Use HTTPS redirect URLs on iOS/macOS [SDK-4757]

README.md

@@ -8,19 +8,16 @@ For general support or usage questions, use the [Auth0 Community](https://commun
 
 **Do not report security vulnerabilities on the public GitHub issue tracker.** The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
 
-## What is Auth0?
+---
 
-Auth0 helps you to:
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+  </picture>
+</p>
 
-- Add authentication with [multiple sources](https://auth0.com/docs/authenticate/identity-providers), either social identity providers such as **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** (amongst others), or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS, or any SAML Identity Provider**.
-- Add authentication through more traditional **[username/password databases](https://auth0.com/docs/authenticate/database-connections/custom-db)**.
-- Add support for **[linking different user accounts](https://auth0.com/docs/manage-users/user-accounts/user-account-linking)** with the same user.
-- Support for generating signed [JSON Web Tokens](https://auth0.com/docs/secure/tokens/json-web-tokens) to call your APIs and **flow the user identity** securely.
-- Analytics of how, when, and where users are logging in.
-- Pull data from other sources and add it to the user profile through [JavaScript Actions](https://auth0.com/docs/customize/actions).
+<p align="center">Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more check out <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
 
-**Why Auth0?** Because you should save time, be happy, and focus on what really matters: building your product.
-
-## License
-
-This project is licensed under Apache License 2.0. See the [LICENSE](LICENSE) file for more information.
+<p align="center">This project is licensed under the MIT license. See the <a href="./LICENSE"> LICENSE</a> file for more info.</p>

sample/.env.example

@@ -8,10 +8,5 @@ AUTH0_DOMAIN={DOMAIN}
 AUTH0_CLIENT_ID={CLIENT_ID}
 #
 # The custom scheme for the Android callback and logout URLs.
-# Only set a value if you prefer not to use the default scheme (https).
-# If you set a value:
-# 1. Update the Android callback and logout URLs in the
-# settings page of your Auth0 application with the custom scheme value.
-# 2. Update the scheme value in android/app/src/main/res/values/strings.xml
 #
-# AUTH0_CUSTOM_SCHEME=
+AUTH0_CUSTOM_SCHEME=com.auth0.sample

sample/README.md

@@ -8,30 +8,56 @@ This sample app demonstrates the integration of the Auth0 Flutter SDK into a Flu
 - Xcode 14.x / 15.x (for iOS/macOS)
 - Android Studio 4+ (for Android)
 
-## Configure Auth0 Application
+> [!NOTE]
+> On iOS 17.4+ and macOS 14.4+ it is possible to use Universal Links as callback and logout URLs. auth0_flutter will fall back to using a custom URL scheme on older iOS / macOS versions.
+>
+> **This feature requires Xcode 15.3+ and a paid Apple Developer account**.
+>
+> If you do not have a paid Apple Developer account, skip **step 3** and set the `useHTTPS` parameter to `false` in the `login()` and `logout()` calls at `lib/example_app.dart`.
+
+> [!IMPORTANT]
+> On every step, if you have a [custom domain](https://auth0.com/docs/customize/custom-domains), replace the `YOUR_AUTH0_DOMAIN` and `{DOMAIN}` placeholders with your custom domain instead of the value from the settings page.
+
+## 1. Configure the Auth0 Application
 
 ### 📱 Mobile/Desktop
 
-Go to the settings page of your [Auth0 application](https://manage.auth0.com/#/applications/) and add the corresponding URL to **Allowed Callback URLs** and **Allowed Logout URLs**, according to the app target you want to run. If you are using a [custom domain](https://auth0.com/docs/customize/custom-domains), replace `YOUR_AUTH0_DOMAIN` with the value of your custom domain instead of the value from the settings page.
+Go to the settings page of your [Auth0 application](https://manage.auth0.com/#/applications/) and add the following URLs to **Allowed Callback URLs** and **Allowed Logout URLs**, depending on the platform you want to use.
 
-**Android**
+#### Android
 
 ```text
 SCHEME://YOUR_AUTH0_DOMAIN/android/YOUR_PACKAGE_NAME/callback
 ```
 
-**iOS**
+#### iOS
 
 ```text
-YOUR_BUNDLE_ID://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_ID/callback
+https://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback,
+YOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback
 ```
 
-**macOS**
+#### macOS
 
 ```text
-YOUR_BUNDLE_ID://YOUR_AUTH0_DOMAIN/macos/YOUR_BUNDLE_ID/callback
+https://YOUR_AUTH0_DOMAIN/macos/YOUR_BUNDLE_IDENTIFIER/callback,
+YOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/macos/YOUR_BUNDLE_IDENTIFIER/callback
 ```
 
