Skip to content

Use class instead of param for state in authorization and end-session requests #653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pcba-dev wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Use class instead of param for state in authorization and end-session requests #653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
461a49e
feat: add flexible state parameter handling for authorization and end…
pcba-dev May 5, 2026
18e6ded
test: add unit tests for convering all RequestState cases in authoriz…
pcba-dev May 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 32 additions & 9 deletions ...auth/android/src/main/java/io/crossingthestreams/flutterappauth/FlutterAppauthPlugin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,9 @@ private AuthorizationTokenRequestParameters processAuthorizationTokenRequestArgu
(Map<String, String>) arguments.get("additionalParameters");
allowInsecureConnections = (boolean) arguments.get("allowInsecureConnections");
final String responseMode = (String) arguments.get("responseMode");
final RequestState state = arguments.containsKey("state")
? new RequestState((String) arguments.get("state"))
: null;

return new AuthorizationTokenRequestParameters(
clientId,
Expand All @@ -233,7 +236,8 @@ private AuthorizationTokenRequestParameters processAuthorizationTokenRequestArgu
loginHint,
nonce,
promptValues,
responseMode);
responseMode,
state);
}

@SuppressWarnings("unchecked")
Expand Down Expand Up @@ -286,7 +290,9 @@ private EndSessionRequestParameters processEndSessionRequestArguments(
Map<String, Object> arguments) {
final String idTokenHint = (String) arguments.get("idTokenHint");
final String postLogoutRedirectUrl = (String) arguments.get("postLogoutRedirectUrl");
final String state = (String) arguments.get("state");
final RequestState state = arguments.containsKey("state")
? new RequestState((String) arguments.get("state"))
: null;
final boolean allowInsecureConnections = (boolean) arguments.get("allowInsecureConnections");
final String issuer = (String) arguments.get("issuer");
final String discoveryUrl = (String) arguments.get("discoveryUrl");
Expand Down Expand Up @@ -323,7 +329,8 @@ private void handleAuthorizeMethodCall(
tokenRequestParameters.additionalParameters,
exchangeCode,
tokenRequestParameters.promptValues,
tokenRequestParameters.responseMode);
tokenRequestParameters.responseMode,
tokenRequestParameters.state);
} else {
AuthorizationServiceConfiguration.RetrieveConfigurationCallback callback =
new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() {
Expand All @@ -342,7 +349,8 @@ public void onFetchConfigurationCompleted(
tokenRequestParameters.additionalParameters,
exchangeCode,
tokenRequestParameters.promptValues,
tokenRequestParameters.responseMode);
tokenRequestParameters.responseMode,
tokenRequestParameters.state);
} else {
finishWithDiscoveryError(ex);
}
Expand Down Expand Up @@ -415,7 +423,8 @@ private void performAuthorization(
Map<String, String> additionalParameters,
boolean exchangeCode,
ArrayList<String> promptValues,
String responseMode) {
String responseMode,
@Nullable RequestState state) {
AuthorizationRequest.Builder authRequestBuilder =
new AuthorizationRequest.Builder(
serviceConfiguration, clientId, ResponseTypeValues.CODE, Uri.parse(redirectUrl));
Expand Down Expand Up @@ -461,6 +470,10 @@ private void performAuthorization(
authRequestBuilder.setAdditionalParameters(additionalParameters);
}

if (state != null) {
authRequestBuilder.setState(state.value);
}

AuthorizationService authorizationService = getAuthorizationService();

try {
Expand Down Expand Up @@ -571,7 +584,7 @@ private void performEndSessionRequest(
}

if (endSessionRequestParameters.state != null) {
endSessionRequestBuilder.setState(endSessionRequestParameters.state);
endSessionRequestBuilder.setState(endSessionRequestParameters.state.value);
}

if (endSessionRequestParameters.additionalParameters != null) {
Expand Down Expand Up @@ -827,10 +840,17 @@ private TokenRequestParameters(
}
}

/** Wraps an explicit state value from the method channel.
* null state = key absent (auto-generate); non-null = key was present (null value = suppress, String = custom). */
private static class RequestState {
@Nullable final String value;
RequestState(@Nullable String value) { this.value = value; }
}

private class EndSessionRequestParameters {
final String idTokenHint;
final String postLogoutRedirectUrl;
final String state;
@Nullable final RequestState state;
final String issuer;
final String discoveryUrl;
final boolean allowInsecureConnections;
Expand All @@ -840,7 +860,7 @@ private class EndSessionRequestParameters {
private EndSessionRequestParameters(
String idTokenHint,
String postLogoutRedirectUrl,
String state,
@Nullable RequestState state,
String issuer,
String discoveryUrl,
boolean allowInsecureConnections,
Expand All @@ -861,6 +881,7 @@ private class AuthorizationTokenRequestParameters extends TokenRequestParameters
final String loginHint;
final ArrayList<String> promptValues;
final String responseMode;
@Nullable final RequestState state;

private AuthorizationTokenRequestParameters(
String clientId,
Expand All @@ -873,7 +894,8 @@ private AuthorizationTokenRequestParameters(
String loginHint,
String nonce,
ArrayList<String> promptValues,
String responseMode) {
String responseMode,
@Nullable RequestState state) {
super(
clientId,
issuer,
Expand All @@ -890,6 +912,7 @@ private AuthorizationTokenRequestParameters(
this.loginHint = loginHint;
this.promptValues = promptValues;
this.responseMode = responseMode;
this.state = state;
}
}
}
31 changes: 17 additions & 14 deletions flutter_appauth/ios/flutter_appauth/Sources/flutter_appauth/AppAuthIOSAuthorization.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,14 @@ @implementation AppAuthIOSAuthorization
externalUserAgent:(NSNumber *)externalUserAgent
result:(FlutterResult)result
exchangeCode:(BOOL)exchangeCode
nonce:(NSString *)nonce {
nonce:(NSString *)nonce
state:(id)state {
NSString *codeVerifier = [OIDAuthorizationRequest generateCodeVerifier];
NSString *codeChallenge =
[OIDAuthorizationRequest codeChallengeS256ForVerifier:codeVerifier];
NSString *resolvedState = (state != nil)
? ([state isKindOfClass:[NSString class]] ? state : nil)
: [OIDAuthorizationRequest generateState];

OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc]
initWithConfiguration:serviceConfiguration
Expand All @@ -24,7 +28,7 @@ @implementation AppAuthIOSAuthorization
scope:[OIDScopeUtilities scopesWithArray:scopes]
redirectURL:[NSURL URLWithString:redirectUrl]
responseType:OIDResponseTypeCode
state:[OIDAuthorizationRequest generateState]
state:resolvedState
nonce:nonce != nil
? nonce
: [OIDAuthorizationRequest generateState]
Expand Down Expand Up @@ -119,19 +123,18 @@ @implementation AppAuthIOSAuthorization
? [NSURL URLWithString:requestParameters.postLogoutRedirectUrl]
: nil;

NSString *resolvedState = (requestParameters.state != nil)
? ([requestParameters.state isKindOfClass:[NSString class]]
? requestParameters.state
: nil)
: [OIDAuthorizationRequest generateState];
OIDEndSessionRequest *endSessionRequest =
requestParameters.state
? [[OIDEndSessionRequest alloc]
initWithConfiguration:serviceConfiguration
idTokenHint:requestParameters.idTokenHint
postLogoutRedirectURL:postLogoutRedirectURL
state:requestParameters.state
additionalParameters:requestParameters.additionalParameters]
: [[OIDEndSessionRequest alloc]
initWithConfiguration:serviceConfiguration
idTokenHint:requestParameters.idTokenHint
postLogoutRedirectURL:postLogoutRedirectURL
additionalParameters:requestParameters.additionalParameters];
[[OIDEndSessionRequest alloc]
initWithConfiguration:serviceConfiguration
idTokenHint:requestParameters.idTokenHint
postLogoutRedirectURL:postLogoutRedirectURL
state:resolvedState
additionalParameters:requestParameters.additionalParameters];

UIViewController *rootViewController = [self rootViewController];
id<OIDExternalUserAgent> externalUserAgent =
Expand Down
5 changes: 3 additions & 2 deletions flutter_appauth/ios/flutter_appauth/Sources/flutter_appauth/FlutterAppAuth.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ static NSString *const END_SESSION_ERROR_MESSAGE_FORMAT =
@interface EndSessionRequestParameters : NSObject
@property(nonatomic, strong) NSString *idTokenHint;
@property(nonatomic, strong) NSString *postLogoutRedirectUrl;
@property(nonatomic, strong) NSString *state;
@property(nonatomic, strong) id state;
@property(nonatomic, strong) NSString *issuer;
@property(nonatomic, strong) NSString *discoveryUrl;
@property(nonatomic, strong) NSDictionary *serviceConfigurationParameters;
Expand All @@ -76,7 +76,8 @@ typedef NS_ENUM(NSInteger, ExternalUserAgent) {
externalUserAgent:(NSNumber *)externalUserAgent
result:(FlutterResult)result
exchangeCode:(BOOL)exchangeCode
nonce:(NSString *)nonce;
nonce:(NSString *)nonce
state:(id)state;

- (id<OIDExternalUserAgentSession>)
performEndSessionRequest:(OIDServiceConfiguration *)serviceConfiguration
Expand Down
17 changes: 13 additions & 4 deletions flutter_appauth/ios/flutter_appauth/Sources/flutter_appauth/FlutterAppauthPlugin.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ @interface AuthorizationTokenRequestParameters : TokenRequestParameters
@property(nonatomic, strong) NSString *loginHint;
@property(nonatomic, strong) NSArray *promptValues;
@property(nonatomic, strong) NSString *responseMode;
@property(nonatomic, strong) id state; // nil = absent (auto-generate), NSNull = suppress, NSString = custom
@end

@implementation AuthorizationTokenRequestParameters
Expand All @@ -91,6 +92,7 @@ - (id)initWithArguments:(NSDictionary *)arguments {
withKey:@"promptValues"];
_responseMode = [ArgumentProcessor processArgumentValue:arguments
withKey:@"responseMode"];
_state = [arguments objectForKey:@"state"];
return self;
}
@end
Expand All @@ -102,7 +104,7 @@ - (id)initWithArguments:(NSDictionary *)arguments {
_postLogoutRedirectUrl =
[ArgumentProcessor processArgumentValue:arguments
withKey:@"postLogoutRedirectUrl"];
_state = [ArgumentProcessor processArgumentValue:arguments withKey:@"state"];
_state = [arguments objectForKey:@"state"];
_issuer = [ArgumentProcessor processArgumentValue:arguments
withKey:@"issuer"];
_discoveryUrl = [ArgumentProcessor processArgumentValue:arguments
Expand Down Expand Up @@ -211,7 +213,8 @@ - (void)handleAuthorizeMethodCall:(NSDictionary *)arguments
externalUserAgent:requestParameters.externalUserAgent
result:result
exchangeCode:exchangeCode
nonce:requestParameters.nonce];
nonce:requestParameters.nonce
state:requestParameters.state];
} else if (requestParameters.discoveryUrl) {
NSURL *discoveryUrl = [NSURL URLWithString:requestParameters.discoveryUrl];
[OIDAuthorizationService
Expand Down Expand Up @@ -253,7 +256,10 @@ - (void)handleAuthorizeMethodCall:(NSDictionary *)arguments
exchangeCode:exchangeCode
nonce:
requestParameters
.nonce];
.nonce
state:
requestParameters
.state];
}];
} else {
NSURL *issuerUrl = [NSURL URLWithString:requestParameters.issuer];
Expand Down Expand Up @@ -293,7 +299,10 @@ - (void)handleAuthorizeMethodCall:(NSDictionary *)arguments
exchangeCode:exchangeCode
nonce:
requestParameters
.nonce];
.nonce
state:
requestParameters
.state];
}];
}
}
Expand Down
31 changes: 17 additions & 14 deletions flutter_appauth/macos/flutter_appauth/Sources/flutter_appauth/AppAuthMacOSAuthorization.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,14 @@ @implementation AppAuthMacOSAuthorization
externalUserAgent:(NSNumber *)externalUserAgent
result:(FlutterResult)result
exchangeCode:(BOOL)exchangeCode
nonce:(NSString *)nonce {
nonce:(NSString *)nonce
state:(id)state {
NSString *codeVerifier = [OIDAuthorizationRequest generateCodeVerifier];
NSString *codeChallenge =
[OIDAuthorizationRequest codeChallengeS256ForVerifier:codeVerifier];
NSString *resolvedState = (state != nil)
? ([state isKindOfClass:[NSString class]] ? state : nil)
: [OIDAuthorizationRequest generateState];

OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc]
initWithConfiguration:serviceConfiguration
Expand All @@ -24,7 +28,7 @@ @implementation AppAuthMacOSAuthorization
scope:[OIDScopeUtilities scopesWithArray:scopes]
redirectURL:[NSURL URLWithString:redirectUrl]
responseType:OIDResponseTypeCode
state:[OIDAuthorizationRequest generateState]
state:resolvedState
nonce:nonce != nil
? nonce
: [OIDAuthorizationRequest generateState]
Expand Down Expand Up @@ -119,19 +123,18 @@ @implementation AppAuthMacOSAuthorization
? [NSURL URLWithString:requestParameters.postLogoutRedirectUrl]
: nil;

