FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Social login with Flutter App

    Scheduled Pinned Locked Moved
    Q&A
    3
    11
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      Hiya,

      I don't know the answer offhand, unfortunately. If I were debugging this issue, I'd make sure I could do social login with Google using a webclient, just to remove the mobile issue from the equation.

      Is there a way to use iOS/Android tokens inside FusionAuth?

      I'm not quite sure what you mean there. Can you explain further?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • M
        marco
        last edited by marco

        Hey dan, thanks for taking the time.

        About your suggestion, we tried to login using a web client, and it works fine!

        So, the next step would be to use a webview inside our flutter app, and it should work, right?

        Unfortunately, we tested many flutter plugins for webviews, including the official one, but they all have some issues with the keyboard (most are experimental), and that will block users from logging in, because they can't type their passwords.

        About the token validation error I mentioned on the first question, as flutter generates native apps, we used the mobile token provided by google developer, and that does not work because fusion auth expects a web token instead. After that experience, we tried to find a solution using the web token, but we end up with the problems above.

        That is why we asked if fusion auth would allow and validate mobile tokens. I hope someone in the community have already used fusion auth social login within a flutter app.

        1 Reply Last reply Reply Quote 0
        • danD
          dan
          last edited by

          Ah, makes sense.

          I don't think you want to use a webview or an ios/android token. Per OAuth 2.0 for Native Apps, the recommended solution is to use the system browser:

          For authorizing users in native apps, the best current practice is to
          perform the OAuth authorization request in an external user-agent
          (typically the browser) rather than an embedded user-agent (such as
          one implemented with web-views).

          You can see how this was implemented in React Native here: https://fusionauth.io/blog/2020/08/19/securing-react-native-with-oauth and here https://github.com/fusionauth/fusionauth-example-react-native

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 1
          • M
            marco
            last edited by

            Hey Dan.

            I just wanted to thank you for the support.

            We are now using FusionAuth login pages directly (as you suggested), and it works perfectly!

            For reference, we used this flutter package: https://pub.dev/packages/flutter_appauth/example

            Thank you again!

            1 Reply Last reply Reply Quote 1
            • danD
              dan
              last edited by

              That's awesome, glad it got worked out.

              Please share here when your app is released!

              --
              FusionAuth - Auth for devs, built by devs.
              https://fusionauth.io

              M 1 Reply Last reply Reply Quote 0
              • M
                mak @dan
                last edited by

                We are new to flutter development and not sure how to integrate fusion auth, I am going thru the pointers but does not seem straightforward, if there is a sample implementation that would be awesome

                1 Reply Last reply Reply Quote 0
                • danD
                  dan
                  last edited by

                  Hiya,

                  We'll be releasing a flutter example app in the next few weeks. Keep an eye on the blog for it: https://fusionauth.io/blog/

                  --
                  FusionAuth - Auth for devs, built by devs.
                  https://fusionauth.io

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    mak @dan
                    last edited by mak

                    @dan Thank you so much,

                    I am trying to implement it and using the below function, but it redirects to the fusionAuth UI but when on the callback I see the below error

                     result =
        await appAuth.authorizeAndExchangeCode(
          AuthorizationTokenRequest(
            FUSIONAUTH_CLIENTID,
            FUSIONAUTH_REDIRECT_URI,
//            issuer: FUSIONAUTH_ISSUER,
            discoveryUrl: FUSIONAUTH_DISCOVERY_URL,
            scopes: <String>['openid', 'profile', 'offline_access'],
            // promptValues: ['login']
          ),
        );```

I am getting thee error below
===================
PlatformException(authorize_and_exchange_code_failed, Failed to authorize:[error: invalid_client, description: Client
authentication missing aaas Basic Authorization header or credentials in the body(or some combination of them.], null, null)
                    1 Reply Last reply Reply Quote 0
                    • danD
                      dan
                      last edited by

                      You could try turning off "Require authentication" in the application's OAuth tab and seeing if that helps.

                      If that fixes it, it seems like the FusionAuth dart client isn't properly providing the client secret to FusionAuth, which seems like a bug. If so, can you file an issue here: https://github.com/fusionauth/fusionauth-dart-client

                      --
                      FusionAuth - Auth for devs, built by devs.
                      https://fusionauth.io

                      1 Reply Last reply Reply Quote 0
                      • danD
                        dan
                        last edited by

                        Just wanted to update. A user opened: https://github.com/FusionAuth/fusionauth-dart-client/issues/7

                        To clear things up, with a public client like a mobile application, you can't safely store a client secret (it'll be shared among all the native apps and can be found via decompilation).

                        In this scenario, you should disable Require authentication in the FusionAuth Application configuration and use PKCE to secure communication with the Token endpoint.

                        You can use the exchangeOAuthCodeForAccessTokenUsingPKCE client method to do so.

                        This is also outlined here: https://fusionauth.io/docs/v1/tech/client-libraries/dart/

                        --
                        FusionAuth - Auth for devs, built by devs.
                        https://fusionauth.io

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post