+<details>
+  <summary>Example</summary>
+
+If your iOS bundle identifier were `com.example.MyApp` and your Auth0 Domain were `example.us.auth0.com`, then this value would be:
+
+```text
+https://example.us.auth0.com/ios/com.example.MyApp/callback,
+com.example.MyApp://example.us.auth0.com/ios/com.example.MyApp/callback
+```
+</details>
+
+> [!IMPORTANT]
+> Make sure that the Auth0 application type is **Native**. Otherwise, you might run into errors due to the different configurations of other application types.
+
 ### 🌐 Web
 
 Go to the settings page of your [Auth0 application](https://manage.auth0.com/#/applications/) and configure the following URLs:
@@ -40,54 +66,81 @@ Go to the settings page of your [Auth0 application](https://manage.auth0.com/#/a
 - Allowed Logout URLs: `http://localhost:3000`
 - Allowed Web Origins: `http://localhost:3000`
 
-## Configure Auth0 Flutter
+## 2. Configure the SDK
+
+### 📱🌐 Mobile/Desktop/Web
 
-The sample app uses [flutter_dotenv](https://pub.dev/packages/flutter_dotenv) for its configuration. Rename `.env.example` to `.env` and provide the appropriate **domain** and **Client Id**. Optionally, when using Android, you can configure the scheme as well. This can be set to a custom scheme, or `https` if you want to use [Android App Links](https://auth0.com/docs/applications/enable-android-app-links). You can read more about setting this value in the [Auth0.Android SDK README](https://github.com/auth0/Auth0.Android#a-note-about-app-deep-linking).
+Rename `.env.example` to `.env` and replace the `{CLIENT_ID}` and `{DOMAIN}` placeholders with the Client ID and domain of your Auth0 application.
 
 ```sh
 AUTH0_DOMAIN={DOMAIN}
 AUTH0_CLIENT_ID={CLIENT_ID}
-# AUTH0_CUSTOM_SCHEME=SCHEME
+AUTH0_CUSTOM_SCHEME=com.auth0.sample # For Android
 ```
 
-### Android
+### Android: Configure the string resources
 
-In the sample, we are using values referenced from `android/app/src/main/res/values/strings.xml`. Rename `strings.xml.example` to `strings.xml` and fill in the respective values.
+In the sample, we are using values referenced from `android/app/src/main/res/values/strings.xml`. Rename `strings.xml.example` to `strings.xml` and replace the `{DOMAIN}` placeholder with the domain of your Auth0 application.
 
-- `com_auth0_domain`: The domain of your Auth0 tenant. Generally, you can find this in the Auth0 Dashboard under your application's settings in the **Domain** field. If you are using a custom domain, you should set this to the value of your custom domain instead.
-- `com_auth0_scheme`: The scheme to use. Can be a custom scheme, or `https` if you want to use [Android App Links](https://auth0.com/docs/applications/enable-android-app-links). You can read more about setting this value in the [Auth0.Android SDK README](https://github.com/auth0/Auth0.Android#a-note-about-app-deep-linking).
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="com_auth0_domain">{DOMAIN}</string>
+    <string name="com_auth0_scheme">com.auth0.sample</string>
+</resources>
+```
 
-### iOS/macOS
+## 3. iOS/macOS: Configure the associated domain
 
-The sample has already configured the required **Url Types** to ensure the callback and logout URLs can reach the app, so there is nothing to configure to run the sample on iOS and macOS.
+### Configure the entitlements
 
-## Run the sample
+Open `ios/Runner.xcodeproj` (or `macos/Runner.xcodeproj`, for macOS) in Xcode and go to the settings of the **Runner** target. In the **Signing & Capabilities** tab, change the default bundle identifier from `com.auth0.samples.SwiftSample` to another value of your choosing. Then, ensure the **Automatically manage signing** box is checked, and that your Apple Team is selected.
 
-To run the project, use the [Flutter CLI's](https://docs.flutter.dev/reference/flutter-cli) `run` command.
+Under **Associated Domains**, find the following entry:
 
