Phase B: Keycloak OIDC (PKCE) statt Cookie-Session-Login
App-Code: - KeycloakOidcTokenProvider: PKCE-Login via flutter_appauth, Refresh via Refresh-Token aus flutter_secure_storage, Session-Restore beim App-Start, Logout. - AuthSessionEvent als Provider→Bloc-Brücke (LoggedIn/LoggedOut/ SessionExpired) auf einem Broadcast-Stream. - AuthBloc komplett umgebaut: nimmt jetzt den KeycloakOidcTokenProvider statt UserInfoService, mappt eingehende Provider-Events auf eigene Zustände. Authenticated.fromClaims() liest personalnummer + Name aus dem ID-Token-Payload. - LoginPage: kein Browser+Deep-Link mehr — Button feuert LoginRequested, der Provider übernimmt den restlichen Flow. - network_locator: produktiver KeycloakOidcTokenProvider, doppelt registriert (KeycloakOidcTokenProvider für AuthBloc, AuthTokenProvider für Interceptor). - Auth-State trägt zusätzlich personalnummer/displayName/email; das Legacy-User-Objekt + sessionId bleiben temporär drin, damit die alten ERPframe-Services (Phase D) noch kompilieren. Plattform-Setup: - Android: appAuthRedirectScheme=holzleitner in build.gradle.kts, NetworkSecurityConfig erlaubt HTTP zu localhost/10.0.2.2/127.0.0.1. - iOS: holzleitner als URL-Scheme im Info.plist, ATS-Ausnahme für localhost (HTTP-Keycloak im Dev-Setup). Out of scope: - Keine echte App-Run-Smoke — kommt mit dem User-Test. - iOS-pod-install läuft beim ersten 'flutter run ios' automatisch. - Old ERPframe-Services bleiben aktiv und werfen ab jetzt 401 (kein Cookie-Session-Token mehr) — wird in Phase D entfernt.
This commit is contained in:
@ -1,129 +1,20 @@
|
||||
import 'package:flutter/material.dart';
|
||||
import 'package:app_links/app_links.dart';
|
||||
import 'package:flutter_bloc/flutter_bloc.dart';
|
||||
|
||||
import 'package:hl_lieferservice/feature/authentication/bloc/auth_bloc.dart';
|
||||
import 'package:hl_lieferservice/feature/authentication/bloc/auth_event.dart';
|
||||
import 'package:hl_lieferservice/feature/authentication/bloc/auth_state.dart';
|
||||
import 'package:url_launcher/url_launcher.dart';
|
||||
import 'package:hl_lieferservice/util.dart';
|
||||
import 'dart:async';
|
||||
|
||||
class LoginPage extends StatefulWidget {
|
||||
final bool sessionExpired;
|
||||
|
||||
/// Login-Page nach der Migration auf Keycloak OIDC (Phase B).
|
||||
///
|
||||
/// Der eigentliche Flow läuft komplett im `AuthBloc` →
|
||||
/// `KeycloakOidcTokenProvider.login()`: `flutter_appauth` öffnet einen
|
||||
/// Browser-Tab, der RedirectURI `holzleitner://oauth2redirect` kommt
|
||||
/// zurück, der Code wird gegen Tokens getauscht.
