lionsdev/unionflow-server-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f89f6167cccae1da0c789a4603505aaf1c3a1d4f
unionflow-server-api/fix-redirect-uris.ps1
DahoudG f89f6167cc feat(mobile): Implement Keycloak WebView authentication with HTTP callback 
- Replace flutter_appauth with custom WebView implementation to resolve deep link issues
- Add KeycloakWebViewAuthService with integrated WebView for seamless authentication
- Configure Android manifest for HTTP cleartext traffic support
- Add network security config for development environment (192.168.1.11)
- Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback)
- Remove obsolete keycloak_auth_service.dart and temporary scripts
- Clean up dependencies and regenerate injection configuration
- Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F)

BREAKING CHANGE: Authentication flow now uses WebView instead of external browser
- Users will see Keycloak login page within the app instead of browser redirect
- Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues
- Maintains full OIDC compliance with PKCE flow and secure token storage

Technical improvements:
- WebView with custom navigation delegate for callback handling
- Automatic token extraction and user info parsing from JWT
- Proper error handling and user feedback
- Consistent authentication state management across app lifecycle
2025-09-15 01:44:16 +00:00

64 lines
2.5 KiB
PowerShell
Raw Blame History

# Script simple pour corriger les redirect URIs
$KeycloakUrl = "http://192.168.1.11:8180"
$Realm = "unionflow"
$ClientId = "unionflow-mobile"
Write-Host "=== CORRECTION REDIRECT URIs ===" -ForegroundColor Cyan
try {
# Obtenir token admin
$tokenBody = "username=admin&password=admin&grant_type=password&client_id=admin-cli"
$tokenResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/master/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $tokenBody
$accessToken = $tokenResponse.access_token
# Récupérer le client
$headers = @{ "Authorization" = "Bearer $accessToken" }
$clients = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients?clientId=$ClientId" -Method Get -Headers $headers
$client = $clients[0]
$clientUuid = $client.id
Write-Host "Client trouvé: $clientUuid" -ForegroundColor Green
Write-Host "Redirect URIs actuelles:" -ForegroundColor Yellow
foreach ($uri in $client.redirectUris) {
Write-Host " - $uri" -ForegroundColor Gray
}
# Mise à jour simple des redirect URIs
$client.redirectUris = @(
"com.unionflow.mobile://login-callback",
"com.unionflow.mobile://login-callback/*",
"com.unionflow.mobile://oauth/callback",
"com.unionflow.mobile://oauth/callback/*"
)
$client.postLogoutRedirectUris = @(
"com.unionflow.mobile://logout-callback",
"com.unionflow.mobile://logout-callback/*"
)
# Assurer que c'est un client public avec PKCE
$client.publicClient = $true
$client.standardFlowEnabled = $true
$client.directAccessGrantsEnabled = $false
if (-not $client.attributes) {
$client.attributes = @{}
}
$client.attributes["pkce.code.challenge.method"] = "S256"
$clientJson = $client | ConvertTo-Json -Depth 10
# Appliquer la mise à jour
Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients/$clientUuid" -Method Put -Headers $headers -Body $clientJson -ContentType "application/json"
Write-Host ""
Write-Host "✅ Redirect URIs mis à jour:" -ForegroundColor Green
Write-Host " - com.unionflow.mobile://login-callback" -ForegroundColor Gray
Write-Host " - com.unionflow.mobile://login-callback/*" -ForegroundColor Gray
Write-Host " - com.unionflow.mobile://oauth/callback" -ForegroundColor Gray
Write-Host " - com.unionflow.mobile://oauth/callback/*" -ForegroundColor Gray
} catch {
Write-Host "Erreur: $($_.Exception.Message)" -ForegroundColor Red
}
Reference in New Issue View Git Blame Copy Permalink