diff --git a/.github/workflows/publish-af.yml b/.github/workflows/publish-af.yml index 38318d6b..538dbe69 100644 --- a/.github/workflows/publish-af.yml +++ b/.github/workflows/publish-af.yml @@ -13,23 +13,23 @@ env: flutter: '3.x' jobs: -# rl-scanner: -# uses: ./.github/workflows/rl-scanner.yml -# with: -# flutter: '3.x' -# artifact-name: 'auth0-flutter-af.zip' -# secrets: -# RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} -# RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} -# SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} -# PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} -# PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} -# PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} + rl-scanner: + uses: ./.github/workflows/rl-scanner.yml + with: + flutter: '3.x' + artifact-name: 'auth0-flutter-af.zip' + secrets: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} + PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} + PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} publish: name: Publish auth0_flutter to pub.dev environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }} -# needs: rl-scanner + needs: rl-scanner runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/publish-afpi.yml b/.github/workflows/publish-afpi.yml index 61480527..1bf1b467 100644 --- a/.github/workflows/publish-afpi.yml +++ b/.github/workflows/publish-afpi.yml @@ -13,23 +13,23 @@ env: flutter: '3.x' jobs: -# rl-scanner: -# uses: ./.github/workflows/rl-scanner.yml -# with: -# flutter: '3.x' -# artifact-name: 'auth0-flutter-afpi.zip' -# secrets: -# RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} -# RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} -# SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} -# PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} -# PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} -# PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} + rl-scanner: + uses: ./.github/workflows/rl-scanner.yml + with: + flutter: '3.x' + artifact-name: 'auth0-flutter-afpi.zip' + secrets: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} + PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} + PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} publish: name: Publish auth0_flutter_platform_interface to pub.dev environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }} -# needs: rl-scanner + needs: rl-scanner runs-on: ubuntu-latest permissions: diff --git a/auth0_flutter/.shiprc b/auth0_flutter/.shiprc index 5a840955..5d9088f6 100644 --- a/auth0_flutter/.shiprc +++ b/auth0_flutter/.shiprc @@ -15,7 +15,7 @@ "= '{MAJOR}.{MINOR}.{PATCH}'" ] }, - "prebump": "flutter analyze && dart pub upgrade auth0_flutter_platform_interface --tighten", + "prebump": "flutter analyze --no-fatal-infos --no-fatal-warnings && dart pub upgrade auth0_flutter_platform_interface --tighten", "prFilters": [ { "type": "title", diff --git a/auth0_flutter/EXAMPLES.md b/auth0_flutter/EXAMPLES.md index fae5ec40..0e44583a 100644 --- a/auth0_flutter/EXAMPLES.md +++ b/auth0_flutter/EXAMPLES.md @@ -365,6 +365,8 @@ try { ### Android: Custom schemes +> Whenever possible, Auth0 recommends using [Android App Links](https://auth0.com/docs/applications/enable-android-app-links) as a secure way to link directly to content within your app. Custom URL schemes can be subject to [client impersonation attacks](https://datatracker.ietf.org/doc/html/rfc8252#section-8.6). + On Android, `https` is used by default as the callback URL scheme. This works best for Android API 23+ if you're using [Android App Links](https://auth0.com/docs/get-started/applications/enable-android-app-links-support), but in previous Android versions, this may show the intent chooser dialog prompting the user to choose either your app or the browser. You can change this behavior by using a custom unique scheme so that