🐛 Bug Report: OAuth2 under Windows

[DanielAlbertSwan]

👟 Reproduction steps

Run Windows Desktop app and create an OAuth session like this
createOAuth2Session(provider: "microsoft");

👍 Expected behavior

I get an Session like I do when I make this in Browser

👎 Actual Behavior

I get an Exception from flutter_web_auth_2 that the callbackUrlScheme is wrong. It is because the following check is implemented by flutter_web_auth_2
https://github.com/ThexXTURBOXx/flutter_web_auth_2/blob/21316bc2d76a12ac19d4c3db9eb05531bc0cd3ed/flutter_web_auth_2_windows/lib/flutter_web_auth_2_windows.dart#L65

🎲 Appwrite version

Version 1.0.x

💻 Operating system

Windows

🧱 Your Environment

No response

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[2002Bishwajeet]

yea, so Fluttter_web_auth for windows is still buggy and the approach is not perfect for windows implementation

[stnguyen90]

@DanielAlbertSwan, what happens if you do:

createOAuth2Session(provider: "microsoft", success: "http://localhost:<some port>");

I actually assume flutter_web_auth_2 will work fine, but the Appwrite SDK will throw an exception because of:

sdk-for-flutter/lib/src/client_io.dart

Lines 322 to 325 in f8480fd

	if (key == null || secret == null) {
	throw AppwriteException(
	"Invalid OAuth2 Response. Key and Secret not available.", 500);
	}

[ThexXTURBOXx]

@2002Bishwajeet Your bug should already be fixed (ThexXTURBOXx/flutter_web_auth_2#7), so it is not inherently buggy.

However, yes, there is an important limitation: The error message you get should already tell you what you did wrong :)

Callback url scheme must start with http://localhost:{port}

For now, the callback scheme must start with http://localhost:{port} such that flutter_web_auth_2 can pick the parameters up.
If you have any other idea on how to accomplish the authentication on Windows, you are free to contribute: https://github.com/ThexXTURBOXx/flutter_web_auth_2

[2002Bishwajeet]

Yea, the limitation is the thing I am talking about ( sorry for reframing it wrong), and my callback Url scheme since must start with localhost, so maybe not be possible to use in production (it's not gonna be localhost forever🙂). I am still thinking of a better approach and it might take some time to discuss with my team before making a PR

[DanielAlbertSwan]

@DanielAlbertSwan, what happens if you do:

createOAuth2Session(provider: "microsoft", success: "http://localhost:<some port>");

I actually assume flutter_web_auth_2 will work fine, but the Appwrite SDK will throw an exception because of:

sdk-for-flutter/lib/src/client_io.dart

Lines 322 to 325 in f8480fd

	if (key == null || secret == null) {
	throw AppwriteException(
	"Invalid OAuth2 Response. Key and Secret not available.", 500);
	}

Hi stnguyen that doesn't work the callback url scheme on windows must be http://localhost:{some port}

This needs to be done here

sdk-for-flutter/lib/src/client_io.dart

Line 317 in f8480fd

callbackUrlScheme: "appwrite-callback-" + config['project']!,

here we need something like this
callbackUrlScheme: Platform.isWindows ? "http://localhost:4711" : appwrite-callback-" + config['project']!,

for port we need a logic to determine a free one.

[DanielAlbertSwan]

@2002Bishwajeet Your bug should already be fixed (ThexXTURBOXx/flutter_web_auth_2#7), so it is not inherently buggy.

However, yes, there is an important limitation: The error message you get should already tell you what you did wrong :)

Callback url scheme must start with http://localhost:{port}

For now, the callback scheme must start with http://localhost:{port} such that flutter_web_auth_2 can pick the parameters up. If you have any other idea on how to accomplish the authentication on Windows, you are free to contribute: https://github.com/ThexXTURBOXx/flutter_web_auth_2

The question is how much sense does it make to allow a callbackURIScheme for the windows platform you could just determine a free port on the system and ignore the callbackURIScheme

[Mabenan]

I have done some research and found the following https://pub.dev/packages/desktop_webview_window maybe the sdk or even flutter_web_auth could utilize it and react on the url changed callback.

