fix: redirectUri being added a port on windows platform #92
Comments
|
We are using https://datatracker.ietf.org/doc/html/rfc8252 to handle desktop auth and there are 3 ways to receive the auth response The redirect url you used suggests you are using the first method "Private-Use URI Scheme Redirection", which is actually less secure. This is why we only support the third method (Loopback Interface Redirection) as it does not require any custom configuration regarding DNS or messing with domain claims. our example app contains a sample code on how to configure a cross-platform redirect uri: oidc/packages/oidc/example/lib/app_state.dart Lines 45 to 71 in 5a5b31d |
|
After doing some research around okta provider, it seems that it's a limitation with okta: https://devforum.okta.com/t/loopback-interface-redirection-ephemeral-ports-wildcard-ports-in-localhost-redirect-uri/22197/2 |
Hi, I'm not sure if this is a issue, or if I'm missing a config, but whenever I try to use this on windows, the Uri gets changed, and in Chrome as web works fine.
final manager = OidcUserManager.lazy(
store: OidcMemoryStore(),
settings: OidcUserManagerSettings(redirectUri: Uri.parse("com.okta.dev-41706738:/callback")),
clientCredentials:const OidcClientAuthentication.clientSecretBasic(clientId: "0oahre9v3cQmMQ3BR5d7",
clientSecret: "cT4PozCQcBYtE1MG_36qjDQGYjdLQeu5tohr0aStjuZo2J96bymtxYJ-kaI8Ce0w",),
discoveryDocumentUri: OidcUtils.getOpenIdConfigWellKnownUri(Uri.parse("https://dev-41706738-admin.okta.com"),),);
Chrome: redirect_uri=com.okta.dev-41706738%3A%2Fcallback (Good one)
Windows: redirect_uri=com.okta.dev-41706738%3A%2F%2F%3A53856%2Fcallback (Changed one)
I'm using the example Git repo, didn't really changed any setting, and I'm using the same example that comes with the package.
Thanks a lot!
The text was updated successfully, but these errors were encountered: