Configurable local callback server

[ludoo0d0a]

Hi,

API providers are sometimes very restrictive about redirect uris.
Please provide a way to customize the server parameters so that it can match every callback uri.
Especially the port number.

[acoutts]

@ludoo0d0a can you try this approach? I think this is safer too. Using a non-https localhost server could be sniffed by a malware on the device.

1. set redirect URI as some deep link only your app would know, like:
   com.yourapp://oauthredirect
2. open a webview to the authorization URL with the redirect set as that deep link.
3. hook into the onNavigate method for the webview and detect if you're going to a link matching your oauth redirect.
4. capture the token response and close the webview.

[acoutts]

Actually for oauth, I just learned the entire approach of implementing your own webview flow is a really bad idea. Use the native AppAuth library instead, which utilizes secure webviews on both iOS and Android.

Here's a convenient Flutter wrapper library for it: https://pub.dev/packages/flutter_appauth

More info here: https://www.gluu.org/blog/webviews-are-bad-use-appauth/