How to pass cookie in http request - Flutter - flutter

What I'm trying do is access the Instagram private api which requires user to be logged in before sending request to it, so to achieve that, I accessed the cookies or session id with the help of flutter_web_view and webview_cookie_manager (basically making the user logged in through webview and then get the cookie using cookie_manager package)
But how to pass that cookie in http request?
// accessing cookie or session id
WebViewController webViewController = WebViewController()
..loadRequest(Uri.parse('https://www.instagram.com/'))
..setJavaScriptMode(JavaScriptMode.unrestricted)
..setNavigationDelegate(
NavigationDelegate(
onPageFinished: (value) async {
final cookieManager = WebviewCookieManager();
List<Cookie> gotCookies = await cookieManager.getCookies('https://www.instagram.com/');
print(gotCookies); // recieved the cookies
}
)
)
;
var response = await http.get(private_api_url}); // how to pass cookies in this request

var response = await http.get(private_api_url, headers: {'cookie': cookie});

Related

Why is my flutter app not handling Spotify's API authorization after signing in?

I'm making a flutter app using Spotify's API. I have a basic homepage that uses a button to launch a browser to login to Spotify. Here is my backend code:
import 'dart:convert';
import 'package:http/http.dart' as http;
import 'package:flutter/material.dart';
import 'package:url_launcher/url_launcher.dart';
import 'package:uni_links/uni_links.dart';
class SpotifyAuth with ChangeNotifier {
final String CLIENT_ID = "My client ID";
final String ClIENT_SECRET = "My client secret";
final String REDIRECT_URI = "http://localhost:8000/callback";
final String SCOPE = 'user-read-private user-read-email';
// var state = 'your-state';
late String _accessToken;
late String _refreshToken;
Uri createAuthenticationUri(){
var query = [
'response_type=code',
'client_id=$CLIENT_ID',
'scope=${Uri.encodeComponent(SCOPE)}',
'redirect_uri=${Uri.encodeComponent(REDIRECT_URI)}',
];
var queryString = query.join('&');
var url = 'https://accounts.spotify.com/authorize?' + queryString;
var parsedUrl = Uri.parse(url);
return parsedUrl;
}
Future<void> launchInBrowser() async {
if (!await launchUrl(
createAuthenticationUri(),
mode: LaunchMode.externalApplication,
)){
throw Exception('Could not launch Url');
}
}
Future<void> launchAuth() async {
await launchInBrowser();
await initUniLinks();
}
Future<void> getAccessToken(String code) async {
var body = {
"grant_type": "authorization_code",
"code": code,
"redirect_uri": REDIRECT_URI,
"client_id": CLIENT_ID,
"client_secret": ClIENT_SECRET
};
// Create a request header with the required information
var header = {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization":
"Basic ${base64Encode(utf8.encode("$CLIENT_ID:$ClIENT_SECRET>"))}"
};
// Send the request to the Spotify token endpoint
var response = await http.post(
Uri.parse("https://accounts.spotify.com/api/token"),
body: body,
headers: header);
// Check if the request was successful
if (response.statusCode == 200) {
// Parse the JSON response
var data = json.decode(response.body);
// Get the access token from the response
String accessToken = data["access_token"];
// Store the access token for future use
// ...
_accessToken = accessToken;
} else {
print("Error");
}
}
Future<void> initUniLinks() async {
// Get the latest initial link
String? initialLink = await getInitialLink();
// Check if the link contains a Spotify authorization code
if (initialLink != null && initialLink.contains("code=")) {
// Extract the code from the link
String code = initialLink.split("code=")[1];
// Use the code to get an access token from Spotify
getAccessToken(code);
}
else{
print("Nothing");
}
}
}
My redirect URI is set in the spotify dashboard.
My app widget calls luanchAuth();
and then it should wait for the authentication code with initUniLinks() but it seems like initUniLinks() executes immediately without waiting for the authentication. When I authenticate in Spotify, it throws a generic "can't connect to localhost" error page but the url includes the auth code that I need.
Not sure what I'm doing wrong here. Admittedly I'm new to Oauth and app-api-connections in general but I thought this would work.
REDIRECT URI is the problem here, You cannot have redirect URI with localhost it fails. either use ngrok and provide the mapped https url or host your callback url and provide it.
Use the custom scheme for redirect_uri, something like this my-app://token/callback. See App Settings for Spotify rules.
Then configure the application for Deep Linking to receive the authentication response.

