login seems to work

back001/app/src/main/resources/application.yml

@@ -64,6 +64,8 @@ management:
 logging:
   level:
     root: INFO
+    org.springframework.security: DEBUG
+    org.springframework.web: DEBUG
 
 ---
 spring:

back001/common/src/main/kotlin/com/mosenioring/common/security/LocalAuthFilter.kt

@@ -3,7 +3,7 @@ package com.mosenioring.common.security
 import jakarta.servlet.FilterChain
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
-import org.springframework.context.annotation.Profile
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.authority.SimpleGrantedAuthority
@@ -12,7 +12,7 @@ import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
 
 @Component
-@Profile("local")
+@ConditionalOnProperty(name = ["ALLOW_LOCAL_AUTH"], havingValue = "true")
 class LocalAuthFilter(
     @Value("\${ALLOW_LOCAL_AUTH:false}") private val allowLocalAuth: Boolean
 ) : OncePerRequestFilter() {

front001/mosenioring/README.md

@@ -83,7 +83,7 @@ flutter run -d <device_id> \
 ```
 
 Redirect configuration:
-- Android: `android/app/src/main/AndroidManifest.xml` includes an intent-filter for `com.mosenioring.app://oauth2redirect`.
+- Android: `android/app/build.gradle.kts` sets `appAuthRedirectScheme`/`appAuthRedirectHost` for AppAuth, and `android/app/src/main/AndroidManifest.xml` registers the `RedirectUriReceiverActivity`.
 - iOS: `ios/Runner/Info.plist` registers `com.mosenioring.app` under `CFBundleURLTypes`.
 
 Launcher icons:

front001/mosenioring/android/app/src/main/AndroidManifest.xml

@@ -9,7 +9,6 @@
             android:name=".MainActivity"
             android:exported="true"
             android:launchMode="singleTop"
-            android:taskAffinity=""
             android:theme="@style/LaunchTheme"
             android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
             android:hardwareAccelerated="true"
@@ -26,13 +25,18 @@
                 <action android:name="android.intent.action.MAIN"/>
                 <category android:name="android.intent.category.LAUNCHER"/>
             </intent-filter>
-            <intent-filter android:autoVerify="true">
+        </activity>
+        <activity
+            android:name="net.openid.appauth.RedirectUriReceiverActivity"
+            android:exported="true"
+            android:theme="@style/Theme.AppCompat.Translucent.NoTitleBar">
+            <intent-filter>
                 <action android:name="android.intent.action.VIEW"/>
                 <category android:name="android.intent.category.DEFAULT"/>
                 <category android:name="android.intent.category.BROWSABLE"/>
                 <data
-                    android:scheme="com.mosenioring.app"
+                    android:scheme="${appAuthRedirectScheme}"
-                    android:host="oauth2redirect"/>
+                    android:host="${appAuthRedirectHost}"/>
             </intent-filter>
         </activity>
         <!-- Don't delete the meta-data below.

front001/mosenioring/lib/src/features/auth/data/auth_remote_data_source.dart

@@ -27,7 +27,7 @@ class AuthRemoteDataSource {
         allowInsecureConnections: _config.allowInsecureConnections,
         loginHint: email,
         promptValues: const ['login'],
-        scopes: const ['openid', 'profile', 'offline_access'],
+        scopes: const ['openid', 'profile'],
       ),
     );
 
@@ -57,7 +57,7 @@ class AuthRemoteDataSource {
         discoveryUrl: _config.keycloakDiscoveryUrl,
         allowInsecureConnections: _config.allowInsecureConnections,
         refreshToken: refreshToken,
-        scopes: const ['openid', 'profile', 'offline_access'],
+        scopes: const ['openid', 'profile'],
       ),
     );