? = nil
  ) -> Bool {
    GeneratedPluginRegistrant.register(with: self)
    return super.application(application, didFinishLaunchingWithOptions: launchOptions)
  }
  override func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
        return FlutterAuth0Plugin.application(app, open: url, options: options)
    }
}"

First, I want to thank @devdennysegura for all the work put into this plugin. What an awesome gift to the community! As this project is no longer actively maintained, let's come up with a plan for moving this plugin forward.

@gregertw, @filoe, and quite a few others have forks of this repo. I believe we should take one of these forks as the new official home for this project. I believe it does a disservice to the hard work that Denny's already done to not come together and get this moving forward again as a community.

This project represents a significant step forward for the Flutter community. It's a key gateway project and having it will help the overall growth in the community. I would like to work towards getting this up to date and then released on flutter pub as mentioned here #9.

I myself might be willing to help out in this effort, but I don't think I'm the right person to take over as sole maintainer. Would @gregertw, @filoe, or anyone else be willing to do this? Who's interested?

Below exception is thrown when the userInfo method is called.

Map<String, String>' has no instance getter 'token'

When using hosted login with email verification required on signup, a user will signup and it wont show the auth0 screen that says you have to verify your email. It automatically goes back to the apps login screen and the user doesn't know they have to verify their email.

The callbacks don't say anything either
{access_token: null, refresh_token: null, id_token: null, token_type: null, expires_in: null}

If the callback had a flag, we could at least show a popup on the app.

Hi,

I've been having a look through this sample and the first thing that struck me was that the flow you've chosen to implement here is the resource owner password grant. Unfortunately, it's not the best choice for client-side and native apps as it's mainly there to support highly-trusted applications (this is a good read if you want to know more about the risks). Auth0 actually recommends against using the Password grant type for public applications when setting up an application inside the dashboard, so people are already put off from doing this.

For a plugin such as this, would it be possible to instead implement the Authorization Code flow with PKCE, which is much more suitable for native applications?

I'm not a Flutter user at all but I've implemented something similar for Android. It basically comes down to opening a browser to hit the /authorize endpoint and then handling the callback which deep-links back into the running app. Not sure how that plays out in Flutter - is it possible?

Release Version Affected: 0.3.1
Last Known Working Version: 0.2.1 (fcd3650)

Description: Hard crash on iOS when using web login flow.

Using the Xcode debugger shows nil being passed to url SFSafariViewController *controller = [[SFSafariViewController alloc] initWithURL:url]; on FlutterAuth0Plugin.m:89. Prior warning is The specified URL has an unsupported scheme. Only HTTP and HTTPS URLs are supported. although the passed URL seems valid, there are spaces in the scope.

(https://auth.removeddomain.com/authorize?code_challenge_method=S256&code_challenge=j-nQHT29Y11EEAgIaiWJb6dwuKcIyGHzUC5KHYCt6A4&clientId=V1jhyoo97eyJCswxErzMb-DWD98DVgZi&redirectUri=com.removeddomain.removeddomain%3A%2F%2Fauth.removeddomain.com%2Fios%2Fcom.removeddomain.removeddomain%2Fcallback&scope=openid profile email offline_access write%3Avenue_redeem&audience=api.removeddomain.com&state=1EHGUTKjW_cUT-nv-o8Nyj8USuoSwxPax0Y_wxNtGsU&client_id=XXYYZZ&response_type=code)

Okta login not working in auth0 .

Hi,

I want to write integration test for my app, i'm trying to use flutter_driver package but i don't know how to simulate login with flutter-auth0. Anyone can help me?

Android log:

W/ActivityThread(31625): handleWindowVisibility: no activity for token android.os.BinderProxy@3df2479
D/AndroidRuntime(31625): Shutting down VM
E/AndroidRuntime(31625): FATAL EXCEPTION: main
E/AndroidRuntime(31625): Process: com.xxx.xxxxx, PID: 31625
E/AndroidRuntime(31625): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.xxx.xxxxx/io.flutter.plugins.flutterauth0.AuthenticationReceiver}: java.lang.IllegalStateException: Reply already submitted
E/AndroidRuntime(31625): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2952)
E/AndroidRuntime(31625): 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3087)
E/AndroidRuntime(31625): 	at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:78)
E/AndroidRuntime(31625): 	at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
E/AndroidRuntime(31625): 	at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
E/AndroidRuntime(31625): 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1817)
E/AndroidRuntime(31625): 	at android.os.Handler.dispatchMessage(Handler.java:106)
E/AndroidRuntime(31625): 	at android.os.Looper.loop(Looper.java:193)
E/AndroidRuntime(31625): 	at android.app.ActivityThread.main(ActivityThread.java:6746)
E/AndroidRuntime(31625): 	at java.lang.reflect.Method.invoke(Native Method)
E/AndroidRuntime(31625): 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
E/AndroidRuntime(31625): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
E/AndroidRuntime(31625): Caused by: java.lang.IllegalStateException: Reply already submitted
E/AndroidRuntime(31625): 	at io.flutter.embedding.engine.dart.DartMessenger$Reply.reply(DartMessenger.java:148)
E/AndroidRuntime(31625): 	at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler$1.success(MethodChannel.java:234)
E/AndroidRuntime(31625): 	at io.flutter.plugins.flutterauth0.FlutterAuth0Plugin.resolve(FlutterAuth0Plugin.java:79)
E/AndroidRuntime(31625): 	at io.flutter.plugins.flutterauth0.AuthenticationReceiver.closeView(AuthenticationReceiver.java:35)
E/AndroidRuntime(31625): 	at io.flutter.plugins.flutterauth0.AuthenticationReceiver.onCreate(AuthenticationReceiver.java:22)
E/AndroidRuntime(31625): 	at android.app.Activity.performCreate(Activity.java:7144)
E/AndroidRuntime(31625): 	at android.app.Activity.performCreate(Activity.java:7135)
E/AndroidRuntime(31625): 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1272)
E/AndroidRuntime(31625): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2932)
E/AndroidRuntime(31625): 	... 11 more
I/Process (31625): Sending signal. PID: 31625 SIG: 9
Lost connection to device.

