lionsdev/unionflow-server-impl-quarkus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(mobile): Implement Keycloak WebView authentication with HTTP callback

Browse Source 
- Replace flutter_appauth with custom WebView implementation to resolve deep link issues
- Add KeycloakWebViewAuthService with integrated WebView for seamless authentication
- Configure Android manifest for HTTP cleartext traffic support
- Add network security config for development environment (192.168.1.11)
- Update Keycloak client to use HTTP callback endpoint (http://192.168.1.11:8080/auth/callback)
- Remove obsolete keycloak_auth_service.dart and temporary scripts
- Clean up dependencies and regenerate injection configuration
- Tested successfully on multiple Android devices (Xiaomi 2201116TG, SM A725F)

BREAKING CHANGE: Authentication flow now uses WebView instead of external browser
- Users will see Keycloak login page within the app instead of browser redirect
- Resolves ERR_CLEARTEXT_NOT_PERMITTED and deep link state management issues
- Maintains full OIDC compliance with PKCE flow and secure token storage

Technical improvements:
- WebView with custom navigation delegate for callback handling
- Automatic token extraction and user info parsing from JWT
- Proper error handling and user feedback
- Consistent authentication state management across app lifecycle
This commit is contained in:
DahoudG
2025-09-15 01:44:16 +00:00
parent 73459b3092
commit f89f6167cc
290 changed files with 34563 additions and 3528 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
verify-keycloak-config.ps1 Normal file
View File

@@ -0,0 +1,108 @@
# Script de verification de la configuration Keycloak
$KeycloakUrl = "http://192.168.1.11:8180"
$Realm = "unionflow"
$ClientId = "unionflow-mobile"
$Username = "test@unionflow.dev"
Write-Host "=== VERIFICATION CONFIGURATION KEYCLOAK ===" -ForegroundColor Cyan
Write-Host "Keycloak URL: $KeycloakUrl" -ForegroundColor Gray
Write-Host "Realm: $Realm" -ForegroundColor Gray
Write-Host "Client: $ClientId" -ForegroundColor Gray
Write-Host "User: $Username" -ForegroundColor Gray
Write-Host ""
# 1. Test de connectivite Keycloak
Write-Host "1. Test connectivite Keycloak..." -ForegroundColor Yellow
try {
$response = Invoke-WebRequest -Uri "$KeycloakUrl" -Method Get -TimeoutSec 10
if ($response.StatusCode -eq 200) {
Write-Host " ✅ Keycloak accessible" -ForegroundColor Green
}
} catch {
Write-Host " ❌ Keycloak non accessible: $($_.Exception.Message)" -ForegroundColor Red
exit 1
}
# 2. Test du realm
Write-Host "2. Test du realm '$Realm'..." -ForegroundColor Yellow
try {
$realmConfig = Invoke-RestMethod -Uri "$KeycloakUrl/realms/$Realm/.well-known/openid_configuration" -Method Get
Write-Host " ✅ Realm '$Realm' existe et fonctionne" -ForegroundColor Green
Write-Host " Authorization endpoint: $($realmConfig.authorization_endpoint)" -ForegroundColor Gray
Write-Host " Token endpoint: $($realmConfig.token_endpoint)" -ForegroundColor Gray
} catch {
Write-Host " ❌ Realm '$Realm' non accessible" -ForegroundColor Red
exit 1
}
# 3. Test authentification admin
Write-Host "3. Test authentification admin..." -ForegroundColor Yellow
try {
$tokenBody = "username=admin&password=admin&grant_type=password&client_id=admin-cli"
$tokenResponse = Invoke-RestMethod -Uri "$KeycloakUrl/realms/master/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $tokenBody
$accessToken = $tokenResponse.access_token
Write-Host " ✅ Authentification admin reussie" -ForegroundColor Green
} catch {
Write-Host " ❌ Echec authentification admin" -ForegroundColor Red
exit 1
}
# 4. Verification du client mobile
Write-Host "4. Verification du client '$ClientId'..." -ForegroundColor Yellow
try {
$headers = @{ "Authorization" = "Bearer $accessToken" }
$clients = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/clients?clientId=$ClientId" -Method Get -Headers $headers
if ($clients.Count -gt 0) {
$client = $clients[0]
Write-Host " ✅ Client '$ClientId' existe" -ForegroundColor Green
Write-Host " Client ID: $($client.clientId)" -ForegroundColor Gray
Write-Host " Enabled: $($client.enabled)" -ForegroundColor Gray
Write-Host " Public Client: $($client.publicClient)" -ForegroundColor Gray
Write-Host " Standard Flow: $($client.standardFlowEnabled)" -ForegroundColor Gray
# Verification des redirect URIs
if ($client.redirectUris -contains "com.unionflow.mobile://login-callback/*") {
Write-Host " ✅ Redirect URI mobile configure" -ForegroundColor Green
} else {
Write-Host " ⚠️ Redirect URI mobile manquant" -ForegroundColor Yellow
Write-Host " URIs actuelles: $($client.redirectUris -join ', ')" -ForegroundColor Gray
}
} else {
Write-Host " ❌ Client '$ClientId' non trouve" -ForegroundColor Red
}
} catch {
Write-Host " ❌ Erreur verification client: $($_.Exception.Message)" -ForegroundColor Red
}
# 5. Verification de l'utilisateur
Write-Host "5. Verification de l'utilisateur '$Username'..." -ForegroundColor Yellow
try {
$users = Invoke-RestMethod -Uri "$KeycloakUrl/admin/realms/$Realm/users?email=$Username" -Method Get -Headers $headers
if ($users.Count -gt 0) {
$user = $users[0]
Write-Host " ✅ Utilisateur '$Username' existe" -ForegroundColor Green
Write-Host " Username: $($user.username)" -ForegroundColor Gray
Write-Host " Email: $($user.email)" -ForegroundColor Gray
Write-Host " Enabled: $($user.enabled)" -ForegroundColor Gray
Write-Host " Email Verified: $($user.emailVerified)" -ForegroundColor Gray
} else {
Write-Host " ❌ Utilisateur '$Username' non trouve" -ForegroundColor Red
}
} catch {
Write-Host " ❌ Erreur verification utilisateur: $($_.Exception.Message)" -ForegroundColor Red
}
Write-Host ""
Write-Host "=== VERIFICATION TERMINEE ===" -ForegroundColor Cyan
Write-Host ""
Write-Host "Configuration mobile app:" -ForegroundColor Yellow
Write-Host "- Keycloak URL: http://192.168.1.11:8180" -ForegroundColor Gray
Write-Host "- Realm: unionflow" -ForegroundColor Gray
Write-Host "- Client ID: unionflow-mobile" -ForegroundColor Gray
Write-Host "- Redirect URI: com.unionflow.mobile://login-callback" -ForegroundColor Gray
Write-Host ""
Write-Host "Identifiants de test:" -ForegroundColor Yellow
Write-Host "- Email: test@unionflow.dev" -ForegroundColor Gray
Write-Host "- Password: test123" -ForegroundColor Gray