FlutterWebAuth2CallbackRoute class final

Route that serves the flutter_web_auth_2 callback page for the OAuth2 PKCE web sign-in flow.

This route is provider-agnostic — register it once and share it across all OAuth2 PKCE-based identity providers (Google, GitHub, Microsoft, etc.).

Same-origin requirement

This route must be served from the same host and port as your Flutter web application. The callback page uses window.postMessage to deliver the OAuth result back to the Flutter app. Browsers enforce that postMessage with a specific targetOrigin is only delivered when the receiving window has the same origin (scheme + host + port).

Use the host parameter to restrict this route to the exact host that serves your Flutter web app, preventing it from responding to requests aimed at other virtual hosts.

When to use

Use this route when Serverpod is serving your Flutter web app directly. Register the route once and set its full URL as the redirectUri when initializing any OAuth2 PKCE provider in the Flutter app:

// server.dart
pod.webServer.addRoute(
  FlutterWebAuth2CallbackRoute(),
  '/auth/callback',
);

// Flutter app
await client.auth.initializeGoogleSignIn(
  redirectUri: 'https://example.com/auth/callback',
);
await client.auth.initializeGitHubSignIn(
  redirectUri: 'https://example.com/auth/callback',
);

When NOT to use

If your Flutter web app is hosted separately from Serverpod (for example, on a CDN at app.example.com while Serverpod runs on api.example.com), the postMessage call from the callback page will be blocked by the browser because the origins differ. In that case, place the auth.html file provided by flutter_web_auth_2 in your Flutter app's web/ directory and use its URL as the redirectUri.

Constructors

FlutterWebAuth2CallbackRoute({String? host})

Creates a FlutterWebAuth2CallbackRoute.

Properties

asHandler → Handler

Returns this HandlerObject as a Handler.

no setter, inherited

hashCode → int

The hash code for this object.

no setter, inherited

host → String?

The virtual host this route will respond to.

final, inherited

methods → Set<Method>

The methods this route will respond to, i.e. HTTP get or post.

final, inherited

path → String

The suffix path this route will respond to.

final, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

call(Request req) → Future<Result>

Handles a call to this route, by extracting Session from request and forwarding to handleCall.

inherited

handleCall(Session session, Request request) → FutureOr<Result>

Handles a call to this route.

injectIn(RelicRouter router) → void

Adds this handler to the given router with Method.get and path '/' Override to add differently.

inherited

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited