Invalid redirect_uri in keycloak

Question

Invalid redirect_uri in keycloak

Closed this issue 3 months ago · 4 comments

Hello,

this is probably not this plugin's error, still, who knows, I don't.

I have an older Flutter project, authskel (for auth skeleton).
It has

        manifestPlaceholders += [
            'appAuthRedirectScheme': 'de.icod.authskel'
        ]

and used to work with Keycloak.
AppAuth's version back then was 4.2.1.
I don't know what Keycloak's version was.
So nothing has changed except the Keycloak version and Flutter's version.
That suggests it's Keycloak's fault.

Now I was running the same project and Keycloak complains that invalid parameter: redirect_uri.

  final String _clientId = 'flutter-dev';
  final String _redirectUrl = 'de.icod.authskel:/oauthredirect';
  final String _issuer = 'https://connect.icod.de/auth/realms/bicki';
  final String _discoveryUrl = 'https://connect.icod.de/auth/realms/bicki/.well-known/openid-configuration';
  final String _postLogoutRedirectUrl = 'de.icod.bicki:/';

Answer 1 · 2024-07-04T10:44:06.000Z

make sure to add the redirectUrl in Keycloak: Admin Console > Clients > your-client-name > Settings > Valid redirect URIs

Answer 2 · 2024-07-04T15:42:50.000Z

The flutter-dev client has * as "Valid redirect URIs", "Valid post logout redirect URIs" and "Web origins"
It would be a new change that * no longer acts as a wildcard and one has to explicitly enter the redirect_uris.
I'm doing something else and will get back to this when I have time.

Answer 3 · 2024-07-04T16:43:29.000Z

It was indeed that I had to explicitly state the appAuthRedirectScheme's redirect_uri, in the form of, going by this initial post's example: de.icod.authskel:*

Answer 4 · 2024-07-04T16:59:42.000Z

Indeed, they changed that behavior in version 21.1.2 as mentioned here.
I think it's best not to use a wildcard there, at least not in production 😅.