OAuth 2 or OpenID connect samples

[Jeremy Whiteley]

Does anyone know of any Flutter OAuth 2 or OpenID connect samples that I can use to try and get Authentication working with Azure Mobile App services?    I would love to use Firestore, but it's not HIPAA compliant.   

Thank you in advance!

[Jakob Roland Andersen]

There's an OAuth2 package on pub: https://pub.dartlang.org/packages/oauth2 that looks like it should do the trick.

If it's missing something, please let us know by filing an issue: https://github.com/dart-lang/oauth2/issues/new

In general, Pub (https://pub.dartlang.org/) is a good place to look for Dart packages. We try to mark what platforms a package supports and let you filter based on that, so if you're only looking for packages that should work with Flutter, you can go straight to https://pub.dartlang.org/flutter and search there.

Thanks,

Jakob.

On Wed, Apr 25, 2018 at 10:58 PM Jeremy Whiteley <jeremy....@gmail.com> wrote:

Does anyone know of any Flutter OAuth 2 or OpenID connect samples that I can use to try and get Authentication working with Azure Mobile App services?    I would love to use Firestore, but it's not HIPAA compliant.   

Thank you in advance!

--
You received this message because you are subscribed to the Google Groups "Flutter Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to flutter-dev...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jeremy Whiteley]

Thank you for your help.   I noticed it doesn’t support openID connect though in the support issues.  Any plans to make it support OpenID connect?    

[Jakob Roland Andersen]

No current plans, unfortunately, but as the issue says, we'd be happy to take a PR for it! That's the fastest way to make it happen.

We have bits and pieces of it. There's JWT handling in package:googleapis_auth, for example, but someone who knows OpenID would have to put the pieces together.

[Peter King]

Any movement on this to add OpenID Connect?

The trouble is, if Flutter is going to succeed, without this, how can it? Nothing seems secure anymore...having said, that, most apps are just ignoring it, so the world will still turn! The more I read about using webviews and embedded user agents, and far worse, using a native view (flutter included); these are frowned upon in the face of security. It actually freaks me out, the banking apps I use, they are native and they don't use any external user agent (browser) to sign me in, which means, it's all rather in-secure, scary stuff!

Now, if every app federated with Google, or Facebook and others, that's fine, as PKCE would be in place right?

But, if you want to add you own, you need an ID Server, something like IDS4 (Identity Sever 4), pretty easy to setup and use, and you can enable PKCE on it too :)

Then comes the question of how would you use that with Flutter? Going native native, there is the AppAuth library, but it's not built for Flutter, maybe something could add some sort of support this way...?

I don't particular want to do this myself either, someone needs to though, otherwise, no apps are really secure, including all your banking apps with the native view! Help! :0

[Peter King]

Just to add one more thing, without this, it puts a halt to my development, there is no point using the webview, or using Flutter itself to take the username / password, all completely insecure.

Any thoughts? I can't use Google / Facebook, or any 3rd party, I already have IDS 4 in place, so that will work, it's just the native app side of things.

The only thing I can think of, is to either try and go native native with AppAuth and try and get that to fit in with Flutter (but I will struggle with that personally), OR use the OAuth package from the flutter team and try to launch the browser on the call back, and just set the code_verifier etc. in the request and more....

[Jeremy Whiteley]

I agree with Peter King.  OpenID Connect is needed.    

We need this to be able to use it with Microsoft Azure AD and Microsoft Azure AD B2C.    

Sent from my iPhone

You received this message because you are subscribed to a topic in the Google Groups "Flutter Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/flutter-dev/hvWoI6ZiN0I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to flutter-dev...@googlegroups.com.

[Peter King]

Hey Google... Please add Flutter to your AppAuth project please, ASAP?

[Jeremy Whiteley]

Do you know of any Flutter Sample apps that are using this package?   I am would like to see how it's being used in a flutter app.   

[Sam Dzirasa]

I am also looking for an OpenID Connect solution. I assumed that would have been in place now.  I have been trying to find a solution for 3 days now.-- no luck.

[Jeremy Whiteley]

Sam

I am using this one.  

https://pub.dartlang.org/packages/simple_auth_flutter

It’s pretty slick.   Do you need it to work with Azure ad b2c?    

Sent from my iPhone

--
You received this message because you are subscribed to a topic in the Google Groups "Flutter Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/flutter-dev/hvWoI6ZiN0I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to flutter-dev...@googlegroups.com.

[Sam Dzirasa]

Yes, I do. I'll check out the link you sent and let you know. I need to get it(OIDC) working with Azure,Azure B2c, Google+ and Google Cloud identity. I can do all that using OIDC in an AspnetCore app. But I have spent several hours be looking for a solution without success. Thanks for the link. 

Sam