NSString *resolvedState = (requestParameters.state != nil)
? ([requestParameters.state isKindOfClass:[NSString class]]
? requestParameters.state
: nil)
: [OIDAuthorizationRequest generateState];
OIDEndSessionRequest *endSessionRequest =
requestParameters.state
? [[OIDEndSessionRequest alloc]
initWithConfiguration:serviceConfiguration
idTokenHint:requestParameters.idTokenHint
postLogoutRedirectURL:postLogoutRedirectURL
state:requestParameters.state
additionalParameters:requestParameters.additionalParameters]
: [[OIDEndSessionRequest alloc]
initWithConfiguration:serviceConfiguration
idTokenHint:requestParameters.idTokenHint
postLogoutRedirectURL:postLogoutRedirectURL
additionalParameters:requestParameters.additionalParameters];
[[OIDEndSessionRequest alloc]
initWithConfiguration:serviceConfiguration
idTokenHint:requestParameters.idTokenHint
postLogoutRedirectURL:postLogoutRedirectURL
state:resolvedState
additionalParameters:requestParameters.additionalParameters];

NSWindow *keyWindow = [[NSApplication sharedApplication] keyWindow];
id<OIDExternalUserAgent> externalUserAgent =
Expand Down
18 changes: 14 additions & 4 deletions flutter_appauth/macos/flutter_appauth/Sources/flutter_appauth/FlutterAppauthPlugin.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ @interface AuthorizationTokenRequestParameters : TokenRequestParameters
@property(nonatomic, strong) NSString *loginHint;
@property(nonatomic, strong) NSArray *promptValues;
@property(nonatomic, strong) NSString *responseMode;
/// Raw value from the method channel: nil = absent (auto-generate), NSNull = suppress, NSString = custom.
@property(nonatomic, strong) id state;
@end

@implementation AuthorizationTokenRequestParameters
Expand All @@ -91,6 +93,7 @@ - (id)initWithArguments:(NSDictionary *)arguments {
withKey:@"promptValues"];
_responseMode = [ArgumentProcessor processArgumentValue:arguments
withKey:@"responseMode"];
_state = [arguments objectForKey:@"state"];
return self;
}
@end
Expand All @@ -102,7 +105,7 @@ - (id)initWithArguments:(NSDictionary *)arguments {
_postLogoutRedirectUrl =
[ArgumentProcessor processArgumentValue:arguments
withKey:@"postLogoutRedirectUrl"];
_state = [ArgumentProcessor processArgumentValue:arguments withKey:@"state"];
_state = [arguments objectForKey:@"state"];
_issuer = [ArgumentProcessor processArgumentValue:arguments
withKey:@"issuer"];
_discoveryUrl = [ArgumentProcessor processArgumentValue:arguments
Expand Down Expand Up @@ -210,7 +213,8 @@ - (void)handleAuthorizeMethodCall:(NSDictionary *)arguments
externalUserAgent:requestParameters.externalUserAgent
result:result
exchangeCode:exchangeCode
nonce:requestParameters.nonce];
nonce:requestParameters.nonce
state:requestParameters.state];
} else if (requestParameters.discoveryUrl) {
NSURL *discoveryUrl = [NSURL URLWithString:requestParameters.discoveryUrl];
[OIDAuthorizationService
Expand Down Expand Up @@ -252,7 +256,10 @@ - (void)handleAuthorizeMethodCall:(NSDictionary *)arguments
exchangeCode:exchangeCode
nonce:
requestParameters
.nonce];
.nonce
state:
requestParameters
.state];
}];
} else {
NSURL *issuerUrl = [NSURL URLWithString:requestParameters.issuer];
Expand Down Expand Up @@ -292,7 +299,10 @@ - (void)handleAuthorizeMethodCall:(NSDictionary *)arguments
exchangeCode:exchangeCode
nonce:
requestParameters
.nonce];
.nonce
state:
requestParameters
.state];
}];
}
}
Expand Down
1 change: 1 addition & 0 deletions flutter_appauth_platform_interface/lib/flutter_appauth_platform_interface.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ export 'src/authorization_token_request.dart';
export 'src/authorization_token_response.dart';
export 'src/end_session_request.dart';
export 'src/end_session_response.dart';
export 'src/request_state.dart';
export 'src/errors.dart';
export 'src/external_user_agent.dart';
export 'src/flutter_appauth_platform.dart';
Expand Down
Loading
Loading