simplici_auth 1.3.0

A Flutter package for integrating SimpliciAuth with Google OAuth in Flutter applications. Provides webview-based authentication with customizable configuration and comprehensive OAuth handling.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

1.3.0 - 2025-01-16

Changed

• MAJOR REWRITE: Complete Google OAuth implementation overhaul based on Angular/Ionic reference
• Angular/Ionic Compatibility: Now matches the exact authentication flow from Angular/Ionic implementation
• Enhanced PKCE Flow: Proper code_verifier generation using Uint8List matching web standards
• Backend Integration: Correct handleHooks API calls with proper payload structure and error handling
• Improved URL Handling: Better parsing of both query parameters and URL fragments for all OAuth providers
• State Management: Proper OAuth state parameter generation and validation
• Code Quality: Cleaner, more maintainable code structure with comprehensive emoji-based logging

Fixed

• Token Exchange: Fixed PKCE token exchange process to match Google OAuth standards
• Callback Handling: Improved URL callback processing for both authorization codes and direct user data
• Error Management: Comprehensive error handling with clear, actionable error messages
• Duplicate Prevention: Enhanced duplicate authorization code processing prevention

Added

• Fallback Support: Graceful fallback when backend APIs are unavailable
• Provider Detection: Automatic provider detection and handling for different OAuth flows
• Enhanced Logging: Detailed logging with emojis for better debugging experience
• State Tracking: Proper authentication state management throughout the flow

1.2.2 - 2025-01-16

Fixed

• JavaScript Serialization Issue: Fixed critical "JavaScript execution returned a result of an unsupported type" error in handleHooks
• Fallback Authentication: Added fallback mechanism when handleHooks fails but valid access token exists
• Duplicate Code Processing: Implemented robust duplicate authorization code prevention with code tracking
• Promise Handling: Improved JavaScript promise handling and async result serialization
• Enhanced Error Handling: Better error reporting and debugging for handleHooks failures

Added

• Fallback User Data: Creates placeholder user data when handleHooks fails but authentication succeeds
• Code Tracking: Tracks last processed authorization code to prevent duplicates
• Enhanced JavaScript Debugging: Improved logging for handleHooks response types and serialization
• State Management: Better auth state reset and management throughout OAuth flow

Changed

• JavaScript Execution: Improved handleHooks JavaScript with proper Promise handling and serialization
• Error Recovery: Better recovery mechanisms when handleHooks is unavailable or fails
• Logging: Enhanced debug logging for troubleshooting handleHooks and OAuth issues

1.2.1 - 2025-01-16

Fixed

• PKCE Parameter Persistence: Fixed critical issue where PKCE code_verifier was being reset before token exchange
• OAuth Code Reuse Prevention: Added proper handling to prevent duplicate processing of authorization codes
• Base64URL Encoding: Fixed base64url encoding for code_challenge to be RFC 7636 compliant
• Token Exchange Debugging: Enhanced logging for better debugging of "invalid_grant" errors
• PKCE Lifecycle Management: Improved PKCE parameter generation and cleanup lifecycle

Changed

• Enhanced Error Messages: Added detailed error explanations for common OAuth failure scenarios
• Better PKCE Reuse Logic: PKCE parameters now persist properly throughout the OAuth flow
• Improved Logging: Added comprehensive debugging information for OAuth token exchange process

1.2.0 - 2025-01-16

Added

• PKCE Support for iOS Google OAuth: Added Proof Key for Code Exchange (PKCE) flow support for iOS Google OAuth
• Automatic PKCE Parameter Generation: Generates code_verifier and code_challenge automatically for secure iOS authentication
• Client Secret-Free iOS Flow: iOS Google OAuth now works without requiring client_secret, using PKCE instead

Changed

• Token Exchange Logic: Modified to use code_verifier instead of client_secret for iOS Google OAuth flows
• OAuth URL Generation: Added code_challenge and code_challenge_method parameters to Google OAuth URLs
• Dependency: Added crypto ^3.0.3 for SHA256 hashing required by PKCE

