Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IOS/MacOS] credentials: "include" not working with InAppWebView to refresh token in Steam Login #2541

Open
1 of 2 tasks
ahmtydn opened this issue Feb 23, 2025 · 0 comments
Open
1 of 2 tasks

[IOS/MacOS] credentials: "include" not working with InAppWebView to refresh token in Steam Login #2541

ahmtydn opened this issue Feb 23, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@ahmtydn
Copy link

ahmtydn commented Feb 23, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I found something about this

In our Flutter application, we are using flutter_inappwebview to handle the Steam login flow. The Steam API requires sending a request to refresh the JWT token, which works manually in the browser. However, when using InAppWebView, the credentials are not being sent with the request, causing a success: false, error: 21 response, which indicates that the cookies (which are needed for authentication) are not included in the request.

We are using the following code to attempt refreshing the token in the onLoadStop callback of the InAppWebView:

onLoadStop: (controller, url) async {
  await controller.evaluateJavascript(
    source: '''
    fetch("https://login.steampowered.com/jwt/ajaxrefresh", {
      method: "POST",
      credentials: "include",
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      body: "redir=" + window.location.href,
    }).then(response => response.json()).then(data => {
      console.log(JSON.stringify(data));
    }).catch(error => console.error("Token Refresh Error:", error));
  ''',
  );
}

However, the credentials: "include" is not working as expected, and the cookies are not being sent with the request. The response we receive is:

"success": false,
"error": 21

Expected Behavior:
The credentials should be properly included in the request, and the token should be refreshed successfully, as it works in a standard browser.

Actual Behavior:
The request to refresh the token fails with error: 21, indicating that the credentials (cookies) are not sent with the request.

Steps to Reproduce:

  1. Implement flutter_inappwebview to navigate to the Steam login URL.
  2. Add the fetch call to refresh the token in the onLoadStop callback.
  3. Observe the failure with the message "success": false, "error": 21.

Possible Solution:
It seems like there might be an issue with the way cookies are being handled in flutter_inappwebview. We suggest investigating the handling of cookies and the use of the credentials property in HTTP requests, particularly in WebViews.

Additional Information:
Here is an example of how the request is structured:

fetch("https://login.steampowered.com/jwt/ajaxrefresh", {
  method: "POST",
  credentials: "include",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded",
  },
  body: "redir=" + window.location.href,
}).then(response => response.json())
  .then(data => console.log(JSON.stringify(data)))
  .catch(error => console.error("Token Refresh Error:", error));

We are looking for a solution to properly include the credentials (cookies) when making this request in a WebView.

Expected Behavior

The credentials should be properly included in the request, and the token should be refreshed successfully, as it works in a standard browser.

Steps with code example to reproduce

Steps with code example to reproduce 
import 'package:flutter/material.dart';
import 'package:flutter_inappwebview/flutter_inappwebview.dart';

/// ProfileView is a StatefulWidget
/// that displays the profile screen.
class ProfileView extends StatefulWidget {
  /// ProfileView constructor
  const ProfileView({super.key});

  @override
  State<ProfileView> createState() => _ProfileViewState();
}

class _ProfileViewState extends State<ProfileView> {
  @override
  Widget build(BuildContext context) {
    return Scaffold(
      body: InAppWebView(
        initialUrlRequest: URLRequest(
          url: WebUri('https://steamcommunity.com'),
          httpShouldHandleCookies: true,
        ),
        initialSettings: InAppWebViewSettings(
          useShouldInterceptAjaxRequest: true,
        ),
        onConsoleMessage: (controller, consoleMessage) {
          print(consoleMessage.message);
        },
        onLoadStop: (controller, url) async {
          await controller.evaluateJavascript(
            source: '''
    fetch("https://login.steampowered.com/jwt/ajaxrefresh", {
      method: "POST",
      credentials: "include",
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      body: "redir=" + window.location.href,
    }).then(response => response.json()).then(data => {
      console.log(JSON.stringify(data));
    }).catch(error => console.error("Token Refresh Error:", error));
  ''',
          );
        },
      ),
    );
  }
}

Stacktrace/Logs

Stacktrace/Logs 
<Replace this line by pasting your stacktrace or logs here>

Flutter version

3.24.5

Operating System, Device-specific and/or Tool

MacOS
IOS

Android : works as expected

Plugin version

v6.1.5

Additional information

No response

Self grab

  • I'm ready to work on this issue!
@ahmtydn ahmtydn added the bug Something isn't working label Feb 23, 2025
@ahmtydn ahmtydn changed the title credentials: "include" not working with InAppWebView to refresh token in Steam Login [IOS/MacOS] credentials: "include" not working with InAppWebView to refresh token in Steam Login Feb 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ahmtydn