MaikuB · MaikuB · Oct 13, 2024 · Oct 13, 2024 · Oct 13, 2024 · Oct 13, 2024
diff --git a/flutter_appauth/CHANGELOG.md b/flutter_appauth/CHANGELOG.md
@@ -1,3 +1,7 @@
+## [8.0.0-dev.4]
+
+* [Android] no functional changes but some code around dealing with `allowInsecureConnections` has been done in response to issue [554](https://github.com/MaikuB/flutter_appauth/issues/554)
+
 ## [8.0.0-dev.3]
 
 * Includes changes from the 7.0.1 release

diff --git a/...auth/android/src/main/java/io/crossingthestreams/flutterappauth/FlutterAppauthPlugin.java b/...auth/android/src/main/java/io/crossingthestreams/flutterappauth/FlutterAppauthPlugin.java
@@ -21,6 +21,7 @@
 import net.openid.appauth.ResponseTypeValues;
 import net.openid.appauth.TokenRequest;
 import net.openid.appauth.TokenResponse;
+import net.openid.appauth.connectivity.ConnectionBuilder;
 import net.openid.appauth.connectivity.DefaultConnectionBuilder;
 
 import org.json.JSONException;
@@ -94,12 +95,7 @@ private void setActivity(Activity flutterActivity) {
 
   private void onAttachedToEngine(Context context, BinaryMessenger binaryMessenger) {
     this.applicationContext = context;
-    defaultAuthorizationService = new AuthorizationService(this.applicationContext);
-    AppAuthConfiguration.Builder authConfigBuilder = new AppAuthConfiguration.Builder();
-    authConfigBuilder.setConnectionBuilder(InsecureConnectionBuilder.INSTANCE);
-    authConfigBuilder.setSkipIssuerHttpsCheck(true);
-    insecureAuthorizationService =
-        new AuthorizationService(applicationContext, authConfigBuilder.build());
+    createAuthorizationServices();
     final MethodChannel channel =
         new MethodChannel(binaryMessenger, "crossingthestreams.io/flutter_appauth");
     channel.setMethodCallHandler(this);
@@ -137,6 +133,15 @@ public void onDetachedFromActivity() {
     this.mainActivity = null;
   }
 
+  private void createAuthorizationServices() {
+    defaultAuthorizationService = new AuthorizationService(this.applicationContext);
+    AppAuthConfiguration.Builder authConfigBuilder = new AppAuthConfiguration.Builder();
+    authConfigBuilder.setConnectionBuilder(InsecureConnectionBuilder.INSTANCE);
+    authConfigBuilder.setSkipIssuerHttpsCheck(true);
+    insecureAuthorizationService =
+        new AuthorizationService(applicationContext, authConfigBuilder.build());
+  }
+
   private void disposeAuthorizationServices() {
     defaultAuthorizationService.dispose();
     insecureAuthorizationService.dispose();
@@ -340,22 +345,20 @@ public void onFetchConfigurationCompleted(
           };
       if (tokenRequestParameters.discoveryUrl != null) {
         AuthorizationServiceConfiguration.fetchFromUrl(
-            Uri.parse(tokenRequestParameters.discoveryUrl),
-            callback,
-            allowInsecureConnections
-                ? InsecureConnectionBuilder.INSTANCE
-                : DefaultConnectionBuilder.INSTANCE);
+            Uri.parse(tokenRequestParameters.discoveryUrl), callback, getConnectionBuilder());
       } else {
         AuthorizationServiceConfiguration.fetchFromIssuer(
-            Uri.parse(tokenRequestParameters.issuer),
-            callback,
-            allowInsecureConnections
-                ? InsecureConnectionBuilder.INSTANCE
-                : DefaultConnectionBuilder.INSTANCE);
+            Uri.parse(tokenRequestParameters.issuer), callback, getConnectionBuilder());
       }
     }
   }
 
+  private @NonNull ConnectionBuilder getConnectionBuilder() {
+    return allowInsecureConnections
+        ? InsecureConnectionBuilder.INSTANCE
+        : DefaultConnectionBuilder.INSTANCE;
+  }
+
   private AuthorizationServiceConfiguration processServiceConfigurationParameters(
       Map<String, String> serviceConfigurationArguments) {
     final String endSessionEndpoint = serviceConfigurationArguments.get("endSessionEndpoint");
@@ -389,18 +392,10 @@ public void onFetchConfigurationCompleted(
           };
       if (tokenRequestParameters.discoveryUrl != null) {
         AuthorizationServiceConfiguration.fetchFromUrl(
-            Uri.parse(tokenRequestParameters.discoveryUrl),
-            callback,
-            allowInsecureConnections
-                ? InsecureConnectionBuilder.INSTANCE
-                : DefaultConnectionBuilder.INSTANCE);
+            Uri.parse(tokenRequestParameters.discoveryUrl), callback, getConnectionBuilder());
       } else {
         AuthorizationServiceConfiguration.fetchFromIssuer(
-            Uri.parse(tokenRequestParameters.issuer),
-            callback,
-            allowInsecureConnections
-                ? InsecureConnectionBuilder.INSTANCE
-                : DefaultConnectionBuilder.INSTANCE);
+            Uri.parse(tokenRequestParameters.issuer), callback, getConnectionBuilder());
       }
     }
   }
@@ -461,8 +456,7 @@ private void performAuthorization(
       authRequestBuilder.setAdditionalParameters(additionalParameters);
     }
 
