authorize method
Authorization endpoint
Initiates the OAuth 2.0 authorization code flow. Requires the user to be authenticated (via Bearer token). If the user hasn't consented to the requested scopes, returns a consent requirement. Otherwise, redirects to the redirect_uri with an authorization code.
Parameters:
-
String responseType (required): Must be "code" for authorization code flow
-
String clientId (required): The client identifier
-
String redirectUri (required): The URI to redirect to after authorization
-
String codeChallenge (required): PKCE code challenge
-
String codeChallengeMethod (required): PKCE code challenge method (must be S256)
-
String scope: Space-separated list of scopes (must include "openid" for OIDC)
-
String state: Opaque value for CSRF protection
-
String nonce: Random value for replay protection (OIDC)
Implementation
Future<ConsentRequiredResponse?> authorize(String responseType, String clientId, String redirectUri, String codeChallenge, String codeChallengeMethod, { String? scope, String? state, String? nonce, }) async {
final response = await authorizeWithHttpInfo(responseType, clientId, redirectUri, codeChallenge, codeChallengeMethod, scope: scope, state: state, nonce: nonce, );
if (response.statusCode >= HttpStatus.badRequest) {
throw ApiException(response.statusCode, await _decodeBodyBytes(response));
}
// When a remote server returns no body with a status of 204, we shall not decode it.
// At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
// FormatException when trying to decode an empty string.
if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'ConsentRequiredResponse',) as ConsentRequiredResponse;
}
return null;
}