OAuth2 Authorization from a flutter App

2020-09-16T16:50:54Z

Following the rules I've set up the OAuth2 Administration to allow for Authorization Code and / or Client Credentials.
Now I want to authorize my flutter mobile app to access my JAX-RS webservices.
Looks as if the authorization flow breaks because of this messages in the logs. My development server is NOT https secured.

2020-09-16 13:45:55.007 WARN&nbsp; [default task-67][AbstractOAuthService:107] Unsecure HTTP, HTTPS is recommended
2020-09-16 13:57:55.517 WARN&nbsp; [default task-72][code_jsp:154] {code="404", msg="Not Found", uri=/p_p_id=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet&amp;p_p_state=maximized}

Does this mean that the AuthorizePorlet is not available over the http protocol? Or is there some way to disable this during development?
There's also another problem. Flutter / Android apps seem to have a hard time intercepting HTTP(S) redirection calls from the OAuth provider. (The only kind of OAuth2 redirects allowed by Liferay)
This article explains why:
https://dev.to/okrad/oauth2client-implement-oauth2-clients-with-flutter-4jjl
I created a feature request for this:
https://issues.liferay.com/browse/LPS-121023
How to get this OAuth2 stuff working with Dart / Flutter?
There's this flutter package:
https://pub.dev/packages/flutter_liferay_oauth
that could rescue me, but unfortunately it seems not to work below Android API Level 28 and suffers obviously from the error / warning I stated above.
Has anyone, creating a mobile SPA, got this working with Liferay 7.3 and can provide me with a hint?