-    AuthorizationService authorizationService =
-        allowInsecureConnections ? insecureAuthorizationService : defaultAuthorizationService;
+    AuthorizationService authorizationService = getAuthorizationService();
 
     try {
       Intent authIntent =
@@ -513,8 +507,7 @@ public void onTokenRequestCompleted(TokenResponse resp, AuthorizationException e
         };
 
     TokenRequest tokenRequest = builder.build();
-    AuthorizationService authorizationService =
-        allowInsecureConnections ? insecureAuthorizationService : defaultAuthorizationService;
+    AuthorizationService authorizationService = getAuthorizationService();
     if (clientSecret == null) {
       authorizationService.performTokenRequest(tokenRequest, tokenResponseCallback);
     } else {
@@ -548,18 +541,10 @@ public void onFetchConfigurationCompleted(
 
       if (endSessionRequestParameters.discoveryUrl != null) {
         AuthorizationServiceConfiguration.fetchFromUrl(
-            Uri.parse(endSessionRequestParameters.discoveryUrl),
-            callback,
-            allowInsecureConnections
-                ? InsecureConnectionBuilder.INSTANCE
-                : DefaultConnectionBuilder.INSTANCE);
+            Uri.parse(endSessionRequestParameters.discoveryUrl), callback, getConnectionBuilder());
       } else {
         AuthorizationServiceConfiguration.fetchFromIssuer(
-            Uri.parse(endSessionRequestParameters.issuer),
-            callback,
-            allowInsecureConnections
-                ? InsecureConnectionBuilder.INSTANCE
-                : DefaultConnectionBuilder.INSTANCE);
+            Uri.parse(endSessionRequestParameters.issuer), callback, getConnectionBuilder());
       }
     }
   }
@@ -588,12 +573,17 @@ private void performEndSessionRequest(
     }
 
     final EndSessionRequest endSessionRequest = endSessionRequestBuilder.build();
-    AuthorizationService authorizationService =
-        allowInsecureConnections ? insecureAuthorizationService : defaultAuthorizationService;
+    AuthorizationService authorizationService = getAuthorizationService();
     Intent endSessionIntent = authorizationService.getEndSessionRequestIntent(endSessionRequest);
     mainActivity.startActivityForResult(endSessionIntent, RC_END_SESSION);
   }
 
+  private AuthorizationService getAuthorizationService() {
+    AuthorizationService authorizationService =
+        allowInsecureConnections ? insecureAuthorizationService : defaultAuthorizationService;
+    return authorizationService;
+  }
+
   private void finishWithTokenError(AuthorizationException ex) {
     finishWithError(
         TOKEN_ERROR_CODE,
@@ -702,14 +692,7 @@ private void processAuthorizationData(
       boolean exchangeCode) {
     if (authException == null) {
       if (exchangeCode) {
-        AppAuthConfiguration.Builder authConfigBuilder = new AppAuthConfiguration.Builder();
-        if (allowInsecureConnections) {
-          authConfigBuilder.setConnectionBuilder(InsecureConnectionBuilder.INSTANCE);
-          authConfigBuilder.setSkipIssuerHttpsCheck(true);
-        }
-
-        AuthorizationService authService =
-            new AuthorizationService(applicationContext, authConfigBuilder.build());
+        AuthorizationService authService = getAuthorizationService();
         AuthorizationService.TokenResponseCallback tokenResponseCallback =
             new AuthorizationService.TokenResponseCallback() {
               @Override

diff --git a/flutter_appauth/pubspec.yaml b/flutter_appauth/pubspec.yaml
@@ -2,7 +2,7 @@ name: flutter_appauth
 description: This plugin provides an abstraction around the Android and iOS
   AppAuth SDKs so it can be used to communicate with OAuth 2.0 and OpenID
   Connect providers
-version: 8.0.0-dev.3
+version: 8.0.0-dev.4
 homepage: https://github.com/MaikuB/flutter_appauth/tree/master/flutter_appauth
 
 environment: