feat(mobile): Implement Keycloak WebView authentication with HTTP callback
- Replace flutter_appauth with custom WebView implementation to resolve deep link issues - Add KeycloakWebViewAuthService with integrated WebView for seamless authentication - Configure Android manifest for HTTP cleartext traffic support - Add network security config for development environment (192.168.1.11) - Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback) - Remove obsolete keycloak_auth_service.dart and temporary scripts - Clean up dependencies and regenerate injection configuration - Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F) BREAKING CHANGE: Authentication flow now uses WebView instead of external browser - Users will see Keycloak login page within the app instead of browser redirect - Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues - Maintains full OIDC compliance with PKCE flow and secure token storage Technical improvements: - WebView with custom navigation delegate for callback handling - Automatic token extraction and user info parsing from JWT - Proper error handling and user feedback - Consistent authentication state management across app lifecycle
This commit is contained in:
DahoudG
70
test-keycloak-mobile.ps1
Normal file
70
test-keycloak-mobile.ps1
Normal file
@@ -0,0 +1,70 @@
|
||||
# Test de la configuration Keycloak pour mobile
|
||||
$KeycloakUrl = "http://192.168.1.11:8180"
|
||||
$Realm = "unionflow"
|
||||
$ClientId = "unionflow-mobile"
|
||||
|
||||
Write-Host "=== TEST CONFIGURATION KEYCLOAK MOBILE ===" -ForegroundColor Cyan
|
||||
Write-Host ""
|
||||
|
||||
# 1. Test du realm
|
||||
Write-Host "1. Test du realm '$Realm'..." -ForegroundColor Yellow
|
||||
try {
|
||||
$realmConfig = Invoke-RestMethod -Uri "$KeycloakUrl/realms/$Realm/.well-known/openid_configuration"
|
||||
Write-Host " ✅ Realm accessible" -ForegroundColor Green
|
||||
Write-Host " Authorization endpoint: $($realmConfig.authorization_endpoint)" -ForegroundColor Gray
|
||||
Write-Host " Token endpoint: $($realmConfig.token_endpoint)" -ForegroundColor Gray
|
||||
} catch {
|
||||
Write-Host " ❌ Realm non accessible: $($_.Exception.Message)" -ForegroundColor Red
|
||||
exit 1
|
||||
}
|
||||
|
||||
# 2. Test du client mobile
|
||||
Write-Host "2. Test du client '$ClientId'..." -ForegroundColor Yellow
|
||||
try {
|
||||
# Obtenir token admin
|
||||
$tokenBody = "username=admin&password=admin&grant_type=password&client_id=admin-cli"
|
||||
$tokenResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/master/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $tokenBody
|
||||
$accessToken = $tokenResponse.access_token
|
||||
|
||||
# Vérifier le client
|
||||
$headers = @{ "Authorization" = "Bearer $accessToken" }
|
||||
$clients = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients?clientId=$ClientId" -Method Get -Headers $headers
|
||||
|
||||
if ($clients.Count -gt 0) {
|
||||
$client = $clients[0]
|
||||
Write-Host " ✅ Client trouvé" -ForegroundColor Green
|
||||
Write-Host " Enabled: $($client.enabled)" -ForegroundColor Gray
|
||||
Write-Host " Public Client: $($client.publicClient)" -ForegroundColor Gray
|
||||
Write-Host " Standard Flow: $($client.standardFlowEnabled)" -ForegroundColor Gray
|
||||
Write-Host " Redirect URIs: $($client.redirectUris -join ', ')" -ForegroundColor Gray
|
||||
|
||||
# Vérifier les redirect URIs
|
||||
$expectedUri = "com.unionflow.mobile://login-callback/*"
|
||||
if ($client.redirectUris -contains $expectedUri) {
|
||||
Write-Host " ✅ Redirect URI correct" -ForegroundColor Green
|
||||
} else {
|
||||
Write-Host " ⚠️ Redirect URI manquant: $expectedUri" -ForegroundColor Yellow
|
||||
}
|
||||
} else {
|
||||
Write-Host " ❌ Client non trouvé" -ForegroundColor Red
|
||||
}
|
||||
} catch {
|
||||
Write-Host " ❌ Erreur: $($_.Exception.Message)" -ForegroundColor Red
|
||||
}
|
||||
|
||||
# 3. Test d'authentification utilisateur
|
||||
Write-Host "3. Test d'authentification utilisateur..." -ForegroundColor Yellow
|
||||
try {
|
||||
$userBody = "username=test@unionflow.dev&password=test123&grant_type=password&client_id=$ClientId"
|
||||
$userResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/$Realm/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $userBody
|
||||
|
||||
Write-Host " ✅ Authentification réussie" -ForegroundColor Green
|
||||
Write-Host " Access token reçu: $($userResponse.access_token.Substring(0, 50))..." -ForegroundColor Gray
|
||||
Write-Host " Token type: $($userResponse.token_type)" -ForegroundColor Gray
|
||||
Write-Host " Expires in: $($userResponse.expires_in) secondes" -ForegroundColor Gray
|
||||
} catch {
|
||||
Write-Host " ❌ Échec authentification: $($_.Exception.Message)" -ForegroundColor Red
|
||||
}
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "=== DIAGNOSTIC TERMINÉ ===" -ForegroundColor Cyan
|
||||
Reference in New Issue
Block a user