Casdoor Flutter SDK likes points latest version Platform License

casdoor-flutter-sdk will allow you to easily connect your Flutter-based application to the Casdoor authentication system without having to implement it from scratch.

The following platforms are supported:

  • Android
  • iOS
  • Linux
  • macOS
  • Web
  • Windows
Android iOS Web
Android iOS Web


Use this plugin in your Flutter app to:

  • Connect to casdoor for SSO
  • Get the token after the casdoor authentication


This section has examples of code for the following tasks:

Initialization requires 6 parameters

Initialization requires 6 parameters, which are all str type:

Name (in order) Must Description
clientId Yes Application.client_id
endpoint Yes Casdoor Server Url, such as
organizationName Yes Organization name
appName Yes Application name
redirectUri Yes URI of Web redirection
callbackUrlScheme Yes URL Scheme
  final CasdoorFlutterSdkConfig _config =  CasdoorFlutterSdkConfig(
      clientId: "014ae4bd048734ca2dea",
      endpoint: "",
      organizationName: "casbin",
      appName: "app-casnode",
      redirectUri: "http://localhost:9000/callback",
      callbackUrlScheme: "casdoor"

Judgment platform

Set the callbackuri parameter by judging different platforms

 final platform = await CasdoorFlutterSdkPlatform.getPlatformVersion();
    String callbackUri;
    if (platform == "web") {
       callbackUri = "${_config.redirectUri}.html";
    } else {
       callbackUri = "${_config.callbackUrlScheme}://callback" ;

Authorize with the Casdoor server

At this point, we should use some ways to verify with the Casdoor server.

To start, we want you understand clearly the verification process of Casdoor. The following paragraphs will mention your app that wants to use Casdoor as a means of verification as APP, and Casdoor as Casdoor.

  1. APP will send a request to Casdoor. Since Casdoor is a UI-based OAuth provider, you cannot use request management service like Postman to send a URL with parameters and get back a JSON file.

  2. The simplest way to try it out is to type the URL in your browser.

  3. Type in the URL in your browser in this format: endpoint/login/oauth/authorize?client_id=xxx&response_type=code&redirect_uri=xxx&scope=read&state=xxx In this URL the endpoint is your Casdoor's location, as mentioned in Step1; then the xxx need to be filled out by yourself.

Get token and parse

After Casdoor verification passed, it will be redirected to your application with code and state, like https://localhost:9000/callback?code=xxx&state=yyyy.

Your application can get the code and call _casdoor.requestOauthAccessToken(code), then parse out jwt token.

Getting Started

Add casdoor-flutter-sdk to the dependencies of your pubspec.yaml.

  casdoor_flutter_sdk: ^1.0.0

Notes for different platforms:

Android and iOS

Please check the documentation of the InAppWebView package for more details about setting up the project.

Linux and macOS

Add the package desktop_webview_window: ^0.2.3 inside dependencies to your pubspec.yaml file.

Modify your main function to look like the following:

void main(List<String> args) async {
  if (runWebViewTitleBarWidget(args)) {
  // your code goes here ...
  runApp(const MyApp());

Please check the documentation of the desktop_webview_window package for more details.


On the Web platform an endpoint needs to be created that captures the callback URL and sends it to the application using the JavaScript postMessage() method. In the ./web folder of the project, create an HTML file with the name e.g. callback.html with content:

<!DOCTYPE html>
<title>Authentication complete</title>
<p>Authentication is complete. If this does not happen automatically, please
close the window.
    'casdoor-auth': window.location.href
  }, window.location.origin);

Redirection URL passed to the authentication service must be the same as the URL on which the application is running (schema, host, port if necessary) and the path must point to created HTML file, /callback.html in this case, like callbackUri = "${_config.redirectUri}.html". The callbackUrlScheme parameter of the authenticate() method does not take into account, so it is possible to use a schema for native platforms in the code.It should be noted that when obtaining a token, cross domain may occur

For the Sign in with Apple in web_message response mode, postMessage from is also captured, and the authorization object is returned as a URL fragment encoded as a query string (for compatibility with other providers).

API reference interface

Get sign up url


Get sign in url


Get code in a new window (all platforms)


Get code inside the app (Android and iOS)


Get token


Refresh token


Log out


Get user information


Decode token


Judge whether the token is expired


Verify nonce




There is a known bug in the desktop_webview_window package that causes random crashes of the browser window (see issue).

Linux (Ubuntu)

Do not install Flutter or Visual Studio Code using Snap as this will prevent the code from building or running successfully. You need to install the Flutter and Visual Studio Code packages manually.


There are instances where JavaScript is not working inside WKWebView. Please report any bugs that may occur.


See at: