Logto helps you quickly focus on everything after signing in.
Logto's flutter SDK for native apps.
flutter pub get logto_dart_sdk
Name | Description |
---|---|
logto_core | Core SDK is used for generation dart project with basic API and util method provided. |
logto_client | Client SDK for flutter native apps. Built based on logto_core with user sign-in interaction flow integrated |
We use flutter_secure_storage to implement the cross-platform persistent auth_token secure storage.
- Keychain is used for iOS
- AES encryption is used for Android.
Configure Android version:
In [project]/android/app/build.gradle set minSdkVersion to >= 18.
android {
...
defaultConfig {
...
minSdkVersion 18
...
}
}
Note By default Android backups data on Google Drive. It can cause exception java.security.InvalidKeyException:Failed to unwrap key. You need to:
- disable autobackup,
- exclude sharedprefs FlutterSecureStorage used by the plugin
- To disable autobackup, go to your app manifest file and set the boolean value android:allowBackup.
<manifest ... >
...
<application
android:allowBackup="false"
android:fullBackupContent="false">
...
>
...
</application>
</manifest>
- Exclude sharedprefs FlutterSecureStorage.
If you need to enable the android:fullBackupContent for your app. Set up a backup rule to exclude the prefs used by the plugin.
<application ...
android:fullBackupContent="@xml/backup_rules">
</application>
<?xml version="1.0" encoding="utf-8"?>
<full-backup-content>
<exclude domain="sharedpref" path="FlutterSecureStorage"/>
</full-backup-content>
Please check flutter_secure_storage for more details.
flutter_web_auth is used behind Logto's flutter SDK. We rely on its webview-based interaction interface to open Logto's authorization pages.
In the background, this plugin uses ASWebAuthenticationSession on iOS 12+ and macOS 10.15+, SFAuthenticationSession on iOS 11, Chrome Custom Tabs on Android and opens a new window on Web. You can build it with iOS 8+, but it is currently only supported by iOS 11 or higher.
Android
In order to capture the callback url from Logto's sign-in web page, you will need to register your sign-in redirectUri to the AndroidManifest.xml
.
<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" android:exported="false">
<intent-filter android:label="flutter_web_auth">
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="io.logto"/>
</intent-filter>
</activity>
By doing so, your app will automatically capture the callbaclUri after a successful sign-in and redirect the user back to the app.
import 'package:logto_dart_sdk/logto_dart_sdk.dart';
// ...
late LogtoClient logtoClient;
void _init() async {
logtoClient = LogtoClient(
config: config, // LogtoConfig
httpClient: http.Client(), // Optional http client
);
}
void signIn() async {
await logtoClient.signIn(redirectUri);
}
void signOut() async {
await logtoClient.signOut();
}
name | type | description |
---|---|---|
appId | String | Your appId generate from Logto's admin console |
appSecret | String? | App Secret generated along with the appId. Optional for native apps. |
endpoint | String | Your logto server endpoint. e.g. https://logto.dev |
scopes | List<String>? | List all the permission scopes your app will request for. You may define and find it through Logto's admin console. |
resources | List<String>? | List all the resource indicators you app may request for access. You may define and find it through Logto's admin console. |
name | type | description |
---|---|---|
config | final LogtoConfig | Logto Config used to init Logto Client |
idToken | read-only Future<String?> | idToken returned after success authentication |
isAuthenticated | read-only Future<bool> | Is Authenticated status |
idTokenClaims | read-only Future<OpenIdClaims?> | Decoded idToken claims including basic userinfo |
loading | read-only bool | Global API loading status |
name | type | description |
---|---|---|
getAccessToken | ({String? resource}) -> Future<AccessToken> | Request for an api resource specific access token for authorization |
signIn | (String? redirectUri) -> Future<void> | Init user sign-in flow |
signOut | () -> Future<void> | Sign-out |