Fixed

• iOS Google OAuth "invalid_grant" Error: Fixed token exchange failure for iOS by implementing proper PKCE flow
• iOS Scheme URL Support: Now properly supports iOS scheme URLs without requiring client_secret

1.1.9 - 2025-01-16

Fixed

• Object logging stringification: Fixed all object logging to use jsonEncode() instead of direct string interpolation
• handleHooks response display: Fixed handleHooks response showing as "[object Object]" instead of proper JSON string
• Enhanced debug output: All Maps, Lists, and complex objects are now properly stringified in debug logs

1.1.8 - 2025-01-16

Changed

• Removed _getUserInfo method: Eliminated Google API calls for user information retrieval
• handleHooks-only user data: Now exclusively uses window.handleHooks response for Google user information
• Google-specific hook usage: sso_user_data is set from window.handleHooks response only for Google authentication
• Enhanced stringify logging: All data logging now uses JSON stringify format for better readability
• Simplified data flow: Streamlined authentication flow to rely solely on handleHooks for Google user data

Removed

• Google API user info calls: Removed direct Google API calls for user information
• Fallback user data handling: Removed fallback mechanisms for Google user info when handleHooks is available

1.1.7 - 2025-01-16

Added

• handleHooks integration: Added automatic call to window.handleHooks for Google OAuth authentication
• Hook payload support: Sends complete payload with provider, access_token, code, redirect_url, instanceId, type, and responseType
• Hook response handling: Processes handleHooks response and uses res.data for sso_user_data when available
• Enhanced user data structure: Added redirect_url field and standardized type as 'embeded' for Google OAuth

Changed

• sso_user_data source: Now uses handleHooks response data when available, falling back to standard user data
• Google OAuth type: Changed default type from 'login' to 'embeded' for Google authentication
• Data flow: Enhanced data flow to include handleHooks integration in the authentication process

Improved

• Error handling: Added comprehensive error handling for handleHooks calls
• Logging: Enhanced logging for handleHooks calls and responses
• JavaScript integration: Improved JavaScript execution for hook calls with proper async/await handling

1.1.6 - 2025-01-16

Fixed

• Duplicate callback processing: Added flag to prevent duplicate OAuth callback processing
• False error reporting: Fixed "failed to extract user data" error appearing after successful authentication
• Race condition handling: Improved handling of race conditions between popup closure and callback processing
• Authentication state tracking: Added proper tracking to prevent multiple processing of the same authentication

Changed

• Error reporting logic: Enhanced error reporting to only show errors when authentication hasn't been processed successfully
• Callback flow: Improved OAuth callback flow to reset processing flag on new authentication attempts

1.1.5 - 2025-01-16

Fixed

• WebView disposal error: Fixed "IOSInAppWebViewController was used after being disposed" error for Google OAuth
• Popup closure timing: Added delay before closing popup to allow OAuth callback processing to complete
• Error handling: Enhanced error handling for disposed webview controllers without failing authentication
• Graceful degradation: Authentication flow continues successfully even if sso_user_data UI update fails

Changed

• OAuth callback processing: Improved callback processing to handle webview disposal gracefully
• Error reporting: Changed from throwing exceptions to logging warnings for non-critical webview errors

1.1.4 - 2025-01-16

Added

• Google OAuth iOS scheme handling: Added specific handling for Google OAuth with iOS scheme URLs
• Enhanced Google auth completion: Popup now only closes when OAuth code is received for Google authentication
• Google-specific token logging: Added dedicated logging for Google OAuth access tokens and codes
• iOS redirect URI support: Enhanced iOS scheme redirect URI handling for Google OAuth

Changed

• OAuth completion detection: Modified completion detection to specifically handle Google OAuth redirects with iOS scheme URLs
• Google OAuth flow: Improved Google OAuth flow to use iOS scheme URLs as redirect URIs
• Token exchange logging: Enhanced logging for Google OAuth token exchange with iOS scheme redirect URIs
• Callback processing: Updated callback processing to prioritize Google OAuth code handling

