Conversation
veloce
changed the title
veloce
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Migrates the mobile OAuth sign-in flow to use platform-provided system authentication sessions via flutter_web_auth_2, removing the prior app-links-based callback plumbing and preparing Android for an HTTPS App Link callback route.
Changes:
- Reworked
AuthRepository.signIn()to useFlutterWebAuth2.authenticate()with PKCE + state validation, with a gated option for an HTTPS App Link redirect URI on Android. - Removed the Riverpod OAuth callback stream wiring from app links handling (and deleted the associated provider).
- Added focused unit tests for the new sign-in flow and updated dependencies / generated plugin registrants accordingly.
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| test/model/auth/auth_repository_test.dart | Adds unit tests for the new flutter_web_auth_2-based sign-in flow (success + error paths). |
| pubspec.yaml | Adds flutter_web_auth_2 and the platform interface (for test fakes). |
| pubspec.lock | Locks new direct + transitive deps introduced by flutter_web_auth_2. |
| linux/flutter/generated_plugins.cmake | Registers newly introduced desktop plugins (generated). |
| linux/flutter/generated_plugin_registrant.cc | Registers newly introduced desktop plugins (generated). |
| lib/src/model/auth/oauth_callback.dart | Removes the old OAuth redirect stream provider (no longer used). |
| lib/src/model/auth/auth_repository.dart | Implements sign-in via system auth session; adds gated HTTPS callback path support. |
| lib/src/app_links_service.dart | Removes forwarding of OAuth callback links into the old stream provider. |
| android/app/src/main/kotlin/org/lichess/mobileV2/OAuthCallbackActivity.kt | Removes the old trampoline activity for OAuth callbacks. |
| android/app/src/main/kotlin/org/lichess/mobileV2/MainActivity.kt | Updates deep-link handling comment; OAuth callbacks now handled by the plugin activity/session. |
| android/app/src/main/AndroidManifest.xml | Switches OAuth callback receiver to flutter_web_auth_2’s CallbackActivity and adds HTTPS App Link intent-filter. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // LichessBinding does not provide. | ||
| TestWidgetsFlutterBinding.ensureInitialized(); | ||
|
|
||
| group('AuthRepository.signIn', () { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrated the auth flow to use an ASWebAuthenticationSession on iOS, and Chrome Auth Tab on Android (through flutter_web_auth_2 package).
Prepare the app to support an
https://lichess.org/account/oauth/mobile-callbacklogin callback URI on android.