We are pleased to announce the first availability release of our auth0-flutter, our brand new SDK for adding authentication to Flutter applications.
With auth0-flutter, you now have native Auth0 support for key Authentication API operations like login with username and password , signup, get user info, renew user credentials and reset password.
Included in this release we also extend support for web auth login/logout, automatic storage and renewal of user credentials and a custom credentials manager.
To learn more about the new Flutter SDK, check out the Quickstart, sample app, and SDK documentation on GitHub.
I’m successfully testing out the sample app and wondered if I could use this sdk to do the normal AppAuth PCKE (Authorization Code Grant - OAuth 2.0 Simplified) type flows so I can authn/authz the app/user to retrieve my access token etc?
I’d like to login the user, but take an access token/request token for use against our own API that uses Auth0 to do token introspection.
Is this possible with this Flutter SDK or another?
I’ve a question around the Flutter auth0 sdk and SSO. Let me give you a bit of background.
I’m building a Flutter mobile app and using the auth0_flutter lib to do the auth. I’m using auth0’s universal login to open a session and then using that session to access a web app.
The SSO is working fine. I do the auth flow in a SFSafariViewController on iOS and then open the web app in a SFSafariViewController as well. On Android, I run the auth flow in Custom Chrome Tabs (the default in the auth0 Flutter sdk) and then I open the web app in an external browser (Chrome).
My issue is that if the user closes tabs in the chrome browser (or “kills”/closes the browser), the mobile app is still authenticated (Auth0.credentialsManager.hasValidCredentials() returns true) but the session in the browser seems to be gone and the user has to re-authenticate there.
Is there a method in the auth0 Flutter sdk to check if the Chrome and SafariViewController instances used for authenticating in the mobile app do still hold the valid tokens? As far as I’ve noticed, the hasValidCredentials() method checks only the mobile app’s local storage, which in my case is only half of the story, since I need SSO with a web app.