Skip to content

Commit

Permalink
Better documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
ThexXTURBOXx committed Dec 10, 2023
1 parent 669cec2 commit 2697fa6
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 27 deletions.
4 changes: 2 additions & 2 deletions flutter_web_auth_2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -176,13 +176,13 @@ On the Web platform, an endpoint must be created that captures the callback URL
</script>
```

This HTML file is designed to handle both traditional window-based and iframe-based authentication flows. The JavaScript code checks the context and sends the authentication response accordingly.
This HTML file is designed to handle both traditional `window`-based and `iframe`-based authentication flows. The JavaScript code checks the context and sends the authentication response accordingly.

The redirect URL passed to the authentication service must be the same as the URL the application is running on (schema, host, port if necessary) and the path must point to the generated HTML file, in this case `/auth.html`. The `callbackUrlScheme` parameter of the `authenticate()` method does not take this into account, so it is possible to use a schema for native platforms in the code.

For the Sign in with Apple in web_message response mode, postMessage from https://appleid.apple.com is also captured, and the authorisation object is returned as a URL fragment encoded as a query string (for compatibility with other providers).

Additional parameters for the URL open call can be passed in the `authenticate` function using the `windowName` parameter from the options. The `silentAuth` parameter can be used to enable silent authentication within a hidden iframe, rather than opening a new window or tab. This is particularly useful for scenarios where a full-page redirect is not desirable. Setting this parameter to true allows for a seamless user experience by performing authentication in the background, making it ideal for token refreshes or maintaining user sessions without requiring explicit interaction from the user.
Additional parameters for the URL open call can be passed in the `authenticate` function using the `windowName` parameter from the options. The `silentAuth` parameter can be used to enable silent authentication within a hidden `iframe`, rather than opening a new window or tab. This is particularly useful for scenarios where a full-page redirect is not desirable. Setting this parameter to `true` allows for a seamless user experience by performing authentication in the background, making it ideal for token refreshes or maintaining user sessions without requiring explicit interaction from the user.

### Windows and Linux

Expand Down
4 changes: 1 addition & 3 deletions flutter_web_auth_2/example/lib/main.dart
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,7 @@ class MyAppState extends State<MyApp> {
// Normally, you don't need to specify a custom URL on web. However, in
// this example, we just go the auth page directly since we cannot start
// the socket server...
// YOU NEED TO PROPERLY CHANGE THIS PORT IF YOU WANT TO RUN THIS EXAMPLE!
const url =
kIsWeb ? 'http://localhost:53563/auth.html' : 'http://127.0.0.1:43823/';
final url = kIsWeb ? '${Uri.base}auth.html' : 'http://127.0.0.1:43823/';

// Windows needs some callback URL on localhost
final callbackUrlScheme =
Expand Down
4 changes: 4 additions & 0 deletions flutter_web_auth_2/example/web/auth.html
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
<body>
<p>Authentication will complete in around two seconds. If this does not happen automatically, please close the window.</p>
<script>
// DO NOT COPY THE JAVASCRIPT CODE FROM HERE! IT SIMULATES A TYPICAL AUTHENTICATION FLOW.
// COPY IT FROM THE README INSTEAD!
setTimeout(function() {
const message = {
'flutter-web-auth-2': window.location.href
Expand All @@ -21,6 +23,8 @@
window.close();
}
}, 2000);
// DO NOT COPY THE JAVASCRIPT CODE FROM HERE! IT SIMULATES A TYPICAL AUTHENTICATION FLOW.
// COPY IT FROM THE README INSTEAD!
</script>
</body>
</html>
28 changes: 14 additions & 14 deletions flutter_web_auth_2/lib/src/options.dart
Original file line number Diff line number Diff line change
Expand Up @@ -85,26 +85,26 @@ class FlutterWebAuth2Options {
final String landingPageHtml;

/// **Only has an effect on Web!**
/// When set to true, the authentication URL will be loaded in a hidden iframe
/// instead of opening a new window or tab. This is primarily used for silent
/// authentication processes where a full-page redirect is not desirable.
/// It allows for a seamless user experience by performing the authentication
/// in the background. This approach is useful for token refreshes or for
/// maintaining user sessions without explicit user interaction.
/// When set to `true`, the authentication URL will be loaded in a hidden
/// `iframe` instead of opening a new window or tab. This is primarily used
/// for silent authentication processes where a full-page redirect is not
/// desirable. It allows for a seamless user experience by performing the
/// authentication in the background. This approach is useful for token
/// refreshes or for maintaining user sessions without explicit user
/// interaction. IT IS YOUR RESPONSIBILITY TO MAKE SURE THAT THE URL IS SANE
/// AND DOES NOT CAUSE ANY HARM. IFRAMES CAN BE EXPLOITED IN MANY WAYS BY
/// MALICIOUS ATTACKERS!
final bool silentAuth;

const FlutterWebAuth2Options({
bool? preferEphemeral,
this.preferEphemeral = false,
this.debugOrigin,
int? intentFlags,
this.intentFlags = defaultIntentFlags,
this.windowName,
int? timeout,
String? landingPageHtml,
this.timeout = 5 * 60,
this.landingPageHtml = _defaultLandingPage,
this.silentAuth = false,
}) : preferEphemeral = preferEphemeral ?? false,
intentFlags = intentFlags ?? defaultIntentFlags,
timeout = timeout ?? 5 * 60,
landingPageHtml = landingPageHtml ?? _defaultLandingPage;
});

FlutterWebAuth2Options.fromJson(Map<String, dynamic> json)
: this(
Expand Down
18 changes: 10 additions & 8 deletions flutter_web_auth_2/lib/src/web.dart
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,9 @@ class FlutterWebAuth2WebPlugin extends FlutterWebAuth2Platform {
final parsedOptions = FlutterWebAuth2Options.fromJson(options);

if (parsedOptions.silentAuth) {
// Not in our hands - developers need to check sanity of URL themselves...
final authIframe = IFrameElement()
// ignore: unsafe_html
..src = url
..style.display = 'none';

Expand All @@ -60,10 +62,10 @@ class FlutterWebAuth2WebPlugin extends FlutterWebAuth2Platform {
messageSubscription = window.onMessage.listen((messageEvent) {
if (messageEvent.origin ==
(parsedOptions.debugOrigin ?? Uri.base.origin)) {
final flutterWebAuthMessage = messageEvent.data['flutter-web-auth-2'];
if (flutterWebAuthMessage is String) {
final authMessage = messageEvent.data['flutter-web-auth-2'];
if (authMessage is String) {
authIframe.remove();
completer.complete(flutterWebAuthMessage);
completer.complete(authMessage);
responseTimeoutTimer?.cancel();
messageSubscription?.cancel();
}
Expand All @@ -84,13 +86,13 @@ class FlutterWebAuth2WebPlugin extends FlutterWebAuth2Platform {
});

return completer.future;
} else {
await launchUrl(
Uri.parse(url),
webOnlyWindowName: parsedOptions.windowName,
);
}

await launchUrl(
Uri.parse(url),
webOnlyWindowName: parsedOptions.windowName,
);

// Remove the old record if it exists
const storageKey = 'flutter-web-auth-2';
window.localStorage.remove(storageKey);
Expand Down

0 comments on commit 2697fa6

Please sign in to comment.