lionsdev/unionflow-server-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a619ee1bfb36a7c51e3e5d159311f90babab8f2
unionflow-server-api/fix-keycloak-mobile-config.ps1
DahoudG f89f6167cc feat(mobile): Implement Keycloak WebView authentication with HTTP callback 
- Replace flutter_appauth with custom WebView implementation to resolve deep link issues
- Add KeycloakWebViewAuthService with integrated WebView for seamless authentication
- Configure Android manifest for HTTP cleartext traffic support
- Add network security config for development environment (192.168.1.11)
- Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback)
- Remove obsolete keycloak_auth_service.dart and temporary scripts
- Clean up dependencies and regenerate injection configuration
- Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F)

BREAKING CHANGE: Authentication flow now uses WebView instead of external browser
- Users will see Keycloak login page within the app instead of browser redirect
- Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues
- Maintains full OIDC compliance with PKCE flow and secure token storage

Technical improvements:
- WebView with custom navigation delegate for callback handling
- Automatic token extraction and user info parsing from JWT
- Proper error handling and user feedback
- Consistent authentication state management across app lifecycle
2025-09-15 01:44:16 +00:00

97 lines
4.2 KiB
PowerShell
Raw Blame History

# Script pour corriger la configuration du client mobile Keycloak
$KeycloakUrl = "http://192.168.1.11:8180"
$Realm = "unionflow"
$ClientId = "unionflow-mobile"
Write-Host "=== CORRECTION CONFIGURATION CLIENT MOBILE ===" -ForegroundColor Cyan
Write-Host ""
try {
# 1. Obtenir token admin
Write-Host "1. Obtention du token admin..." -ForegroundColor Yellow
$tokenBody = "username=admin&password=admin&grant_type=password&client_id=admin-cli"
$tokenResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/master/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $tokenBody
$accessToken = $tokenResponse.access_token
Write-Host " ✅ Token obtenu" -ForegroundColor Green
# 2. Récupérer le client existant
Write-Host "2. Récupération du client '$ClientId'..." -ForegroundColor Yellow
$headers = @{ "Authorization" = "Bearer $accessToken" }
$clients = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients?clientId=$ClientId" -Method Get -Headers $headers
if ($clients.Count -eq 0) {
Write-Host " ❌ Client non trouvé" -ForegroundColor Red
exit 1
}
$client = $clients[0]
$clientUuid = $client.id
Write-Host " ✅ Client trouvé: $clientUuid" -ForegroundColor Green
# 3. Configuration correcte du client
Write-Host "3. Mise à jour de la configuration..." -ForegroundColor Yellow
$updatedClient = @{
id = $clientUuid
clientId = $ClientId
name = "UnionFlow Mobile App"
enabled = $true
publicClient = $true
standardFlowEnabled = $true
implicitFlowEnabled = $false
directAccessGrantsEnabled = $false
serviceAccountsEnabled = $false
authorizationServicesEnabled = $false
rootUrl = "com.unionflow.mobile://"
baseUrl = "com.unionflow.mobile://home"
redirectUris = @(
"com.unionflow.mobile://login-callback",
"com.unionflow.mobile://login-callback/*",
"com.unionflow.mobile://oauth/callback"
)
postLogoutRedirectUris = @(
"com.unionflow.mobile://logout-callback",
"com.unionflow.mobile://logout-callback/*"
)
webOrigins = @("+")
attributes = @{
"pkce.code.challenge.method" = "S256"
"post.logout.redirect.uris" = "com.unionflow.mobile://logout-callback##com.unionflow.mobile://logout-callback/*"
"access.token.lifespan" = "900"
"client.session.idle.timeout" = "1800"
"client.session.max.lifespan" = "43200"
}
defaultClientScopes = @("openid", "profile", "email", "roles")
optionalClientScopes = @()
} | ConvertTo-Json -Depth 10
# 4. Appliquer la mise à jour
Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients/$clientUuid" -Method Put -Headers $headers -Body $updatedClient -ContentType "application/json"
Write-Host " ✅ Configuration mise à jour" -ForegroundColor Green
# 5. Vérification finale
Write-Host "4. Vérification de la configuration..." -ForegroundColor Yellow
$updatedClientData = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients/$clientUuid" -Method Get -Headers $headers
Write-Host " Client ID: $($updatedClientData.clientId)" -ForegroundColor Gray
Write-Host " Public Client: $($updatedClientData.publicClient)" -ForegroundColor Gray
Write-Host " Standard Flow: $($updatedClientData.standardFlowEnabled)" -ForegroundColor Gray
Write-Host " Redirect URIs:" -ForegroundColor Gray
foreach ($uri in $updatedClientData.redirectUris) {
Write-Host " - $uri" -ForegroundColor Gray
}
Write-Host ""
Write-Host "🎉 CONFIGURATION CORRIGÉE AVEC SUCCÈS !" -ForegroundColor Green
Write-Host ""
Write-Host "Redémarrez l'application mobile et testez à nouveau la connexion." -ForegroundColor Cyan
} catch {
Write-Host ""
Write-Host "❌ ERREUR: $($_.Exception.Message)" -ForegroundColor Red
if ($_.Exception.Response) {
$statusCode = $_.Exception.Response.StatusCode.value__
Write-Host "Code de statut HTTP: $statusCode" -ForegroundColor Red
}
}
Reference in New Issue View Git Blame Copy Permalink