Fixed

• Popup closure timing: Fixed popup closure to only occur when Google OAuth code is received
• iOS scheme URL handling: Fixed iOS scheme URL handling for Google OAuth redirects

1.1.0 - 2025-01-12

1.1.3 - 2025-01-12

Fixed

• Fixed dynamic type parameter handling in user data extraction
• Resolved issue where Google OAuth flow was trying to access non-existent 'type' field from Google API response
• Enhanced type parameter extraction to properly use original OAuth params with fallback to 'login'

1.1.2 - 2025-01-12

Fixed

• Fixed OAuth callback processing to only execute when URL contains actual completion indicators (email, errorCode, userId, etc.)
• Resolved "Failed to extract user data from params" error for intermediate Microsoft OAuth URLs
• Improved auth completion detection to prevent processing of OAuth authorization URLs that don't contain user data

1.1.1 - 2025-01-12

Fixed

• Fixed boolean attributes in webcomponent HTML to properly convert to string values
• Improved compatibility with JavaScript frameworks by explicitly converting boolean values to "true"/"false" strings

Added

• Complete webcomponent props support: Added all missing properties to match the SimpliciAuth webcomponent specification:
  • page: Specify the page to display
  • lang: Language code (e.g., 'en', 'es', 'fr')
  • hideNavigation: Whether to hide navigation elements
  • microsoftRedirectUrl: Microsoft OAuth redirect URL
  • facebookRedirectUrl: Facebook OAuth redirect URL
  • appleRedirectUrl: Apple OAuth redirect URL
  • googleRedirectUrl: Google OAuth redirect URL
  • onLoaded: Callback when component is loaded
• Enhanced configuration: All webcomponent properties now available in SimpliciAuthConfig
• Comprehensive documentation: Updated README with all available properties and their descriptions

Changed

• Major version bump: Significant API expansion with all webcomponent properties now supported
• Improved webcomponent generation: Dynamic attribute generation based on configured properties

1.0.7 - 2025-01-12

Fixed

• Memory leak prevention: Added mounted checks before all setState() calls in PopupBrowser to prevent "setState() called after dispose()" errors
• Widget lifecycle management: Enhanced PopupBrowser disposal handling to prevent callbacks from executing after widget is removed from tree
• Async callback safety: Protected all WebView navigation callbacks (onPageStarted, onPageFinished, onUrlChange) from calling setState on disposed widgets

Security

• Memory safety: Prevents potential memory leaks by properly handling widget lifecycle in popup browser

1.0.6 - 2025-01-12

Fixed

• Webcomponent sso_user_data setting: Properly set sso_user_data directly on the simplici-auth webcomponent element
• Multiple data setting methods: Set sso_user_data as both attribute and property on webcomponent for maximum compatibility
• JSON stringify format: Convert all authentication parameters to proper JSON.stringify format as required
• Event dispatching: Enhanced event dispatching to trigger events both on webcomponent and globally
• Complete data inclusion: Include all authentication parameters in sso_user_data object

Added

• Webcomponent method calling: Call setSSOUserData method on webcomponent if available
• Comprehensive logging: Added detailed logging for webcomponent interaction and data setting
• Error handling: Added try-catch for JavaScript execution to prevent failures

1.0.5 - 2025-01-12

Fixed

• sso_user_data format: Simplified sso_user_data to match original working format with just essential fields (provider, email, firstName, lastName, userId, instanceId, type, responseType)
• Data setting method: Fixed webview data setting to use correct format and trigger proper webcomponent events
• Browser popup closure: Ensured popup browser closes properly after authentication completion
• Event notification: Added proper event dispatching (sso-auth-complete) to notify webcomponent of successful authentication

