Auth in Flutter using storage and cookie (not using Firebase)? - flutter

I am trying to build a login screen for Flutter right now. I have two questions related to how it works in Flutter.
I have my backend set with React and use cookies for auth check. Is it possible to store cookies like web in Flutter? I have cookie validation backend that it checks for valid cookies. Wondering if I can still use this in Flutter.
If I use a local storage approach, do I have to setup a permission request for that? And, if a user rejects then I can't use it correct? Moreover, does android users have access to this file?
I am not using Firebase, I have my own backend. Is there a best practice for Node <---> Flutter auth? Most questions or doc are related to Firebase.

There is no support for something like Android AccountManager yet, but there are some plugins that do similar things:
https://pub.dev/packages/accountmanager
https://pub.dev/packages/account_manager_plugin
/EDIT:
There is a CookieStore class if you want to store cookie
https://api.flutter.dev/flutter/dart-html/CookieStore-class.html

Related

How to set up OAuth2.0 for flutter iOS app (redirect URL?)

I'm a beginner developer. I am writing an iOS application using Flutter. I need to use an API to identify my user. The provider of that API asks me to send them a redirect URL. From what I understand, when an user identify themselves on my app, a request will be send to the API provider, and once the user is correctly identified, the API provider want to know where to send the user (the redirect URL). But I want the user to stay on my app.
How should I set up that ?
Thanks
The usual way to implement this is via the AppAuth pattern, where the app invokes an ASWebAuthenticationSession window, which is a secure browser. From a UX viewpoint it looks integrated and remains a part of the app.
As a next step, maybe have a look at my iOS AppAuth Basic Tutorial to see what this looks like. The simplest option is a private URI scheme based redirect URL that looks like this:
net.openid.appauthdemo:/oauth2redirect
Once the concepts are understood, and your team has reviewed the user experience etc, the next step would be to implement this behaviour in Flutter.

I am working on a flutter web project, and i want to know how to store and retrive a cookie in flutter web

I am new to the flutter web space, I am trying to develop a flutter web application and I trying to store an authentication credential in a cookie while logging in and then the credential will be added to the header of every request. here i issue is how to store and retrieve the cookies.
I have tried shared_preference and cookieJar, I use 'edit this cookie' chrome extension to see the cookies stored in a website, but when is use either shared_preference or cookieJar i can't see any cookie rather i can see variable in local storage when i use shared preference. I want to know how we can store and retrive cookies in flutter web.

Ionic App, silent Authentication or refresh token to allow user stay signed in

I just created a new Ionic app and using Auth0 for user login and registrations. I have .net core backend.
I am following the Ionic quick start guide https://auth0.com/docs/quickstart/native/ionic4/01-login and everything is working ok. I use new Universal login.
The issue I have is users get logged out after the access_token has expired. I previously used Silent Authentication and refresh tokens in two different apps, however I am unable to find a sample code like quick start guide for either. I have an angular website too. Hence my users can either use mobile app or Angular website to login. I would appreciate any help to keep my users loggedin, in both website and ionic mobile app please.
Many thanks
Last I checked, Auth0 doesn't have many samples for acquiring refresh tokens from application frontends, which is typically what I would consider ionic/angular to be used for. Obviously, you could be building a "native" style application with either of those, but frontend auth is sometimes a little messy and insecure because the client has your code and you usually need to implement some kind of middleware.
It looks like the ionic quickstart uses auth0-js which defaults to an implicit flow, which would confirm my hunch above.
I personally pass the refresh token logic off to my backend, and let the backend function as my "middleware". You can find some basic code samples for backends/native apps here. I use the code-grant flow typically, but you could use PKCS.
The long and short is, I don't think you're going to find sample code on that, but you could hack something together with something like axios if you wanted to go the middleware route, or you could go backend with your auth.

Upload media to Firebase Storage from Standalone Apple Watch app

I'm trying to create an apple watch only app besides our app. This would be a standalone app without ties to the base app.
I can't use Firebase SDK-s, or other Google SDK-s as none of them support the watch.
I am trying to use the REST API-s and I hit a road block.
I can successfully retrieve a token for a user/password account with the identitytoolkit domain "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key="
which gives me a token I am trying to use for the endpoint:
https://www.googleapis.com/upload/storage/v1/b/mybucketid/o?uploadType=media&name=test233
however this endpoint tells me that I'm unauthorized. When I use the token I get with from OAuth 2.0 playground it works.
The problem is that that one expires and I cant build the app with a new token every time obviously.
Could you tell me what I'm doing wrong? I can't open webviews on the watch to approve a sign in, also can't communicate with an iPhone as this is a standalone app. I need something thats just hardcoded pure code. This is still an experiment and wont go out to real users. A non-expiring token would also work for my use-case.
I changed my buckets policy in a way that my user should be able to write into it but its still giving me authorization issues.
I don't think you can upload to a Cloud Storage bucket that is secured by Firebase through the REST API with a Firebase Authentication user. Essentially the REST API doesn't know how to execute Firebase rules, and only accepts operations that come with an OAuth2 token from a collaborator on the project.
Can you authenticate with the iPhone app and get a token from there when the old one expires? I know you are building a standalone watch app, but maybe this is a compromise worth making. Then you could use Firebase Functions to upload the image, validate the token (admin.auth().verifyIdToken(token)) and push the image to Cloud Storage. I have not tried this with an image but have successfully submitted authenticated payloads to the Firebase Realtime Database REST endpoints from a watchKit app.

Using Firebase and ionic.io platform authentication

We are writing a mobile application using Ionic Framework and Firebase for our data storage. Now we are looking into the new Ionic Platform for easy deployment and easy push notifications features.
Now as we are going to use most of the Ionic Platform features, we would also like to use their authentication system, also because it makes sending push notifications to specific users easy from within our Ionic Platform dashboard and their API.
Now I am trying to figure out how to incorporate the Ionic User Authentication with Firebase.
In short: How can we link our Ionic users to our Firebase authentication and authorization?
At first glance, it looks like Ionic is providing a similar authentication services as Firebase does.
The point is, if you need to create user based security on the Firebase database, that is, limit data access based on the user identity, you will have to use the Firebase authentication.
In any case I don't see a scenario where you need both authentication systems together.