|
||||
class LoginPage extends StatelessWidget {
|
||||
const LoginPage({super.key, this.sessionExpired = false});
|
||||
|
||||
@override
|
||||
State<StatefulWidget> createState() => _LoginPageState();
|
||||
}
|
||||
|
||||
class _LoginPageState extends State<LoginPage> {
|
||||
final _loginFormKey = GlobalKey<FormState>();
|
||||
bool _isLoading = false;
|
||||
late AppLinks _appLinks;
|
||||
StreamSubscription<Uri>? _linkSubscription;
|
||||
|
||||
@override
|
||||
void initState() {
|
||||
super.initState();
|
||||
_appLinks = AppLinks();
|
||||
}
|
||||
|
||||
@override
|
||||
void dispose() {
|
||||
_linkSubscription?.cancel();
|
||||
super.dispose();
|
||||
}
|
||||
|
||||
void _onPressLogin() async {
|
||||
setState(() => _isLoading = true);
|
||||
|
||||
try {
|
||||
debugPrint("🔵 Setting up deep link listener...");
|
||||
|
||||
final completer = Completer<Uri>();
|
||||
|
||||
// Listen for deep links BEFORE opening browser
|
||||
_linkSubscription = _appLinks.uriLinkStream.listen(
|
||||
(Uri uri) {
|
||||
debugPrint("🟢 Deep link received: $uri");
|
||||
if (uri.scheme == 'myapp' && !completer.isCompleted) {
|
||||
completer.complete(uri);
|
||||
}
|
||||
},
|
||||
onError: (err) {
|
||||
debugPrint("🔴 Deep link error: $err");
|
||||
if (!completer.isCompleted) {
|
||||
completer.completeError(err);
|
||||
}
|
||||
},
|
||||
);
|
||||
|
||||
// Small delay to ensure listener is ready
|
||||
await Future.delayed(const Duration(milliseconds: 500));
|
||||
|
||||
final loginUrl = Uri.parse('${getConfig().backendUrl}/login');
|
||||
final launched = await launchUrl(
|
||||
loginUrl,
|
||||
mode: LaunchMode.externalApplication,
|
||||
);
|
||||
|
||||
if (!launched) {
|
||||
throw Exception('Could not launch browser');
|
||||
}
|
||||
|
||||
debugPrint("🔵 Browser opened. Waiting for callback...");
|
||||
|
||||
// Wait for the deep link callback
|
||||
final callbackUri = await completer.future.timeout(
|
||||
const Duration(minutes: 5),
|
||||
onTimeout: () {
|
||||
debugPrint("⏱️ Timeout - no callback received");
|
||||
throw TimeoutException('Login timeout');
|
||||
},
|
||||
);
|
||||
|
||||
final sessionId = callbackUri.queryParameters['session_id']!;
|
||||
|
||||
debugPrint("✅ Success! Callback: $callbackUri");
|
||||
debugPrint("✅ Session ID: $sessionId");
|
||||
|
||||
await _linkSubscription?.cancel();
|
||||
_linkSubscription = null;
|
||||
|
||||
if (mounted) {
|
||||
ScaffoldMessenger.of(context).showSnackBar(
|
||||
const SnackBar(
|
||||
content: Text('Login erfolgreich!'),
|
||||
backgroundColor: Colors.green,
|
||||
),
|
||||
);
|
||||
|
||||
context.read<AuthBloc>().add(SetAuthenticatedEvent(sessionId: sessionId));
|
||||
}
|
||||
|
||||
} on TimeoutException {
|
||||
debugPrint("❌ Timeout");
|
||||
if (mounted) {
|
||||
ScaffoldMessenger.of(context).showSnackBar(
|
||||
const SnackBar(content: Text('Login Timeout')),
|
||||
);
|
||||
}
|
||||
} catch (e) {
|
||||
debugPrint("❌ Error: $e");
|
||||
if (mounted) {
|
||||
ScaffoldMessenger.of(context).showSnackBar(
|
||||
SnackBar(content: Text('Fehler: $e')),
|
||||
);
|
||||
}
|
||||
} finally {
|
||||
await _linkSubscription?.cancel();
|
||||
_linkSubscription = null;
|
||||
if (mounted) {
|
||||
setState(() => _isLoading = false);
|
||||
}
|
||||
}
|
||||
}
|
||||
final bool sessionExpired;
|
||||
|
||||
@override
|
||||
Widget build(BuildContext context) {
|
||||
@ -131,87 +22,78 @@ class _LoginPageState extends State<LoginPage> {
