casdoor-flutter-sdk will allow you to easily connect your Flutter-based application to the Casdoor authentication system without having to implement it from scratch.
The following platforms are supported:
- Android
- iOS
- Linux
- macOS
- Web
- Windows
Android | iOS | Web |
---|---|---|
Use this plugin in your Flutter app to:
- Connect to casdoor for SSO
- Get the token after the casdoor authentication
This section has examples of code for the following tasks:
- Initialization requires 6 parameters
- Judgment platform
- Authorize with the Casdoor server
- Get token and parse
Initialization requires 6 parameters
Initialization requires 6 parameters, which are all str type:
Name (in order) | Must | Description |
---|---|---|
clientId | Yes | Application.client_id |
endpoint | Yes | Casdoor Server Url, such as door.casdoor.com |
organizationName | Yes | Organization name |
appName | Yes | Application name |
redirectUri | Yes | URI of Web redirection |
callbackUrlScheme | Yes | URL Scheme |
final CasdoorFlutterSdkConfig _config = CasdoorFlutterSdkConfig(
clientId: "014ae4bd048734ca2dea",
endpoint: "door.casdoor.com",
organizationName: "casbin",
appName: "app-casnode",
redirectUri: "http://localhost:9000/callback",
callbackUrlScheme: "casdoor"
);
Judgment platform
Set the callbackuri parameter by judging different platforms
final platform = await CasdoorFlutterSdkPlatform.getPlatformVersion();
String callbackUri;
if (platform == "web") {
callbackUri = "${_config.redirectUri}.html";
} else {
callbackUri = "${_config.callbackUrlScheme}://callback" ;
}
Authorize with the Casdoor server
At this point, we should use some ways to verify with the Casdoor server.
To start, we want you understand clearly the verification process of Casdoor. The following paragraphs will mention your app that wants to use Casdoor as a means of verification as APP
, and Casdoor as Casdoor
.
-
APP
will send a request toCasdoor
. SinceCasdoor
is a UI-based OAuth provider, you cannot use request management service like Postman to send a URL with parameters and get back a JSON file. -
The simplest way to try it out is to type the URL in your browser.
-
Type in the URL in your browser in this format:
endpoint/login/oauth/authorize?client_id=xxx&response_type=code&redirect_uri=xxx&scope=read&state=xxx
In this URL theendpoint
is your Casdoor's location, as mentioned in Step1; then thexxx
need to be filled out by yourself.
Get token and parse
After Casdoor verification passed, it will be redirected to your application with code and state, like https://localhost:9000/callback?code=xxx&state=yyyy
.
Your application can get the code
and call _casdoor.requestOauthAccessToken(code)
, then parse out jwt token.
Add casdoor-flutter-sdk to the dependencies of your pubspec.yaml.
dependencies:
casdoor_flutter_sdk: ^1.0.0
Notes for different platforms:
Please check the documentation of the InAppWebView package for more details about setting up the project.
Add the package desktop_webview_window: ^0.2.3
inside dependencies to your pubspec.yaml file.
Modify your main function to look like the following:
void main(List<String> args) async {
WidgetsFlutterBinding.ensureInitialized();
if (runWebViewTitleBarWidget(args)) {
return;
}
// your code goes here ...
runApp(const MyApp());
}
Please check the documentation of the desktop_webview_window package for more details.
On the Web platform an endpoint needs to be created that captures the callback URL and sends it to the application using the JavaScript postMessage() method. In the ./web folder of the project, create an HTML file with the name e.g. callback.html with content:
<!DOCTYPE html>
<title>Authentication complete</title>
<p>Authentication is complete. If this does not happen automatically, please
close the window.
<script>
window.opener.postMessage({
'casdoor-auth': window.location.href
}, window.location.origin);
window.close();
</script>
Redirection URL passed to the authentication service must be the same as the URL on which the application is running (schema, host, port if necessary) and the path must point to created HTML file, /callback.html in this case, like callbackUri = "${_config.redirectUri}.html"
. The callbackUrlScheme parameter of the authenticate() method does not take into account, so it is possible to use a schema for native platforms in the code.It should be noted that when obtaining a token, cross domain may occur
For the Sign in with Apple in web_message response mode, postMessage from https://appleid.apple.com is also captured, and the authorization object is returned as a URL fragment encoded as a query string (for compatibility with other providers).
getSignupUrl(enablePassword)
getSigninUrl()
show()
showFullscreen()
requestOauthAccessToken()
refreshToken()
tokenLogout()
getUserInfo()
decodedToken()
isTokenExpired()
isNonce()
There is a known bug in the desktop_webview_window package that causes random crashes of the browser window (see issue).
Do not install Flutter or Visual Studio Code using Snap as this will prevent the code from building or running successfully. You need to install the Flutter and Visual Studio Code packages manually.
There are instances where JavaScript is not working inside WKWebView. Please report any bugs that may occur.