Why can't I see a cookie I sent from Flask to Flutter in the browser?

I am creating a Flutter Web app that requires login verification. The user makes a post request with authentication information and then my Flask app with send a cookie back to the client.
Here is the code for the Flask App
#app.route('/test', methods=['POST'])
#cross_origin(supports_credentials=True)
def test():
resp = jsonify({'message' : 'Logged in!'})
resp.set_cookie('Set-Cookie', "token", httponly = True, secure = False)
return resp
Here is the Dart/Flutter code where I make the POST request and expect a cookie called 'Set-Cookie'.
class HttpService {
static var dio = Dio();
static testMethod() async {
try {
dio.options.extra['withCredentials'] = true;
var response = await dio.post('http://127.0.0.1:5000/test');
print(response);
} catch (e) {
print(e);
}
}
As you can see, I don't receive this cookie on my browser, but the request is successful and I get the JSON message!
BUT, when I make this same request on Postman, I get the JSON response AND the cookie.
Any help would be greatly appreciated! Let me know if you need any more details/code.
Thanks to Kris, I realized I was making the request from Flutter (Client) to an IP rather than the domain name localhost. Because setting a cookie is domain specific, I couldn't see the cookie set in the developer console.
Here is the updated code
static testMethod() async {
try {
dio.options.extra['withCredentials'] = true;
var response = await dio.post('http://localhost:5000/test');
print(response);
} catch (e) {
print(e);
}
}

Retrieving the Authorization Code from Fitbit API with Flutter

I am trying to build an app with flutter that uses Fitbit API, I tried different packages to do Web Authentication like Fitbitter that uses flutter-web-auth for authentication. Also tried web-view Widget.
in case of Fitbitter :
the issue is when I logged in the fitbit account and get the response that content authorization code https://example.com/callback?code=<authorization_code>#_=_0.
authorize method in FitbitConnector class doesn't redirect me back to the app with authorization code instead stays in the chrome custom tab.
authorize method
static Future<String?> authorize(
{BuildContext? context,
String? clientID,
String? clientSecret,
required String redirectUri,
required String callbackUrlScheme}) async {
// Instantiate Dio and its Response
Dio dio = Dio();
Response response;
String? userID;
// Generate the fitbit url
final fitbitAuthorizeFormUrl = FitbitAuthAPIURL.authorizeForm(
userID: userID, redirectUri: redirectUri, clientID: clientID);
// Perform authentication
try {
final result = await FlutterWebAuth.authenticate(
url: fitbitAuthorizeFormUrl.url!,
callbackUrlScheme: callbackUrlScheme);
//Get the auth code
final code = Uri.parse(result).queryParameters['code'];
// Generate the fitbit url
final fitbitAuthorizeUrl = FitbitAuthAPIURL.authorize(
userID: userID,
redirectUri: redirectUri,
code: code,
clientID: clientID,
clientSecret: clientSecret);
response = await dio.post(
fitbitAuthorizeUrl.url!,
data: fitbitAuthorizeUrl.data,
options: Options(
contentType: Headers.formUrlEncodedContentType,
headers: {
'Authorization': fitbitAuthorizeUrl.authorizationHeader,
},
),
);
// Debugging
final logger = Logger();
logger.i('$response');
// Save authorization tokens
final accessToken = response.data['access_token'] as String;
final refreshToken = response.data['refresh_token'] as String;
userID = response.data['user_id'] as String?;
GetIt.instance<SharedPreferences>()
.setString('fitbitAccessToken', accessToken);
GetIt.instance<SharedPreferences>()
.setString('fitbitRefreshToken', refreshToken);
} catch (e) {
print(e);
} // catch
return userID;
}
Do you know a way to do web authentication and get redirected to the app with user Token and ID?

