f89f6167cc
- Replace flutter_appauth with custom WebView implementation to resolve deep link issues - Add KeycloakWebViewAuthService with integrated WebView for seamless authentication - Configure Android manifest for HTTP cleartext traffic support - Add network security config for development environment (192.168.1.11) - Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback) - Remove obsolete keycloak_auth_service.dart and temporary scripts - Clean up dependencies and regenerate injection configuration - Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F) BREAKING CHANGE: Authentication flow now uses WebView instead of external browser - Users will see Keycloak login page within the app instead of browser redirect - Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues - Maintains full OIDC compliance with PKCE flow and secure token storage Technical improvements: - WebView with custom navigation delegate for callback handling - Automatic token extraction and user info parsing from JWT - Proper error handling and user feedback - Consistent authentication state management across app lifecycle
63 lines
2.7 KiB
PowerShell
63 lines
2.7 KiB
PowerShell
# Script final pour corriger les redirect URIs Keycloak
|
|
$KeycloakUrl = "http://192.168.1.11:8180"
|
|
$Realm = "unionflow"
|
|
$ClientId = "unionflow-mobile"
|
|
$ClientUuid = "67b09521-3c8d-4ab1-9d13-80af9240c64d"
|
|
|
|
Write-Host "=== CORRECTION FINALE KEYCLOAK ===" -ForegroundColor Cyan
|
|
|
|
try {
|
|
# Obtenir token admin
|
|
$tokenResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/master/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body "username=admin&password=admin&grant_type=password&client_id=admin-cli"
|
|
$accessToken = $tokenResponse.access_token
|
|
Write-Host "✅ Token obtenu" -ForegroundColor Green
|
|
|
|
# Configuration correcte du client
|
|
$headers = @{ "Authorization" = "Bearer $accessToken" }
|
|
|
|
$clientConfig = @{
|
|
id = $ClientUuid
|
|
clientId = $ClientId
|
|
name = "UnionFlow Mobile App"
|
|
enabled = $true
|
|
publicClient = $true
|
|
standardFlowEnabled = $true
|
|
implicitFlowEnabled = $false
|
|
directAccessGrantsEnabled = $false
|
|
serviceAccountsEnabled = $false
|
|
redirectUris = @(
|
|
"dev.lions.unionflow_mobile_apps://callback",
|
|
"dev.lions.unionflow_mobile_apps://login-callback",
|
|
"dev.lions.unionflow_mobile_apps://oauth/callback"
|
|
)
|
|
webOrigins = @("+")
|
|
attributes = @{
|
|
"pkce.code.challenge.method" = "S256"
|
|
}
|
|
protocol = "openid-connect"
|
|
fullScopeAllowed = $true
|
|
defaultClientScopes = @("web-origins", "acr", "profile", "roles", "basic", "email")
|
|
optionalClientScopes = @("address", "phone", "offline_access", "organization", "microprofile-jwt")
|
|
}
|
|
|
|
$clientJson = $clientConfig | ConvertTo-Json -Depth 10
|
|
|
|
# Mettre à jour le client
|
|
Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients/$ClientUuid" -Method Put -Headers $headers -Body $clientJson -ContentType "application/json"
|
|
|
|
Write-Host "✅ Client mis à jour avec succès !" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "Nouvelles redirect URIs:" -ForegroundColor Yellow
|
|
Write-Host " - dev.lions.unionflow_mobile_apps://callback" -ForegroundColor Gray
|
|
Write-Host " - dev.lions.unionflow_mobile_apps://login-callback" -ForegroundColor Gray
|
|
Write-Host " - dev.lions.unionflow_mobile_apps://oauth/callback" -ForegroundColor Gray
|
|
|
|
} catch {
|
|
Write-Host "❌ Erreur: $($_.Exception.Message)" -ForegroundColor Red
|
|
if ($_.Exception.Response) {
|
|
$reader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream())
|
|
$responseBody = $reader.ReadToEnd()
|
|
Write-Host "Détails: $responseBody" -ForegroundColor Red
|
|
}
|
|
}
|