Changed

• Simplified data structure: Removed complex nested data structures in favor of simple, flat sso_user_data format
• Enhanced event handling: Added multiple event triggers (handleSSOComplete, onAuthenticationComplete, CustomEvent) to ensure webcomponent receives authentication data

1.0.4 - 2025-01-12

Enhanced

• sso_user_data setting: Enhanced and guaranteed sso_user_data setting for ALL authentication providers (Google, Facebook, Apple, etc.)
• Comprehensive logging: Added detailed step-by-step logging for authentication flow and sso_user_data setting process
• Data verification: Added JavaScript-side verification to ensure sso_user_data is properly accessible in webview
• Error handling: Improved error handling with explicit error throwing for sso_user_data setting failures
• Multi-provider support: Ensured consistent sso_user_data format across all OAuth providers

Added

• Provider-specific logging: Each authentication step now logs the provider type for better debugging
• Data accessibility verification: JavaScript verification that sso_user_data is properly set and accessible
• Enhanced completion handlers: Added support for multiple completion callback types (handleAuthCompletion, onSSOComplete)

1.0.3 - 2025-01-12

Fixed

• Direct user data handling: Added support for providers that return user data directly in URL parameters (like Facebook)
• Universal OAuth callback: Enhanced OAuth callback handling to process both token-based flows (Google) and direct data flows (Facebook, etc.)
• Parameter extraction: Improved URL parameter extraction with proper URL decoding for names and special characters
• Auth completion detection: Enhanced popup browser to detect more auth completion URL patterns
• sso_user_data completeness: Ensure all available user information from params is included in sso_user_data

Changed

• OAuth flow flexibility: Support for multiple OAuth response types (code exchange vs direct user data)
• Enhanced parameter parsing: Better handling of URL-encoded parameters and special characters
• Improved debugging: Consistent debug logging across all browser components

1.0.2 - 2025-01-12

Fixed

• Browser UI: Changed from full-screen InternalBrowser to popup-style dialog browser (PopupBrowser) for better user experience
• User data extraction: Added comprehensive user data extraction including firstName, lastName, email, and userId
• sso_user_data: Implemented proper sso_user_data setting in webview with JSON stringified format
• OAuth token exchange: Added complete OAuth flow with token exchange and user info retrieval from Google API
• Auto-close functionality: Browser now automatically closes after successful authentication

Changed

• Authentication flow: Complete OAuth 2.0 flow with proper token exchange and user data retrieval
• Browser style: Popup dialog style instead of full-screen with AppBar for better UX
• Data handling: Comprehensive user data structure with all required fields

1.0.1 - 2025-01-12

Fixed

• onStepChanged URL handling: Restored functionality to automatically open URLs in internal browser when triggered by step change events
• Event data parsing: Improved parsing of step change event data to properly extract URLs and other parameters
• Internal browser integration: Fixed integration with internal browser for OAuth flows
• Google OAuth configuration: Enhanced extraction and handling of Google OAuth configuration from instance details

Changed

• WebView implementation: Updated to use webcomponent HTML generation instead of direct URL loading for better event handling
• Event handlers: Added proper JavaScript handlers for step changes and auth completion events
• Debug logging: Improved debug logging for better troubleshooting of authentication flows

1.0.0 - 2025-01-12

Added

• Initial release of SimpliciAuth Flutter package
• SimpliciAuthWebView: Main widget for displaying authentication interface
• SimpliciAuthConfig: Configuration class with comprehensive customization options
• Cross-platform support: Works on iOS, Android, Web, macOS, Linux, and Windows
• OAuth integration: Complete OAuth 2.0 flow with Google
• Callback support: Multiple callback functions for different authentication events
• Debug mode: Optional debug logging for development
• Custom styling: Support for custom CSS and user agents
• Example app: Complete example demonstrating package usage

Features

• Configurable instance ID, environment, and platform settings
• Support for combined input and auto navigation options
• Token exchange and user data retrieval
• Error handling and success callbacks
• Internal browser for OAuth flows
• Comprehensive documentation and README