Hey @devdennysegura is it possible to have multiple versions of the app on a single device (iOS) like app.version1 and app.version1.prod with the corresponding callbacks app.version1//.... and app.version1.pro//...? We are trying to figure something out but the second one routes in the webview after calling auth0 directly abort:blank and the callback without waiting for the password. So we don't know what happens. Did you ever try that?

I am trying to upgrade my package to sdk: ">=2.12.0 <3.0.0" which uses flutter_auth and flutter_core, but is unable to resolve the versions, is there any plan to upgrade to null-safety soon?

Regardless of the federated flag, it is always attempted. This fix removes any mention of the federated query parameter unless the federated flag is set to true.

Hey
If I get the token and I saved it, when it get's expired, how to refresh it silently?
I am using WebAuth...

I keep getting this exception _TypeError (type '(HttpException) => Null' is not a subtype of type '(dynamic) => dynamic') when I call auth0.auth.refreshToken.

My code to call it is like this:

try {
  var response = await auth0.auth.refreshToken({
    'refreshToken': refreshToken,
  });
  return response;
} catch (e) {
  print("Unable to refresh: ${e.toString()}");
}

The exception is being raised by the await auth0.auth.refreshToken line and isn't being caught by the try ... catch block, it is paused by VSCode. Am I doing something wrong, or is there a bug in the underlying library? Happens on a physical phone and on the emulator.

I used the code snippet as described replacing all the values relevant to my account but it throws an error such as _internalLinkedHashmapError.

flutter doctor
Doctor summary (to see all details, run flutter doctor -v):
[✓] Flutter (Channel stable, v1.12.13+hotfix.8, on Mac OS X 10.15.3 19D76, locale en-US)

[✓] Android toolchain - develop for Android devices (Android SDK version 29.0.3)
[✓] Xcode - develop for iOS and macOS (Xcode 11.3.1)
[✓] Android Studio (version 3.6)
[✓] IntelliJ IDEA Community Edition (version 2019.1.4)
[✓] VS Code (version 1.43.0)
[!] Connected device
! No devices available

! Doctor found issues in 1 category.

When I use the passwordRealm without internet the error parsing crashes and doesn't return the causing SocketException. Instead I get:

flutter: Tried calling: []("name"), stack:
flutter: #0      Object.noSuchMethod (dart:core-patch/object_patch.dart:53:5)
flutter: #1      Auth0Auth.passwordRealm (package:flutter_auth0/src/auth/index.dart:131:18)
flutter: <asynchronous suspension>
flutter: #2      Auth0Authentication._usernamePasswordLogin (package:spitch/authenticate/auth0_authentication.dart:78:40)
flutter: #3      Auth0Authentication.login.<anonymous closure> (package:spitch/authenticate/auth0_authentication.dart:19:24)

This makes it impossible to show a proper error message to my users.

Error parsing should gracefully handle and return errors when the network response can't be parsed to a Auth0Exception.

  Future<dynamic> passwordRealm(dynamic params) async {
    assert(params['username'] != null &&
        params['password'] != null &&
        params['realm'] != null);
    try {
      var payload = Map.from(params)
        ..addAll({
          'client_id': this.clientId,
          'grant_type': 'http://auth0.com/oauth/grant-type/password-realm',
        });
      http.Response res = await this.client.mutate('/oauth/token', payload);
      return await responseDataHandler(res);
    } catch (e) {
-      throw new Auth0Exeption(
-          name: e['name'] ?? e['error'],
-          description:
-              e['message'] ?? e['description'] ?? e['error_description']);
-    }
+     try {
+        throw new Auth0Exeption(
+            name: e['name'] ?? e['error'],
+            description:
+                e['message'] ?? e['description'] ?? e['error_description']);
+      }       
+     } catch (_) {
+       throw e;
+	 }
  }

In iOS it is working perfectly, not in android simulator though ...

When you login on Android it doesn't close the webview. Also when you are logged in it doesn't redirect you.

Can someone help me with this?

Regards,

I followed the instructions to use the package, but after configuration, I found that the auth0 page wouldn't load (it showed a blank page). The /authorize route appears to go through successfully, however, the /login route responds with an error:

Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.

I've tried to work around this on several new projects with flutter create for a blank slate. I've tried the flutter create both with an without --androidx support, nothing has worked. How can we get past this issue?

@devdennysegura

I am frequently receiving this error when calling the getUserInfo in Auth0Auth class.