I am building a flutter mobile app which uses ouath2 to authenticate against an external application. At the minute we are using an external library which can be found here for reference: https://github.com/daniel-price/oauth_http
This library depends on the following packages:
flutter_secure_storage: ^3.3.3
http: ^0.12.0
uuid: 2.0.4
flutter_web_auth: ^0.2.4
At present the application is reaching out to an application called truelayer which is a banking application. At the minute the application goes out, using the client ID and client secret and does send back an access code. I have already placed the host and scheme URL in the androidManifest.xml. An example of this code can be seen here:
authorise() async {
//Set up
var identifier = 'CLIENT_ID'; //sandbox identifier
var secret = 'CLIENT_SECRET'; //sandbox
var callbackUrlScheme = 'http://gopomelo.co.uk';
var callBackUrlHost = 'callback';
var createPostUrl = 'https://auth.truelayer-sandbox.com/connect/token'; //sandbox
var redirectUrl = '$callbackUrlScheme/$callBackUrlHost';
print(redirectUrl);
var authUrl = 'https://auth.truelayer-sandbox.com/?response_type=code'
'&client_id=$identifier'
'&scope=info%20accounts%20balance%20cards%20transactions%20direct_debits%20standing_orders%20offline_access'
'&redirect_uri=$redirectUrl'
'&providers=uk-ob-all%20uk-oauth-all%20uk-cs-mock';
var oAuthHttp = OAuthHttp.factory(authUrl, callbackUrlScheme, createPostUrl,
identifier, secret, redirectUrl);
print(oAuthHttp);
var uuidAccessToken = await oAuthHttp.authenticate();
print(uuidAccessToken);
print("here");
var results = await oAuthHttp.doGet(
"https://api.truelayer.com/data/v1/me", uuidAccessToken);
print(results);
}
Question: On the truelayer application a redirect URL is required, what i would like to know and understand better is does the domain for the uri need to exist? Once i get the access token back from truelayer how do i close the web_auth window and redirect back to the application?
If more explanation is required, please let me know
Thanks in advance