|
||||
appBar: AppBar(),
|
||||
body: Column(
|
||||
children: [
|
||||
if (widget.sessionExpired)
|
||||
if (sessionExpired)
|
||||
MaterialBanner(
|
||||
padding: const EdgeInsets.symmetric(horizontal: 16, vertical: 8),
|
||||
content: const Text(
|
||||
"Deine Sitzung ist abgelaufen. Bitte melde dich erneut an.",
|
||||
'Deine Sitzung ist abgelaufen. Bitte melde dich erneut an.',
|
||||
style: TextStyle(color: Colors.white),
|
||||
),
|
||||
backgroundColor: Colors.orange.shade800,
|
||||
leading: const Icon(Icons.warning_amber_rounded, color: Colors.white),
|
||||
actions: [const SizedBox.shrink()],
|
||||
leading: const Icon(
|
||||
Icons.warning_amber_rounded,
|
||||
color: Colors.white,
|
||||
),
|
||||
actions: const [SizedBox.shrink()],
|
||||
),
|
||||
Expanded(
|
||||
child: Center(
|
||||
child: Column(
|
||||
mainAxisAlignment: MainAxisAlignment.start,
|
||||
children: [
|
||||
Padding(
|
||||
padding: const EdgeInsets.all(50),
|
||||
child: Center(
|
||||
child: Column(
|
||||
mainAxisAlignment: MainAxisAlignment.start,
|
||||
children: [
|
||||
Image.asset(
|
||||
"assets/holzleitner_Logo_2017_RZ_transparent.png",
|
||||
Padding(
|
||||
padding: const EdgeInsets.all(50),
|
||||
child: Column(
|
||||
children: [
|
||||
Image.asset(
|
||||
'assets/holzleitner_Logo_2017_RZ_transparent.png',
|
||||
),
|
||||
const Padding(
|
||||
padding: EdgeInsets.only(top: 20),
|
||||
child: Text(
|
||||
'Auslieferservice',
|
||||
style: TextStyle(
|
||||
fontWeight: FontWeight.w400,
|
||||
fontSize: 20,
|
||||
),
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
const Padding(
|
||||
padding: EdgeInsets.only(top: 20),
|
||||
child: Text(
|
||||
"Auslieferservice",
|
||||
style: TextStyle(
|
||||
fontWeight: FontWeight.w400,
|
||||
fontSize: 20,
|
||||
FractionallySizedBox(
|
||||
widthFactor: 0.8,
|
||||
child: Padding(
|
||||
padding: const EdgeInsets.only(top: 15, bottom: 15),
|
||||
child: BlocBuilder<AuthBloc, AuthState>(
|
||||
builder: (context, state) {
|
||||
if (state is Authenticating) {
|
||||
return Column(
|
||||
children: const [
|
||||
CircularProgressIndicator(),
|
||||
SizedBox(height: 16),
|
||||
Text('Anmeldung wird abgeschlossen…'),
|
||||
],
|
||||
);
|
||||
}
|
||||
return OutlinedButton(
|
||||
onPressed: () => context.read<AuthBloc>().add(
|
||||
const LoginRequested(),
|
||||
),
|
||||
child: const Text(
|
||||
'Anmelden mit Holzleitner Login',
|
||||
),
|
||||
);
|
||||
},
|
||||
),
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
Form(
|
||||
key: _loginFormKey,
|
||||
child: FractionallySizedBox(
|
||||
widthFactor: 0.8,
|
||||
child: Column(
|
||||
mainAxisAlignment: MainAxisAlignment.center,
|
||||
children: [
|
||||
Padding(
|
||||
padding: const EdgeInsets.only(top: 15, bottom: 15),
|
||||
child: BlocBuilder<AuthBloc, AuthState>(
|
||||
builder: (context, authState) {
|
||||
final isBusy =
|
||||
_isLoading || authState is Authenticating;
|
||||
if (!isBusy) {
|
||||
return OutlinedButton(
|
||||
onPressed: _onPressLogin,
|
||||
child: const Text(
|
||||
"Anmelden mit Holzleitner Login",
|
||||
),
|
||||
);
|
||||
}
|
||||
return Column(
|
||||
children: [
|
||||
const CircularProgressIndicator(),
|
||||
const SizedBox(height: 16),
|
||||
Text(
|
||||
authState is Authenticating
|
||||
? 'Anmeldung wird abgeschlossen…'
|
||||
: 'Warte auf Login...',
|
||||
),
|
||||
],
|
||||
);
|
||||
},
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user