Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The appState parameter is missing for login with redirect on the web #486

Open
6 tasks done
navaronbracke opened this issue Nov 20, 2024 · 0 comments · May be fixed by #485
Open
6 tasks done

The appState parameter is missing for login with redirect on the web #486

navaronbracke opened this issue Nov 20, 2024 · 0 comments · May be fixed by #485
Labels
web

Comments

@navaronbracke
Copy link

Checklist

Description

When implementing a login with redirect flow for Flutter Web, I initially got it working as expected, without adding any extra state for redirects. However, when I needed to implement a redirect after login, I had to look around on how to do that.

I had been referred to the following documentation, by a colleague of mine:
https://auth0.com/docs/secure/attack-protection/state-parameters

So I started implementing the workflow as described in that document.
However, the document mentions a state query parameter, without disclosing that Auth0 itself uses a state query parameter in the redirect URL, for validation purposes in the Auth0 SDK.

After some searching, I did find out that there is an appState parameter for the redirect login options.
See the answer at https://community.auth0.com/t/how-to-preserve-client-state-after-loginwithredirect/95963/6

Then I did some digging and found that this parameter is defined in the SDK as stated in the comment above
https://github.com/auth0/auth0-spa-js/blob/f2e566849efa398ca599daf9ebdfbbd62fcb1894/src/global.ts#L298

However, the Flutter plugin lacks this field in its implementation.

Reproduction

  1. flutter create auth0_sample --platforms=web
  2. flutter pub add auth0_flutter
  3. Implement the standard login functionality, for example with http://localhost:3000 as callback url's for login / logout
  4. Try adding the appState to the arguments of loginWithRedirect(), so that this state is returned back in the redirect url query parameters (albeit encoded)
  5. Observe that there is no way to add the app state. Putting the app state in the parameters map does not work either

Additional context

No response

auth0_flutter version

1.7.2

Flutter version

3.24.3

Platform

Web

Platform version(s)

Google Chrome 131.0.6778.70
@navaronbracke navaronbracke linked a pull request Nov 20, 2024 that will close this issue
Open
2 tasks
@Widcket Widcket added the web label Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
web
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add support for app state argument navaronbracke/auth0-flutter
2 participants
@Widcket @navaronbracke