Pass the username and password in URL parameters (Dart & Flutter)

Question

I have a flutter app and I'm using back4app.com and Parse RESTful api to register my users, I have read their docs about logging in users but I dont know how to pass my username and password in URL parameters as JSON encoded :

I tried this method:

Future <void>loginMethod(String username,String password) async {

var url = Uri.parse('https://myshoppingapp.b4a.io/login/$username:$password');


final response = await  http.get(url,  headers: {
          'X-Parse-Application-Id': kParseApplicationId,
          'X-Parse-REST-API-Key': kParseRestApiKey,
          'Content-Type': 'application/json'
          
          
          },);


final exData = jsonDecode(response.body);

print(exData);

but I've got some errors

Mehran Ullah · Accepted Answer · 2021-11-22T15:40:01.870

2

Don't use the GET method while sending your personal data to the server. GET method data is sent data to the server followed by the URL like append with URL request which will be seen to everyone like below.

var url = Uri.parse('https://myshoppingapp.b4a.io/login/$username:$password');

This is how your personal data can be readable from a URL in a GET Method.

'https://myshoppingapp.b4a.io/login/Mehran@metra.org:abcd12345'

For login requests, we should use the POST method. Because our login data is secure which needs security. When using the POST method the data is sent to the server in a bundle.

 Future loginMethod(String username,String password) async {
       var res = await http.post(Uri.parse('https://myshoppingapp.b4a.io/login/'),
            body: {"username": username, "password": password});
        print('res : ${res.body}');
       
        
if (res.statusCode == 200){ final exData = jsonDecode(res.body);
    
    print(exData);
return res.body;
} else{
final exData = jsonDecode(res.body);
    
    print(exData);
return res.statusCode;
}
        
   }

edited Nov 22 '21 at 15:40

answered Jun 18 '21 at 12:13

Mehran Ullah

550
4
17

but in the Parse docs they said for the login users the right method is GET – Behnam Jun 18 '21 at 14:17
No @DrBody For login request we should use the POST method. Because our login data is secure which needs security. When use POST method the data is sent to server in a bundle. But in GET method data is sent to the server followed by the URL like append with url request which will be seen to everyone. – Mehran Ullah Jun 18 '21 at 15:22
1

thank's alot for your assistance I'm using POST method for login and it works now. – Behnam Jun 18 '21 at 16:17
1

If you are using get, you should pass the username and password as URL-encoded parameters: – Tanzim Chowdhury Jun 22 '21 at 06:45

score 1 · Answer 2 · answered Oct 30 '21 at 13:54

for HTTP basic authentication

final loginUrl = Uri(scheme: 'https', host: 'example.com', port: 8080, userInfo: 'username:password')
http.get(loginUrl)

but pass username and password via url is not recommended cause it's not safe.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#access_using_credentials_in_the_url

so you should do it by using post formdata.

Pass the username and password in URL parameters (Dart & Flutter)

2 Answers2