feat(mobile): Implement Keycloak WebView authentication with HTTP callback

- Replace flutter_appauth with custom WebView implementation to resolve deep link issues - Add KeycloakWebViewAuthService with integrated WebView for seamless authentication - Configure Android manifest for HTTP cleartext traffic support - Add network security config for development environment (192.168.1.11) - Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback) - Remove obsolete keycloak_auth_service.dart and temporary scripts - Clean up dependencies and regenerate injection configuration - Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F) BREAKING CHANGE: Authentication flow now uses WebView instead of external browser - Users will see Keycloak login page within the app instead of browser redirect - Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues - Maintains full OIDC compliance with PKCE flow and secure token storage Technical improvements: - WebView with custom navigation delegate for callback handling - Automatic token extraction and user info parsing from JWT - Proper error handling and user feedback - Consistent authentication state management across app lifecycle
2025-09-15 01:44:16 +00:00
parent 73459b3092
commit f89f6167cc
290 changed files with 34563 additions and 3528 deletions
--- a/create-server-client.ps1
+++ b/create-server-client.ps1
@@ -0,0 +1,104 @@
+# Script pour créer le client unionflow-server dans Keycloak
+param(
+    [string]$KeycloakUrl = "http://192.168.1.11:8180",
+    [string]$Realm = "unionflow",
+    [string]$AdminUser = "admin",
+    [string]$AdminPassword = "admin",
+    [string]$ClientId = "unionflow-server",
+    [string]$ClientSecret = "unionflow-secret-2025"
+)
+
+Write-Host "🖥️ Création du client serveur dans Keycloak..." -ForegroundColor Cyan
+Write-Host "📍 Keycloak URL: $KeycloakUrl" -ForegroundColor Gray
+Write-Host "🏛️ Realm: $Realm" -ForegroundColor Gray
+Write-Host "🖥️ Client ID: $ClientId" -ForegroundColor Gray
+Write-Host ""
+
+try {
+    # 1. Obtenir le token d'administration
+    Write-Host "🔑 Obtention du token d'administration..." -ForegroundColor Yellow
+    
+    $tokenBody = @{
+        username = $AdminUser
+        password = $AdminPassword
+        grant_type = "password"
+        client_id = "admin-cli"
+    }
+    
+    $tokenResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/master/protocol/openid-connect/token" `
+                                      -Method Post `
+                                      -ContentType "application/x-www-form-urlencoded" `
+                                      -Body $tokenBody
+    
+    $accessToken = $tokenResponse.access_token
+    Write-Host "✅ Token obtenu avec succès" -ForegroundColor Green
+    
+    # 2. Créer le client serveur
+    Write-Host "🖥️ Création du client serveur '$ClientId'..." -ForegroundColor Yellow
+    
+    $clientConfig = @{
+        clientId = $ClientId
+        name = "UnionFlow Server API"
+        description = "Client pour l'API serveur UnionFlow"
+        enabled = $true
+        clientAuthenticatorType = "client-secret"
+        secret = $ClientSecret
+        publicClient = $false
+        standardFlowEnabled = $true
+        implicitFlowEnabled = $false
+        directAccessGrantsEnabled = $true
+        serviceAccountsEnabled = $true
+        authorizationServicesEnabled = $false
+        redirectUris = @("http://192.168.1.11:8080/*")
+        webOrigins = @("http://192.168.1.11:8080", "http://localhost:8080")
+        protocol = "openid-connect"
+        attributes = @{
+            "access.token.lifespan" = "900"
+            "client.session.idle.timeout" = "1800"
+            "client.session.max.lifespan" = "43200"
+        }
+        defaultClientScopes = @("openid", "profile", "email", "roles")
+        optionalClientScopes = @()
+    } | ConvertTo-Json -Depth 10
+    
+    $headers = @{
+        "Authorization" = "Bearer $accessToken"
+        "Content-Type" = "application/json"
+    }
+    
+    try {
+        $clientResponse = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients" `
+                                           -Method Post `
+                                           -Headers $headers `
+                                           -Body $clientConfig
+        Write-Host "✅ Client serveur créé avec succès" -ForegroundColor Green
+    }
+    catch {
+        if ($_.Exception.Response.StatusCode -eq 409) {
+            Write-Host "⚠️ Le client existe déjà, mise à jour..." -ForegroundColor Yellow
+        }
+        else {
+            throw
+        }
+    }
+    
+    Write-Host ""
+    Write-Host "🎉 CLIENT SERVEUR CRÉÉ AVEC SUCCÈS !" -ForegroundColor Green
+    Write-Host "🖥️ Client ID: $ClientId" -ForegroundColor White
+    Write-Host "🔒 Client Secret: $ClientSecret" -ForegroundColor White
+    Write-Host ""
+    Write-Host "Le serveur Quarkus peut maintenant s'authentifier avec Keycloak !" -ForegroundColor Cyan
+    
+}
+catch {
+    Write-Host ""
+    Write-Host "ERREUR lors de la creation du client serveur !" -ForegroundColor Red
+    Write-Host "Details: $($_.Exception.Message)" -ForegroundColor Red
+
+    if ($_.Exception.Response) {
+        $statusCode = $_.Exception.Response.StatusCode.value__
+        Write-Host "Code de statut HTTP: $statusCode" -ForegroundColor Red
+    }
+    
+    exit 1
+}