AuthServer class Null safety

A OAuth 2.0 authorization server.

An AuthServer is an implementation of an OAuth 2.0 authorization server. An authorization server issues, refreshes and revokes access tokens. It also verifies previously issued tokens, as well as client and resource owner credentials.

AuthServers are typically used in conjunction with AuthController and AuthRedirectController. These controllers provide HTTP interfaces to the AuthServer for issuing and refreshing tokens. Likewise, Authorizers verify these issued tokens to protect endpoint controllers.

AuthServers can be customized through their delegate. This required property manages persistent storage of authorization objects among other tasks. There are security considerations for AuthServerDelegate implementations; prefer to use a tested implementation like ManagedAuthDelegate from package:conduit_core/managed_auth.dart.

Usage example with ManagedAuthDelegate:

    import 'package:conduit_core/conduit_core.dart';
    import 'package:conduit_core/managed_auth.dart';

    class User extends ManagedObject<_User> implements _User, ManagedAuthResourceOwner {}
    class _User extends ManagedAuthenticatable {}

    class Channel extends ApplicationChannel {
      ManagedContext context;
      AuthServer authServer;

      @override
      Future prepare() async {
        context = createContext();

        final delegate = new ManagedAuthStorage<User>(context);
        authServer = new AuthServer(delegate);
      }

      @override
      Controller get entryPoint {
        final router = new Router();
        router
          .route("/protected")
          .link(() =>new Authorizer(authServer))
          .link(() => new ProtectedResourceController());

        router
          .route("/auth/token")
          .link(() => new AuthController(authServer));

        return router;
      }
    }

Implemented types

AuthValidator

Constructors

AuthServer(AuthServerDelegate delegate, {int hashRounds = 1000, int hashLength = 32, Hash? hashFunction}): Creates a new instance of an AuthServer with a delegate.

Properties

delegate → AuthServerDelegate: The object responsible for carrying out the storage mechanisms of this instance.
final
documentedAuthorizationCodeFlow → APISecuritySchemeOAuth2Flow: Used during OpenAPI documentation.
final
documentedImplicitFlow → APISecuritySchemeOAuth2Flow: Used during OpenAPI documentation.
final
documentedPasswordFlow → APISecuritySchemeOAuth2Flow: Used during OpenAPI documentation.
final
hashCode → int: The hash code for this object.
read-onlyinherited
hashFunction → Hash: The Hash function used by the PBKDF2 algorithm to generate password hashes by this instance.
final
hashLength → int: The resulting key length of a password hash when generated by this instance.
final
hashRounds → int: The number of hashing rounds performed by this instance when validating a password.
final
runtimeType → Type: A representation of the runtime type of the object.
read-onlyinherited

Methods

addClient(AuthClient client) → Future: Adds an OAuth2 client.
authenticate(String? username, String? password, String? clientID, String? clientSecret, {Duration expiration = const Duration(hours: 24), List<AuthScope>? requestedScopes}) → Future<AuthToken>: Authenticates a username and password of an ResourceOwner and returns an AuthToken upon success.
authenticateForCode(String? username, String? password, String? clientID, {int expirationInSeconds = 600, List<AuthScope>? requestedScopes}) → Future<AuthCode>: Creates a one-time use authorization code for a given client ID and user credentials.
documentComponents(APIDocumentContext context) → void: /// ///
documentRequirementsForAuthorizer(APIDocumentContext context, Authorizer authorizer, {List<AuthScope>? scopes}) → List<APISecurityRequirement>: // //
override
exchange(String? authCodeString, String? clientID, String? clientSecret, {int expirationInSeconds = 3600}) → Future<AuthToken>: Exchanges a valid authorization code for an AuthToken.
getClient(String? clientID) → Future<AuthClient?>: Returns a AuthClient record for its clientID.
hashPassword(String password, String salt) → String: Hashes a password with salt using PBKDF2 algorithm.
noSuchMethod(Invocation invocation) → dynamic: Invoked when a non-existent method or property is accessed.
inherited
refresh(String? refreshToken, String? clientID, String? clientSecret, {List<AuthScope>? requestedScopes}) → Future<AuthToken>: Refreshes a valid AuthToken instance.
removeClient(String? clientID) → Future: Revokes a AuthClient record.
revokeAllGrantsForResourceOwner(int? identifier) → Future: Revokes access for an ResourceOwner.
toString() → String: A string representation of this object.
inherited
validate<T>(AuthorizationParser<T> parser, T authorizationData, {List<AuthScope>? requiredScope}) → FutureOr<Authorization>: Returns an Authorization if authorizationData is valid.
override
verify(String? accessToken, {List<AuthScope>? scopesRequired}) → Future<Authorization>: Returns a Authorization for accessToken.

Operators

operator ==(Object other) → bool: The equality operator.
inherited

Constants

tokenTypeBearer → const String: "bearer"