User Authentication for flutter web using OpenID Connect? (-> KeyCloak)? - flutter

I'm currently working on a flutter/dart-based webpage (not an app). Now I came to the point that I want the web page to open only if the user has authenticated on my cloud-based Keycloak Server (cloud-iam.com).
There are some openid-connect client packages for flutter available, but most only work for google firebase/aws.. and some others are only working for apps, others are already outdated.
For now, I simply want to use the login frontend offered by the keycloak server.
But I totally failed to bring the available openidc packages to a success... :-(
Does anyone have a suitable package and a reference flutter/dart-application how to authenticate a user using an oidc-identity provider (i.e. keycloak?)
Thanks!

You can try keycloak_flutter package which handles keycloak user authentication for the flutter web only
https://pub.dev/packages/keycloak_flutter
As per this package example
https://github.com/gibahjoe/keycloak_flutter/tree/master/example
you can provide you keycloak realm and clientid details, it'll navigate to your keycloak server for login authentication after that you can allow your app to use the token details provided after login

Related

How to force creating a new session in Keycloak to authenticate CLI apps using OIDC Protocol

I have a webapp that uses Keycloak for user management and auth provider successfully.
The same application requires a CLI tool for some operations (similar to the gcloud CLI + web console).
I've implemented the CLI part using the OIDC Authorization Code Flow that opens the browser for the user to authenticate. It works like a charm.
However, if the user logoff from the browser, Keycloak will invalidate the session and the cli will have to re-authenticate to get a new access_token and refresh_token.
My question here is, how can I force the CLI app login to create a new session separate from the browser session.
Or, if not possible, what's the correct way of achieving this?
Eventually, found out that I just have to add the scope offline_access to the list of scopes I am requesting. Keycloak will then create a new offline session (bad name for the feature, Offline just means that the user doesn't have to be present, but all the refreshes happen the same way)
https://github.com/keycloak/keycloak-documentation/blob/main/server_admin/topics/sessions/offline.adoc

Google Auth API - idpiframe_initialization_failed on Production environment

I integrate Google's Auth API in my production website.
When I enter the login page, it throws an idpiframe_initialization_failed exceptions to the console.
I found out that I can fix it by enabling that API / Cookies in my chrome browser, but I want to find a comprehensive solution that will prevent those exceptions in my production environment.
So my two questions are:
What do you suggest me to do in order to achieve that?
In general, what is the meaning of those excpections?
Thanks :)
If you have a production url like http://godaddysite.com etc host your page there with a Webserver.
Opening a htnl page from your computer with javascript doesnot work as it is not hosted on webserver.
Please check your redirect url etc when you created Oauth client.
Go to the Credentials page.
Click Create credentials > OAuth client ID.
Select the Web application application type.
Name your OAuth 2.0 client and click Create
check origins
create new OAuth with correct origins.

On Premise Active Directory Federation Server - Application Groups

I do not see [Application Groups] folder in my ADFS. How can I install it to see it in my AD FS Management?
I want my WEB API(REST) project to connect to ADFS for authentication. Additionally, I want to test my REST API Authentication without a login screen, please help in this as well. My API will be consumed by CRM users, who are already connected to ADFS. Now the requirement is to create an REST API which will be hit by CRM users and CRM user will pass a userid and password which will be authenticated by ADFS internally without login screen. How can I do that?
Any help please.
Thanks
Application Groups are only available in Server 2016 and 2019. They are available in the ADFS wizard by default.
In terms of sample code for calling API, have a look here.

Build Security Token Service (STS) application in ASP.NET for SSO

I have created a new ASP.NET web site using VS 2017 and changed the Authentication mechanism to use "Individual User Accounts". This adds the Claims Principal or WIF class support.I can click on register / log in, and set up user emails and then check for the claims for that user. I will also be using Server Session Authentication Management (SAM) to save claims on the server and do some claims transformation as well.
After Login, this site calls a winform application, and after some activity I return back to the above website.
I want to know how can I use SSO logic here and check if I am already Authenticated and access my claims saved at the server side / website and authenticate the user based on the saved claims.
Is there some project or code example anyone can give which i can use as a start to develop such a STS service (in VS 2017) with SSO and access my claims on website after coming from another domain?
The identity and access tools used to work only with VS 2012, so any way to replicate the above scenario and check for my saved claims after I hit my website from the winform application.
There's a good example here of using WS-Fed with Azure AD.
This is easily adaptable to ADFS.
Your other choice is to use ADAL.

How can I enable login button of identity provider (external) on SP login page

I am using WSO2 Identity server product version 5.0.0. I use SP1. In our latest architecture we use a specific login page for each service provider. Each service provider can be configured under different tenant domains, eventually with differences (for an example, for a tenant is configured the internal and the facebook login but for another tenant just the internal login).
I want to know if it is possible to visualize on the login page the external Identity provider login button according to the Service provider configuration under the specific tenant domain. Please help me to solve this, I am stuck on this advance configuration. I could not find any documents for this.
Yes, according to my knowledge your requirement is possible with WSO2-IS.
Please refer document [1] for Customizing the login page for SAML SSO service providers.
And you can get more custom configuration details using this blog as well. [2]
Also if you need to re-theming wso2 management console, that also possible with WSO2-IS. Please find the reference document [3].
[1]https://docs.wso2.com/display/IS500/Customizing+Login+Pages
[2]http://dulanja.blogspot.com/2014/01/wso2-is-samlsso-customizing-login-page.html
[3]http://wso2.com/library/tutorials/2011/12/retheming-carbon-products/