Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Not capturing redirect in recently built project, local ad, adfs/openid

See original GitHub issue

Testing using Samsung S20, w/ Android Studio 4.1.1, Flutter 1.25.0-8.3.pre * channel beta, Dart 2.12.0, flutter_appauth 0.9.2+6

A prompt appears to gather username/password (once in the morning, and once 12 hours later). This morning I think it may have actually caught the redirect once, but since then, without being prompted it takes me to the redirecturl and it times out. Not sure how to reset things so it prompts for my username/password again.

I can see in the web browser I’m being redirected, which times out. This redirect needs to be captured. I recreated the project just a few days ago (using a clean OS install, Android Studio install, etc), and after days of hours of debugging, maybe the documentation I’ve come across is just dated and the method has changed? I must be close, if I could just get an assist.

Note, I’m using a local ADFS server setup via Windows Server. The ADFS server setup is known to work as I can use it via a PowerShell script which uses ADFS to get a token that I pass to a webapi I have written which is able to perform authorization of the token (and now which I’m working to access via my mobile flutter app). Via the flutter app I can see the URL it is trying to access is working and generating a ‘code’ attribute which is specified on the redirecturl (which is timing out because it’s not being caught).

I have a CA setup in my domain and the needed certificate imported into my mobile, though I’m not 100% positive this is resulting in certificates validating. I can put them in a web browser on my mobile and they show as valid but via flutter http.get it doesn’t? Developing via wifi (adb connect …).

The URL currently registered as the redirecturl with ADFS is: https://net.server.app

[build.gradle]

android {
  ...
  defaultConfig {
    applicationId "net.server.app"
    ...
    minSdkVersion 30
    targetSdkVersion 30
    manifestPlaceholders = [
      'appAuthRedirectScheme': 'net.server.app'.
    ]
  }
  ...
}

[AndroidManifest.xml]

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="net.server.app"
    xmlns:tools="http://schemas.android.com/tools">
    ...
    <queries>
        <intent>
            <action android:name="android.intent.action.VIEW" />
            <category android:name="android.intent.category.BROWSABLE" />
            <data android:scheme="https" />
        </intent>
        <intent>
            <action android:name="android.intent.action.VIEW" />
            <category android:name="android.intent.category.APP_BROWSER" />
            <data android:scheme="https" />
        </intent>
    </queries>
    ...
        </activity>
        <activity
            android:name="net.openid.appauth.RedirectUriReceiverActivity"
            tools:node="replace">
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
                <data android:scheme="net.server.app" />
            </intent-filter>
        </activity>

Issue Analytics

State:
Created 3 years ago
Comments:5

Top GitHub Comments

2reactions

agologancommented, Jan 19, 2021

Not sure I understand what the problem is right now, but I’m guessing you haven’t set up App Links

If you don’t have App Links setup what happens is that the user will be prompted with a disambiguation dialog which will ask him to choose which app will open the link. The buttons on that dialog are Just Once or Always. If you accidentally clicked always and selected a browser your app will never be redirected again unless you go into Settings and reset the association. Settings > Apps & Notifications > Advanced > Default Apps choose the browser and then Clear Defaults

An easy way to test the current link behavior is to run adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://app.server.net/"

0reactions

karezzacommented, Jan 23, 2021

I have since learned that Windows Server ADFS does in fact allow for a custom scheme such as net.server.app://, and am now pursuing that more simplified implementation. Closing as this question appears to be solved (verified through reading documentation, though not through implementation) with the answer being to setup App Links in order to get an https redirect_uri to work.

Top Results From Across the Web

Build a web application using OpenID Connect with AD FS ...

Azure AD does not enforce the presence of a redirect_uri in the request, but AD FS does. So, we need to add it...

MVC 5 openid connect on-premises ADFS 4.0 logout issue

I worked with MS support and determined that Sign Out is not currently supported for OID Connect with ADFS 2016.

OpenID Connect (OIDC) authorization code flow mechanism

The Authorization Code Flow mechanism authenticates users of your web application by redirecting them to an OIDC provider, such as Keycloak, to log...

OAuth2 and ADFS explained - django_auth_adfs

OAuth2 vs. OpenID Connect¶. What's OAuth2? The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, ......

configuring an Application Group for OAuth2/OIDC on ADFS ...

Windows AD FS provides enterprise Identity and Authentication services, which includes support for OAuth2 and OIDC authentication flows.