Android opens the link directly with your app. 1. Update the `auth0Scheme` manifest placeholder on the `android/build.gradle` file. diff --git a/auth0_flutter/README.md b/auth0_flutter/README.md index 23b6dda9..d92aed6b 100644 --- a/auth0_flutter/README.md +++ b/auth0_flutter/README.md @@ -196,6 +196,8 @@ Re-declare the activity manually using `tools:node="remove"` in the `android/src > read more about setting this value in the [Auth0.Android SDK > README](https://github.com/auth0/Auth0.Android#a-note-about-app-deep-linking). +> Whenever possible, Auth0 recommends using [Android App Links](https://auth0.com/docs/applications/enable-android-app-links) as a secure way to link directly to content within your app. Custom URL schemes can be subject to [client impersonation attacks](https://datatracker.ietf.org/doc/html/rfc8252#section-8.6). + > 💡 If your Android app is using [product flavors](https://developer.android.com/studio/build/build-variants#product-flavors), you might need to specify different manifest placeholders for each flavor. ##### iOS/macOS: Configure the associated domain diff --git a/auth0_flutter/test/web/auth0_extension_type_mocks.dart b/auth0_flutter/test/web/auth0_extension_type_mocks.dart index f8b35b78..407d0e84 100644 --- a/auth0_flutter/test/web/auth0_extension_type_mocks.dart +++ b/auth0_flutter/test/web/auth0_extension_type_mocks.dart @@ -9,11 +9,12 @@ import 'dart:js_interop'; @JSExport() class Auth0ClientImpl { - Future handleRedirectCallback([final String? url]) => throw ''; + Future handleRedirectCallback([final String? url]) => + throw Exception(''); } @JSExport() class WebCredentialsImpl { - String access_token = throw ''; + @JSExport('access_token') + String accessToken = throw Exception(''); } - diff --git a/auth0_flutter/test/web/extensions/credentials_extension_test.dart b/auth0_flutter/test/web/extensions/credentials_extension_test.dart index 40821685..cc33f6b8 100644 --- a/auth0_flutter/test/web/extensions/credentials_extension_test.dart +++ b/auth0_flutter/test/web/extensions/credentials_extension_test.dart @@ -18,7 +18,8 @@ void main() { const expiresIn = 8400; const expectedTokenType = 'Bearer'; final webCredentials = WebCredentials( - access_token: accessToken, id_token: idToken, expires_in: expiresIn.toJS); + access_token: accessToken, id_token: idToken, + expires_in: expiresIn.toJS); final result = CredentialsExtension.fromWeb(webCredentials); expect(result.accessToken, accessToken); diff --git a/auth0_flutter_platform_interface/CHANGELOG.md b/auth0_flutter_platform_interface/CHANGELOG.md index cf8446f3..4aae0e81 100644 --- a/auth0_flutter_platform_interface/CHANGELOG.md +++ b/auth0_flutter_platform_interface/CHANGELOG.md @@ -1,5 +1,15 @@ # Change Log +## [afpi-v1.9.0](https://github.com/auth0/auth0-flutter/tree/afpi-v1.9.0) (2025-03-05) +[Full Changelog](https://github.com/auth0/auth0-flutter/compare/afpi-v1.8.0...afpi-v1.9.0) + +**Added** +- Added support for WASM compilation [\#516](https://github.com/auth0/auth0-flutter/pull/516) ([pmathew92](https://github.com/pmathew92)) + +**Updated** +- Updated Flutter version to 3.24.0 ([pmathew92](https://github.com/pmathew92)) +- Updated Dart sdk version to 3.5.0 ([pmathew92](https://github.com/pmathew92)) + ## [afpi-v1.8.0](https://github.com/auth0/auth0-flutter/tree/afpi-v1.8.0) (2025-02-10) [Full Changelog](https://github.com/auth0/auth0-flutter/compare/afpi-v1.7.0...afpi-v1.8.0) diff --git a/auth0_flutter_platform_interface/pubspec.yaml b/auth0_flutter_platform_interface/pubspec.yaml index c3c236c2..3044cc4a 100644 --- a/auth0_flutter_platform_interface/pubspec.yaml +++ b/auth0_flutter_platform_interface/pubspec.yaml @@ -1,6 +1,6 @@ name: auth0_flutter_platform_interface description: A common platform interface for the auth0_flutter federated plugin. -version: 1.8.0 +version: 1.9.0 homepage: https://github.com/auth0/auth0-flutter