lionsdev/unionflow-server-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(mobile): Implement Keycloak WebView authentication with HTTP callback

Browse Source 
- Replace flutter_appauth with custom WebView implementation to resolve deep link issues
- Add KeycloakWebViewAuthService with integrated WebView for seamless authentication
- Configure Android manifest for HTTP cleartext traffic support
- Add network security config for development environment (192.168.1.11)
- Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback)
- Remove obsolete keycloak_auth_service.dart and temporary scripts
- Clean up dependencies and regenerate injection configuration
- Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F)

BREAKING CHANGE: Authentication flow now uses WebView instead of external browser
- Users will see Keycloak login page within the app instead of browser redirect
- Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues
- Maintains full OIDC compliance with PKCE flow and secure token storage

Technical improvements:
- WebView with custom navigation delegate for callback handling
- Automatic token extraction and user info parsing from JWT
- Proper error handling and user feedback
- Consistent authentication state management across app lifecycle
This commit is contained in:
DahoudG
2025-09-15 01:44:16 +00:00
parent 73459b3092
commit f89f6167cc
290 changed files with 34563 additions and 3528 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
client-config.json Normal file
View File

@@ -0,0 +1,29 @@
{
"clientId": "unionflow-mobile",
"name": "UnionFlow Mobile App",
"description": "Application mobile UnionFlow avec authentification OIDC",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"publicClient": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"authorizationServicesEnabled": false,
"rootUrl": "com.unionflow.mobile://",
"baseUrl": "com.unionflow.mobile://home",
"redirectUris": [
"com.unionflow.mobile://login-callback",
"com.unionflow.mobile://login-callback/*"
],
"webOrigins": ["+"],
"attributes": {
"post.logout.redirect.uris": "com.unionflow.mobile://logout-callback##com.unionflow.mobile://logout-callback/*",
"pkce.code.challenge.method": "S256",
"access.token.lifespan": "900",
"client.session.idle.timeout": "1800",
"client.session.max.lifespan": "43200"
},
"defaultClientScopes": ["openid", "profile", "email", "roles"],
"optionalClientScopes": []
}