Auth0Web for Flutter ignoring audience and scope

zeebzog · September 22, 2023, 5:14pm

I have created a single page application, and initially using a python flask app I wrote logged in using the universal login, setting the audience and scope, using the Auth0 flask integration. This works and returns a JWT with the expected details.

I have tried to recreate in Flutter for a Web App. I have used:
package:auth0_flutter/auth0_flutter.dart
package:auth0_flutter/auth0_flutter_web.dart

And I can login the user from the universal login, however I cannot successfully set an audience or the scopes I require.

The code I have used is:

final Auth0Web auth0Web = Auth0Web(AUTH0_DOMAIN, AUTH0_CLIENT_ID);

When login is pressed I call:

{
return auth0Web.loginWithRedirect(
redirectUrl: WEB_URL,
audience: AUTH0_AUDIENCE,
scopes: AUTH0_SCOPES);
}

Where scope is along the lines of:

const Set AUTH0_SCOPES = {
‘openid’,
‘profile’,
‘email’,
‘access:Administration’
};

and Audience is:

const String AUTH0_AUDIENCE = “https://API”;

This does not set the audience or scopes and the bearer token I get back is opaque.
Am I doing anything wrong, or have I missed a step somewhere, or is this a bug?

Thank you for any and all help.

tyf · September 28, 2023, 11:45pm

Hey there @zeebzog!

Thanks for the detailed description!

While it’s difficult for me to know what the issue could be in your app code, I was able to test this in our sample app and can confirm that I am receiving a JWT as opposed to an opaque token. Perhaps you can pull that down and configure to your own environment for comparison purposes?

My audience and scopes are defined in example_app.dart as follows:

Set<String> scopes = {'openid', 'profile', 'email', 'access:Administration'};
const String audience = "https://my-api-endpoint";

And my login function looks like this:

  Future<void> login() async {
    
    try {
      if (kIsWeb) {
        return auth0Web.loginWithRedirect(redirectUrl: 'http://localhost:3000', audience: audience, scopes: scopes);
      }

      var credentials = await auth0
          .webAuthentication(scheme: dotenv.env['AUTH0_CUSTOM_SCHEME'])
          .login(audience: dotenv.env['AUTH0_AUDIENCE']);

      setState(() {
        _user = credentials.user;
        print(credentials.accessToken);
      });
    } catch (e) {
      print(e);
    }
  }

system · October 12, 2023, 11:46pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.