-### 📱 Mobile/Desktop
+```text
+webcredentials:YOUR_AUTH0_DOMAIN
+```
 
-```sh
-flutter run
+Replace the `YOUR_AUTH0_DOMAIN` placeholder with the domain of your Auth0 application.
+
+<details>
+  <summary>Example</summary>
+
+If your Auth0 Domain were `example.us.auth0.com`, then this value would be:
+
+```text
+webcredentials:example.us.auth0.com
 ```
+</details>
 
-Ensure you have at least one emulator running. If you have multiple running, the CLI will prompt you to select the one to run the app on.
+### Configure the Team ID and bundle identifier
 
-### 🌐 Web
+Open the settings page of your Auth0 application, scroll to the end, and open **Advanced Settings > Device Settings**. In the **iOS** section, set **Team ID** to your [Apple Team ID](https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/), and **App ID** to the app's bundle identifier.
+
+![Screenshot of the iOS section inside the Auth0 application settings page](https://github.com/auth0/Auth0.swift/assets/5055789/7eb5f6a2-7cc7-4c70-acf3-633fd72dc506)
+
+This will add the app to your Auth0 tenant's `apple-app-site-association` file.
+
+> [!NOTE]
+> For the associated domain to work, the app must be signed with your team certificate **even when building for the iOS simulator**. Make sure you are using the Apple Team whose Team ID is configured in the settings page of your Auth0 application.
+
+## 4. Run the sample
+
+Use the [Flutter CLI](https://docs.flutter.dev/reference/flutter-cli) to run the app.
+
+### 📱 Mobile/Desktop
 
 ```sh
-flutter run -d chrome --web-port 3000 --web-renderer html
+flutter run
 ```
 
-## Compile the sample
+Ensure you have at least one emulator/simulator running. If you have multiple running, the CLI will prompt you to select the one to run the app on.
 
-To compile the project, use the [Flutter CLI's](https://docs.flutter.dev/reference/flutter-cli) `build` command, including the platform you want to target.
+### 🌐 Web
 
