In the Flutter app I'm currently building, I need to authenticate users against a custom (so non-Google/Facebook/Twitter/etc) authorization server.
In order to achieve this, the users should fill in their credentials in a webpage. To this purpose, the WebView-plugin can be used. However, when the page is redirected after the user authenticated, the WebView should be closed, and the code passed on to the (Flutter) function that initially called the WebView.
Having done some research already, I came accross the following options:
Does a solution exist, that closes the browser automatically once the redirect-URI is opened (and also returns the verification code)?
Thanks in advance!
The OAuth 2.0 Authorization Framework powers various authorization flows and grants. Flows are means of obtaining Access Tokens. Selecting the right flow for your use case depends on your app type, but you should also consider other parameters like the client's level of trust and the user experience.
For most cases, we recommend using the Authorization Code Flow with PKCE because the Access Token is not exposed on the client side, and this flow can return Refresh Tokens. To learn more about how this flow works and how to implement it, see Authorization Code Flow with Proof Key for Code Exchange (PKCE).
I haven't tried this, but my idea is to use FlutterWebviewPlugin
to send the user to a URL like https://www.facebook.com/v2.8/dialog/oauth?client_id={app-id}&redirect_uri=fbAPP_ID://authorize
. Then add native handlers for application:openURL:options:
(on iOS) and onNewIntent
(Android) and modify AndroidManifest.xml
and Info.plist
to register the app to receive URLs from the fbAPP_ID
scheme. You can use the platform channels to pass the deep link parameters back to Dart-land and call close()
on the webview on the Dart side.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With