You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've recently revisited an old project of mine from 2021, which hadn't been upgraded in a while (I was using v1.1.0, which makes use of clientViaUserConsent A LOT. Unfortunately, after upgrading to v1.6.0, my requests to Google are being blocked with an error 400: 'invalid_request due to loopback flow'.
I've been trying for ages to find a fix and I'm running out of ideas. The problem seems to be with the fact that clientViaUserConsent always uses localhost for its redirect_uri. This is of course no longer allowed.
Specifically the following bit inside: googleapis_auth/lib/src/oauth2_flows/authorization_code_grant_server_flow.dart
AuthorizationCodeGrantServerFlow(
//...
@override
Future<AccessCredentials> run() async {
final server = await HttpServer.bind('localhost', listenPort);
try {
final port = server.port;
final redirectionUri = 'http://localhost:$port'; //this is the culprit right?
final state = randomState();
final codeVerifier = createCodeVerifier();
// Prompt user and wait until they goes to URL and the google
// authorization server calls back to our locally running HTTP server.
userPrompt(
authenticationUri(
redirectionUri,
state: state,
codeVerifier: codeVerifier,
).toString(),
);
//...
As for my own code, I don't think I'm doing anything different than the example:
//Launch the official permission window from google
prompt(String url) async {
if (await canLaunchUrl(Uri.parse(url))) {
await launchUrl(Uri.parse(url));
} else {
throw 'Error - Could not launch $url';
}
}
//Grab the permission credentials
try {
clientViaUserConsent(_credentials, _scopes, prompt)
.then((AuthClient client) {
//...
Please note that switching to the google_sign_in package seems impossible with how much I'm relying on clientViaUserConsent throughout my entire application...
The text was updated successfully, but these errors were encountered:
I've recently revisited an old project of mine from 2021, which hadn't been upgraded in a while (I was using v1.1.0, which makes use of clientViaUserConsent A LOT. Unfortunately, after upgrading to v1.6.0, my requests to Google are being blocked with an error 400: 'invalid_request due to loopback flow'.
I've been trying for ages to find a fix and I'm running out of ideas. The problem seems to be with the fact that clientViaUserConsent always uses localhost for its redirect_uri. This is of course no longer allowed.
Specifically the following bit inside: googleapis_auth/lib/src/oauth2_flows/authorization_code_grant_server_flow.dart
As for my own code, I don't think I'm doing anything different than the example:
Please note that switching to the google_sign_in package seems impossible with how much I'm relying on clientViaUserConsent throughout my entire application...
The text was updated successfully, but these errors were encountered: