I’m using flutter_appauth
library for implementing oauth2 with custom web service.
Problem:
When the user signs in, in a clear browser without cache, cookies etc. (meaning that there are no active session in it), it doesn’t redirect the user to the app. However, when the browser already has an active session (user can obtain it if he provides correct credentials and then exits the browser) redirection works perfectly fine.
So basically this is the flow for better understanding:
- User enters the app
- Clicks on sign in button
- Provides correct credentials (browser doesn’t redirect)
- Exits the browser
- Clicks sign in button again
- This time redirection works without asking for credentials (because the browser already has active session in it)
This is the code
Login
final AuthorizationTokenResponse result =
await appAuth.authorizeAndExchangeCode(
AuthorizationTokenRequest(
Constants.oauth2ClientId,
'com.myapp.app:/oauthredirect',
serviceConfiguration: AuthorizationServiceConfiguration(
authorizationEndpoint: API.oauth2authorize().toString(),
tokenEndpoint: API.oauth2token().toString(),
),
preferEphemeralSession: true,
scopes: [
'read',
'write',
],
allowInsecureConnections: true,
),
);
build.gradle
manifestPlaceholders += [appAuthRedirectScheme: 'com.myapp.app']
I’ve already checked if redirect schemes are similar with the backend and everything is fine.