KhanhK
ZITADELโ€ข3w agoโ€ข
10 replies
Khanh

Help Token-Exchange flow

๐ŸฌSelf-hostedโ“Question๐Ÿ”—OIDCโœ…Solved
Hi guys,

I want to create a Flutter mobile app that uses Zitadel as Identity Provider. But I want to use native login (not open custom tabs/ webview for auth).

Current I'm using google_sign_in an flutter_facebook_auth to make auth process natively, but when I use ID Token from 2 auth methods above to exchange for Zitadel token, like this:

curl --request POST \
  --url 'http://localhost:8000/oauth/v2/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=urn:ietf:params:oauth:grant-type:token-exchange \
  --data subject_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImM4MTZ.... \
  --data subject_token_type=urn:ietf:params:oauth:token-type:id_token \
  --data client_id=xxxx \
  --data client_secret=xxxx \
  --data scope='openid profile email'

I got: 
level=WARN msg="request error" oidc_error.parent="ID=OIDC-Rei0f Message=Errors.TokenExchange.Token.Invalid Parent=(issuer does not match: Expected: http://localhost:8000, got: https://accounts.google.com)" oidc_error.description="subject_token invalid" oidc_error.type=invalid_request status_code=400


Has anyone implemented this idea? Or is there any other ways that can make the login process natively?
Was this page helpful?