Client Login using Flutter for Mediawiki

I am in the learning proess for both flutter and requests so forgive me if it is a simple mistake. I am trying to make a client login to a mediaiwki instance using client login api. I can fetch the login token succesfully but when I try to login it says invalid csrf token it gives {"error":{"code":"badtoken","info":"Invalid CSRF token.","*":". The api I am using to login is as follows.
https://www.mediawiki.org/wiki/API:Login#Method_2._clientlogin
Thanks for your help.
To fetch login token succesfully I use
_fetch_login_token() async {
Map<String, String> headers = {"Content-type": "application/json"};
Map<String, String> body = {
'action': "query",
'meta': "tokens",
'type': "login",
'format': "json"
};
Response response = await post(
url,
body: body,
);
//print(response);
// int statusCode = response.statusCode;
// print(statusCode);
var decoded = jsonDecode(response.body);
print(decoded);
var jsonsData = response.body; // toString of Response's body is assigned to jsonDataString
var data = jsonDecode(jsonsData);
var token=data['query']['tokens']['logintoken'];
return _makePostRequest(token);
}
And my failed login as follows
Map<String, String> body = {
'action': "clientlogin",
'username': username,
'password': password,
'loginreturnurl': url,
'logintoken': loginToken,
'format': "json"
};
Response response = await post(
url,
body:body,
);
I solved the problem.For future reference, I have downloaded dio package and added intercepter and cookie manager in order to persist the cookies.

Obtain a new token by refresh token with google_sign_in Flutter

I'm writing an application that call google fit rest api from Flutter.
I need to sign with google using (https://pub.dev/packages/google_sign_in).
I can obtain a token without problem (see Did anyone manage to get the id token from google sign in (Flutter)) but how to obtain a new token when it is expired?
I dont' want to ask to the user to login and obtain a new token every hour
You can do this in 2 ways.
You can use the API.
I don't know if this is standard but you can do a silent login every time the user opens the app, the silent log logs into the user account without user interaction and this way you have a new token. Like this:
Future<String> refreshToken() async {
print("Token Refresh");
final GoogleSignInAccount googleSignInAccount =
await googleSignIn.signInSilently();
final GoogleSignInAuthentication googleSignInAuthentication =
await googleSignInAccount.authentication;
final AuthCredential credential = GoogleAuthProvider.getCredential(
accessToken: googleSignInAuthentication.accessToken,
idToken: googleSignInAuthentication.idToken,
);
final AuthResult authResult = await auth.signInWithCredential(credential);
return googleSignInAuthentication.accessToken; // New refreshed token
}
Get refresh token manually
apiKey - your api key from firebase,
idToken - unexpired id token,
provider - 'google.com', 'apple.com' etc
final url = Uri.parse('https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=$apiKey');
final response = await http.post(
url,
headers: {'Content-type': 'application/json'},
body: jsonEncode({
'postBody': 'id_token=$token&providerId=$provider',
'requestUri': 'http://localhost',
'returnIdpCredential': true,
'returnSecureToken': true
})
);
if (response.statusCode != 200) {
throw 'Refresh token request failed: ${response.statusCode}';
}
final data = Map<String, dynamic>.of(jsonDecode(response.body));
if (data.containsKey('refreshToken')) {
// here is your refresh token, store it in a secure way
} else {
throw 'No refresh token in response';
}
Before calling '.signIn()' method make sure that GoogleSignInAccount variable type has 'forceCodeForRefreshToken' set up with true.
After that take 'serverAuthCode' and make a request to https://accounts.google.com/o/oauth2/token with the next body
'access_type': 'offline', tokenType: <serverAuthCode>, 'grant_type': 'code', 'client_secret': <yourClientSecret>, 'client_id': <yourClientId>, 'redirect_uri': <yourMiddleWare>,.
In response you will get that refresh_token.