Flutter + Universal Login Page + Silent login in iframe

inzotov94 · November 16, 2023, 10:57am

I am using Flutter in conjunction with Auth0 (Universal Login Page), and I am faced with the task of implementing functionality that allows an iframe within the app to utilize the app’s cookies for invoking the getTokenSilently() method

main.dart

class _MainViewState extends State<MainView> {
  Credentials? _credentials;

  late Auth0 auth0;

  @override
  void initState() {
    super.initState();
    auth0 = Auth0('auth0_domain', 'auth0_clientid');
  }

  void _login() async {
    try {
      final credentials = await auth0.webAuthentication().login();
      setState(() => _credentials = credentials);
    } catch (e) {
      print('Login error: $e');
    }
  }

  @override
  Widget build(BuildContext context) {
    return Scaffold(
      appBar: AppBar(
        title: const Text('Flutter Auth0 Demo'),
      ),
      body: Center(
        child: Column(
          mainAxisAlignment: MainAxisAlignment.center,
          children: <Widget>[
            if (_credentials != null) ...[
                ElevatedButton(onPressed: () {
                  Navigator.of(context).push(
                    MaterialPageRoute(builder: (context) => const IframePage()),
                  );
                },
                child: const Text('Show iframe')
              ),
              Text('Logged in!\nAccess Token: ${_credentials?.accessToken}')
            ]
            else
              ElevatedButton(
                onPressed: _login,
                child: const Text('Log in with Auth0 %)'),
              ),
          ],
        ),
      ),
    );
  }
}

iframe_page.dart

class IframePage extends StatelessWidget {
  const IframePage({Key? key}) : super(key: key);

  @override
  Widget build(BuildContext context) {
    return Scaffold(
      appBar: AppBar(
        title: const Text('Iframe Page'),
      ),
      body: const Center(
          child: Column(
              children: <Widget>[
                Text('IFrame'),
                Expanded(
                    child: WebView(
                      initialUrl: 'https://iframe_url',
                      javascriptMode: JavascriptMode.unrestricted,
                    )
                )
              ]
          )
      )
    );
  }
}

iframe code example

  const auth0Token = await getAccessTokenSilently();
  ....
  <React.StrictMode>
    <Auth0Provider
      domain={domain}
      clientId={clientId}
      authorizationParams={{
        redirect_uri,
      }}
    >
      <App />
    </Auth0Provider>
  </React.StrictMode>

When sending a request to Auth0 from an iframe in my Flutter application on iOS 13+, I encounter an issue where the cookies are missing in this request. This could lead to a series of potential problems related to authentication and session management. What specific challenges might arise from this situation, and what approaches can be adopted to resolve them?