[SOLVED] Reuse session after createOAuth2Session
I created a Flutter app where I use createOAuth2Session to create an OAuth2-Session (to Google) to authenticate the user. Everything work fine so far. Only problem I am facing is, that I would like to reuse the session so I don't need to rerun the createOAuth2Session.
When I click on run createOAuth2Session I don't need to reauthenticate using account and password, but I would like to create an auto-login once authenticated successfully using OAuth2.
Unfortunately createOAuth2Session does not return a session, which I could reuse.
How would I implement an auto-login for OAuth2?
I think the solution so far, you can use any local database like Hive database in flutter.
- When user login then save the password in local database to cache his/her password
- Whenever the user visit your app again , you must have logic to check first if the user still authenticated if not then check if the local database cache his/her password, if yes then createAuth, otherwise redirect to login page
Please note this must become a security issue when cache the password of your user. I think you can read this https://developerb2.medium.com/store-data-securely-with-hive-flutter-cbad35981880
To encrypt the local database
Use a local database that supports encryption
The Appwrite SDK automatically persists the session 🧐
I have already implemented this, when it comes to login with username and password. But the problem I am referring to is regarding OAuth2 authentication.
Yes, it does handle the session automatically if I use createOAuth2session once logged in. But I need to know beforehand whether the login can use createOAuth2session with the right provider, otherwise I would redirect to the login page of the provider.
Besides that, there is always a pop-up screen appearing when running createOAuth2session (which isn't ideal if you want to run a non-disruptive auto-login process). So ideally I would like to check beforehand, whether a session with an OAuth2 provider could be established in the past and then create a new JWT, rather than running createOAuth2session. Is that possible?
I would like to use updateSession, but I don't know where to find a session ID of the OAuth2 session. https://appwrite.io/docs/references/1.4.x/client-flutter/account#updateSession
That's because you're not supposed to call create oauth2 session again...are you calling create email session again to check if the user has logged in after logging in with email and password?
For Email-Session: I have saved the username and password in the secured storage. And I reload them, if the user reopens the app (after it was closed). While I am writing this, I guess, I should probably use updateSession and should just save the sessionID, isn't it?
For OAuth2: What would be the correct approach? What I want to achieve is: I want to allow login using username and password or OAuth2. Once the user has logged in the user does not need to re-authenticate unless he logs out. So on startup, there should be an auto-login process.
So I have been doing authentication in appwrite wrong the whole time. I didn't know, that account.get() can be used.
loadUser() async {
try {
final user = await _account.get();
_authStatus = AuthStatus.authenticated;
accountData = user;
} catch (e) {
_authStatus = AuthStatus.unauthenticated;
} finally {
notifyListeners();
}
}
enum AuthStatus {
uninitialized,
unauthenticated,
authenticated,
}
I haven't implemented everything yet, but during debugging I could see that _account.get() restores the session automatically (if available obviously).
When you tried to hot restart your flutter app, does it give you unauthenticated? it will redirect to login?
[SOLVED] Reuse session after createOAuth2Session