[Mabenan]

@stnguyen90 One basic understanding question how is decide that the success redirection is the appwrite-callback-[PROJECT_ID] scheme?

[stnguyen90]

@stnguyen90 One basic understanding question how is decide that the success redirection is the appwrite-callback-[PROJECT_ID] scheme?

The default success sends users to /v1/auth/oauth2/success which has this code:

https://github.com/appwrite/appwrite/blob/02a432102df047d2ea96faed65d77a862239d487/app/views/home/auth/oauth2.phtml#L16

[Mabenan]

I think a solutuon with the current flutter_web_auth2 would be to change the callback scheme to localhost and free port amd then set the success url to localhost:port/v1/auth/oauth/success as only the path is checked this should give us the key and secret

[Mabenan]

OK I confirmed that this workaround works. I would really favour to do this as a solution for the moment because a solution based on the callback scheme will definitely take more time to implement in flutter_web_auth_2

[stnguyen90]

OK I confirmed that this workaround works. I would really favour to do this as a solution for the moment because a solution based on the callback scheme will definitely take more time to implement in flutter_web_auth_2

@Mabenan wow! this is awesome! Thanks so much for testing this!

[Mabenan]

I will try to make a PR for this

[stnguyen90]

I will try to make a PR for this

@Mabenan, PR for what? 🧐

[Mabenan]

I will try to make a PR for this

@Mabenan, PR for what? 🧐

For changing the value we give flutter_web_auth_2 as callbackUri under windows.

So that we don't run into an exception. See the origin of this issue.

[stnguyen90]

@Mabenan oh, you want to change the appwrite SDK code because the current code actually doesn't work yet? If so, please make sure to submit the PR in the sdk-generator repo.

[Mabenan]

@Mabenan oh, you want to change the appwrite SDK code because the current code actually doesn't work yet? If so, please make sure to submit the PR in the sdk-generator repo.

Yes this was exactly my plan 😉

[stnguyen90]

@Mabenan, sounds good! I'll also discuss with the team to make sure we're okay with this approach.

[merabtenei]

@DanielAlbertSwan, what happens if you do:

createOAuth2Session(provider: "microsoft", success: "http://localhost:<some port>");

I actually assume flutter_web_auth_2 will work fine, but the Appwrite SDK will throw an exception because of:

sdk-for-flutter/lib/src/client_io.dart

Lines 322 to 325 in f8480fd

	if (key == null || secret == null) {
	throw AppwriteException(
	"Invalid OAuth2 Response. Key and Secret not available.", 500);
	}

I get exactly that with :

          provider: 'google',
          success: !kIsWeb && Platform.isWindows
              ? 'http://localhost:5998/v1/auth/oauth2/success'
              : null);

Does this actually work ? I'm getting "Invalid OAuth2 Response. Key and Secret not available." after the redirect to the app.
Is there any special things we need to add for windows. It's working on android so my OAuth config is correctly setup.

[Mabenan]

You have to ensure that the path matches exactly this one of your appwrite version https://github.com/appwrite/appwrite/blob/fd7a2cbfada41481495d2ffc6bf4fdec630c9f9f/app/controllers/api/account.php#L46

At the current version this is /auth/oauth2/success . You used the /v1 at the beginning which is wrong.

For ex.: "http://localhost:9999/auth/oauth2/success"

[foxy17]

Having this same issue in version 11.0.1 with appwrite cloud. Code for reference.

 var _codeListenerServer = await HttpServer.bind('localhost', 0);
  print('Listening on localhost:${_codeListenerServer.port}');
   _account.createOAuth2Session(provider: "google",success: "http://localhost:${_codeListenerServer.port}/auth/oauth2/success");
  

This is what I get in my Chrome browser