From 711201dd9c67b30682b3b2482f2e236b5f73bdbd Mon Sep 17 00:00:00 2001
From: oskar <oskar@kapalla.org>
Date: Mon, 12 Jan 2026 20:12:10 +0100
Subject: [PATCH] login seems to work

---
 back001/app/src/main/resources/application.yml       |  2 ++
 .../mosenioring/common/security/LocalAuthFilter.kt   |  4 ++--
 front001/mosenioring/README.md                       |  2 +-
 .../android/app/src/main/AndroidManifest.xml         | 12 ++++++++----
 .../features/auth/data/auth_remote_data_source.dart  |  4 ++--
 5 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/back001/app/src/main/resources/application.yml b/back001/app/src/main/resources/application.yml
index b3945b0..0a5b594 100644
--- a/back001/app/src/main/resources/application.yml
+++ b/back001/app/src/main/resources/application.yml
@@ -64,6 +64,8 @@ management:
 logging:
   level:
     root: INFO
+    org.springframework.security: DEBUG
+    org.springframework.web: DEBUG
 
 ---
 spring:
diff --git a/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt b/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt
index 85f260b..5d290b0 100644
--- a/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt
+++ b/back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt
@@ -3,7 +3,7 @@ package com.mosenioring.common.security
 import jakarta.servlet.FilterChain
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
-import org.springframework.context.annotation.Profile
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.authority.SimpleGrantedAuthority
@@ -12,7 +12,7 @@ import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
 
 @Component
-@Profile("local")
+@ConditionalOnProperty(name = ["ALLOW_LOCAL_AUTH"], havingValue = "true")
 class LocalAuthFilter(
     @Value("\${ALLOW_LOCAL_AUTH:false}") private val allowLocalAuth: Boolean
 ) : OncePerRequestFilter() {
diff --git a/front001/mosenioring/README.md b/front001/mosenioring/README.md
index 98b576d..dea7382 100644
--- a/front001/mosenioring/README.md
+++ b/front001/mosenioring/README.md
@@ -83,7 +83,7 @@ flutter run -d <device_id> \
 ```
 
 Redirect configuration:
-- Android: `android/app/src/main/AndroidManifest.xml` includes an intent-filter for `com.mosenioring.app://oauth2redirect`.
+- Android: `android/app/build.gradle.kts` sets `appAuthRedirectScheme`/`appAuthRedirectHost` for AppAuth, and `android/app/src/main/AndroidManifest.xml` registers the `RedirectUriReceiverActivity`.
 - iOS: `ios/Runner/Info.plist` registers `com.mosenioring.app` under `CFBundleURLTypes`.
 
 Launcher icons:
diff --git a/front001/mosenioring/android/app/src/main/AndroidManifest.xml b/front001/mosenioring/android/app/src/main/AndroidManifest.xml
index 82e6a09..21e71dc 100644
--- a/front001/mosenioring/android/app/src/main/AndroidManifest.xml
+++ b/front001/mosenioring/android/app/src/main/AndroidManifest.xml
@@ -9,7 +9,6 @@
             android:name=".MainActivity"
             android:exported="true"
             android:launchMode="singleTop"
-            android:taskAffinity=""
             android:theme="@style/LaunchTheme"
             android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
             android:hardwareAccelerated="true"
@@ -26,13 +25,18 @@
                 <action android:name="android.intent.action.MAIN"/>
                 <category android:name="android.intent.category.LAUNCHER"/>
             </intent-filter>
-            <intent-filter android:autoVerify="true">
+        </activity>
+        <activity
+            android:name="net.openid.appauth.RedirectUriReceiverActivity"
+            android:exported="true"
+            android:theme="@style/Theme.AppCompat.Translucent.NoTitleBar">
+            <intent-filter>
                 <action android:name="android.intent.action.VIEW"/>
                 <category android:name="android.intent.category.DEFAULT"/>
                 <category android:name="android.intent.category.BROWSABLE"/>
                 <data
-                    android:scheme="com.mosenioring.app"
-                    android:host="oauth2redirect"/>
+                    android:scheme="${appAuthRedirectScheme}"
+                    android:host="${appAuthRedirectHost}"/>
             </intent-filter>
         </activity>
         <!-- Don't delete the meta-data below.
diff --git a/front001/mosenioring/lib/src/features/auth/data/auth_remote_data_source.dart b/front001/mosenioring/lib/src/features/auth/data/auth_remote_data_source.dart
index d8bbd24..3cbf24c 100644
--- a/front001/mosenioring/lib/src/features/auth/data/auth_remote_data_source.dart
+++ b/front001/mosenioring/lib/src/features/auth/data/auth_remote_data_source.dart
@@ -27,7 +27,7 @@ class AuthRemoteDataSource {
         allowInsecureConnections: _config.allowInsecureConnections,
         loginHint: email,
         promptValues: const ['login'],
-        scopes: const ['openid', 'profile', 'offline_access'],
+        scopes: const ['openid', 'profile'],
       ),
     );
 
@@ -57,7 +57,7 @@ class AuthRemoteDataSource {
         discoveryUrl: _config.keycloakDiscoveryUrl,
         allowInsecureConnections: _config.allowInsecureConnections,
         refreshToken: refreshToken,
-        scopes: const ['openid', 'profile', 'offline_access'],
+        scopes: const ['openid', 'profile'],
       ),
     );