 ```sh
-flutter build apk
-flutter build ios
-flutter build macos
-flutter build web
+flutter run -d chrome --web-port 3000 --web-renderer html
 ```
 
 ## Issue Reporting
@@ -96,19 +149,16 @@ For general support or usage questions, use the [Auth0 Community](https://commun
 
 **Do not report security vulnerabilities on the public GitHub issue tracker.** The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
 
-## What is Auth0?
-
-Auth0 helps you to:
-
-* Add authentication with [multiple sources](https://auth0.com/docs/authenticate/identity-providers), either social identity providers such as **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** (amongst others), or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS, or any SAML identity provider**.
-* Add authentication through more traditional **[username/password databases](https://auth0.com/docs/authenticate/database-connections/custom-db)**.
-* Add support for **[linking different user accounts](https://auth0.com/docs/manage-users/user-accounts/user-account-linking)** with the same user.
-* Support for generating signed [JSON Web Tokens](https://auth0.com/docs/secure/tokens/json-web-tokens) to call your APIs and **flow the user identity** securely.
-* Analytics of how, when, and where users are logging in.
-* Pull data from other sources and add it to the user profile through [JavaScript Actions](https://auth0.com/docs/customize/actions).
+---
 
-**Why Auth0?** Because you should save time, be happy, and focus on what really matters: building your product.
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+  </picture>
+</p>
 
-## License
+<p align="center">Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more check out <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
 
-This project is licensed under Apache License 2.0. See the [LICENSE](../LICENSE) file for more information.
+<p align="center">This project is licensed under the MIT license. See the <a href="../LICENSE"> LICENSE</a> file for more info.</p>

sample/android/app/src/main/res/values/strings.xml.example

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
     <string name="com_auth0_domain">{DOMAIN}</string>
-    <string name="com_auth0_scheme">demo</string>
+    <string name="com_auth0_scheme">com.auth0.sample</string>
 </resources>

sample/ios/Flutter/AppFrameworkInfo.plist

@@ -21,6 +21,6 @@
   <key>CFBundleVersion</key>
   <string>1.0</string>
   <key>MinimumOSVersion</key>
-  <string>11.0</string>
+  <string>12.0</string>
 </dict>
 </plist>

sample/ios/Podfile

@@ -1,5 +1,5 @@
 # Uncomment this line to define a global platform for your project
-# platform :ios, '11.0'
+# platform :ios, '12.0'
 
 # CocoaPods analytics sends network stats synchronously affecting flutter build latency.
 ENV['COCOAPODS_DISABLE_STATS'] = 'true'

sample/ios/Podfile.lock

@@ -1,9 +1,9 @@
 PODS:
-  - Auth0 (2.5.0):
+  - Auth0 (2.6.0):
     - JWTDecode (~> 3.1)
     - SimpleKeychain (~> 1.1)
-  - auth0_flutter (1.5.0):
-    - Auth0 (= 2.5.0)
+  - auth0_flutter (1.6.0):
+    - Auth0 (= 2.6.0)
     - Flutter
     - FlutterMacOS
     - JWTDecode (= 3.1.0)
@@ -35,13 +35,13 @@ EXTERNAL SOURCES:
     :path: ".symlinks/plugins/path_provider_foundation/darwin"
 
 SPEC CHECKSUMS:
-  Auth0: 72f19ad566fdf57f07bf37f828afd0c1570769a5
-  auth0_flutter: ae5ebf94520af57ebce16af395820b9e07abbc9f
-  Flutter: f04841e97a9d0b0a8025694d0796dd46242b2854
+  Auth0: 9cdb51adf6d348353e44bca03f9eb6080a58fdf1
+  auth0_flutter: b3c3a62694f526fbc810b0ed0f228d342f4b3608
+  Flutter: e0871f40cf51350855a761d2e70bf5af5b9b5de7
   JWTDecode: 3eaab1e06b6f4dcbdd6716aff09ba4c2104ca8b7
-  path_provider_foundation: 29f094ae23ebbca9d3d0cec13889cd9060c0e943
+  path_provider_foundation: 3784922295ac71e43754bd15e0653ccfd36a147c
   SimpleKeychain: f8707c8e97b38c6a6e687b17732afc9bcef06439
 
-PODFILE CHECKSUM: 017d367adb008254d90bf0b68ef8e1786ef69d41
+PODFILE CHECKSUM: 42335a455e30d70d02084d2eec421e0fa8db9052
 
-COCOAPODS: 1.14.3
+COCOAPODS: 1.15.2

sample/ios/Runner.xcodeproj/project.pbxproj

@@ -47,6 +47,7 @@
 		2A44A76C0AAD0DFDF7E623C5 /* Pods-Runner.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.release.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.release.xcconfig"; sourceTree = "<group>"; };
 		3B3967151E833CAA004F5970 /* AppFrameworkInfo.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = AppFrameworkInfo.plist; path = Flutter/AppFrameworkInfo.plist; sourceTree = "<group>"; };
 		457D4C2E648B0FBC751BC9D0 /* Pods-Runner.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.debug.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.debug.xcconfig"; sourceTree = "<group>"; };
+		5C6164E22BA3C98B00C15D7B /* Runner.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = Runner.entitlements; sourceTree = "<group>"; };
 		5C84DBD82879193000E317DB /* RunnerUITests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = RunnerUITests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
 		5C84DBDA2879193000E317DB /* SmokeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SmokeTests.swift; sourceTree = "<group>"; };
 		74858FAD1ED2DC5600515810 /* Runner-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "Runner-Bridging-Header.h"; sourceTree = "<group>"; };
@@ -132,6 +133,7 @@
 		97C146F01CF9000F007C117D /* Runner */ = {
 			isa = PBXGroup;
 			children = (
+				5C6164E22BA3C98B00C15D7B /* Runner.entitlements */,
 				97C146FA1CF9000F007C117D /* Main.storyboard */,
 				97C146FD1CF9000F007C117D /* Assets.xcassets */,
 				97C146FF1CF9000F007C117D /* LaunchScreen.storyboard */,
@@ -204,7 +206,7 @@
 			isa = PBXProject;
 			attributes = {
 				LastSwiftUpdateCheck = 1340;
-				LastUpgradeCheck = 1430;
+				LastUpgradeCheck = 1510;
 				ORGANIZATIONNAME = "";
 				TargetAttributes = {
 					5C84DBD72879193000E317DB = {
@@ -434,6 +436,7 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = Runner/Runner.entitlements;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
 				DEVELOPMENT_TEAM = "";
 				ENABLE_BITCODE = NO;
@@ -639,6 +642,7 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = Runner/Runner.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
@@ -666,6 +670,7 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = Runner/Runner.entitlements;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
 				DEVELOPMENT_TEAM = "";
 				ENABLE_BITCODE = NO;

sample/ios/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1430"
+   LastUpgradeVersion = "1510"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"

sample/ios/Runner/Info.plist

@@ -39,6 +39,8 @@
 	<string>$(FLUTTER_BUILD_NUMBER)</string>
 	<key>LSRequiresIPhoneOS</key>
 	<true/>
+	<key>UIApplicationSupportsIndirectInputEvents</key>
+	<true/>
 	<key>UILaunchStoryboardName</key>
 	<string>LaunchScreen</string>
 	<key>UIMainStoryboardFile</key>
@@ -58,7 +60,5 @@
 	</array>
 	<key>UIViewControllerBasedStatusBarAppearance</key>
 	<false/>
-	<key>UIApplicationSupportsIndirectInputEvents</key>
-	<true/>
 </dict>
 </plist>

sample/macos/Runner/DebugProfile.entitlements → sample/ios/Runner/Runner.entitlements

@@ -2,11 +2,9 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>com.apple.security.app-sandbox</key>
-	<true/>
-	<key>com.apple.security.cs.allow-jit</key>
-	<true/>
-	<key>com.apple.security.network.server</key>
-	<true/>
+	<key>com.apple.developer.associated-domains</key>
+	<array>
+		<string>webcredentials:YOUR_AUTH0_DOMAIN</string>
+	</array>
 </dict>
 </plist>