AuthManager class

Handles the authentication process of your application users. Provides methods to manage users, sessions and authentication.

You are free to design the way to authenticate your users and manage sessions in Altogic through defining your custom services. However, by default Altogic provides three methods to manage user accounts through the client library.

1. Email and password based account management:

This is the default authentication method and it requires email address validation. You can customize to enable/disable email confirmations, use your own SMTP server to send email (by default signup email confirmation emails are sent from noreply@mail.app.altogic.com domain) and define your email templates.

2. Phone number and password based account management:

You can also allow your uses to sign up using their phone numbers and validate these phone numbers by sending a validation code through SMS. In order to use this method of authentication, you need to configure the SMS provider. Altogic currently supports Twilio, MessageBird, and Vonage for sending SMS messages.

3. Authentication through 3rd party Oauth providers:

Such as Google,Facebook, Twitter, GitHub, Discord, Apple: This method enables to run the oauth flow of specific provider in your front-end applications. In order to use this method you need to make specific configuration at the provider to retrieve client id and client secret.

To use any of the above authentication methods you need to configure your app authentication settings. You can customize these settings in Altogic designer under App Settings/Authentication.

Inheritance

• Object
• APIBase
• AuthManager

Implementers

• FlutterAuthManager

Constructors

AuthManager(AltogicClient client)

Creates an instance of AuthManager to manage your application users and user sessions.

Properties

authStateChanges → Stream<AuthState>

AuthState changes stream.

no setter

currentState → AuthState

Current auth state of the user

no setter

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

changeEmail(String currentPassword, String newEmail) → Future<UserResult>

Changes the email of the user to a new one.

changePassword(String newPassword, String oldPassword) → Future<APIError?>

Changes the password of the user.

changePhone(String currentPassword, String newPhone) → Future<UserResult>

Changes the phone number of the user to a new one.

clearLocalData() → Future<void>

By default Altogic saves the session and user data in local storage whenever a new session is created (e.g., through sign up or sign in methods). This method clears the locally saved session and user data. In contrast to invalidateSession, this method does not clear Session token request header in Fetcher and does not redirect to a sign in page.

getAllSessions() → Future<SessionResult>

Gets all active sessions of a user.

getAuthGrant([String? accessToken]) → Future<UserSessionResult>

Retrieves the authorization grants of a user using the specified input accessToken. If no accessToken specified as input, tries to retrieve the accessToken from the browser url query string parameter named 'access_token'. So on Flutter (if you don't use dart webdev), accessToken cannot be null. Else, throws UnsupportedError.

getSession() → Future<Session?>

Returns the currently active session data from local storage.

getUser() → Future<User?>

Returns the user data from local storage.

getUserFromDB() → Future<UserResult>

Retrieves the user associated with the active session from the database.

invalidateSession() → Future<void>

Invalidates the current user session, removes local session data, and clears Session token request header in Fetcher. If signInRedirect is specified in ClientOptions when creating the Altogic api client and if the client is running in a browser, redirects the user to the sign in page.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

onUserEvent(UserEventListenerFunction listener) → void

Registers a method to listen to main user events. The following events will be listened:

resendVerificationCode(String phone) → Future<APIError?>

Resends the code to verify the user's phone number. If the user's phone has already been validated or phone confirmation is disabled in your app authentication settings, it returns an error.

resendVerificationEmail(String email) → Future<APIError?>

Resends the email to verify the user's email address. If the user's email has already been validated or email confirmation is disabled in your app authentication settings, it returns an error.

resetPwdWithCode(String phone, String code, String newPassword) → Future<APIError?>

Resets the password of the user using the SMS code provided through the sendResetPwdCode method.

resetPwdWithToken(String accessToken, String newPassword) → Future<APIError?>

Resets the password of the user using the access token provided through the sendResetPwdEmail flow.

sendMagicLinkEmail(String email) → Future<APIError?>

Sends a magic link to the email of the user.

sendResetPwdCode(String phone) → Future<APIError?>

Sends an SMS code to reset password.

sendResetPwdEmail(String email) → Future<APIError?>

Sends an email with a link to reset password.

sendSignInCode(String phone) → Future<APIError?>

Sends an SMS code (OTP - one time password) that can be used to sign in to the phone number of the user.

setSession(Session session) → Future<void>

Sets (overrides) the active user session. If you use the signUp or signIn methods of this client library, you do not need to call this method to set the user session, since the client library automatically manages user session data.

setUser(User user) → Future<void>

Saves the user data to local storage. If you use the signUp or signIn methods of this client library, you do not need to call this method to set the user data, since the client library automatically manages user data.

signInWithCode(String phone, String code) → Future<UserSessionResult>

Log in an existing user using phone number and SMS code (OTP - one time password) that is sent to the phone. In order to use phone and password based log in, the authentication provider needs to be Altogic, meaning a user with phone and password credentials exists in the app database and sign in using authorization codes needs to be enabled in your app authentication settings. Before calling this method, you need to call the sendSignInCode method to get the SMS code delivered to the phone.

signInWithEmail(String email, String password) → Future<UserSessionResult>

Log in an existing user using email and password. In order to use email and password based log in, the authentication provider needs to be Altogic, meaning a user with email and password credentials exists in the app database.

signInWithPhone(String phone, String password) → Future<UserSessionResult>

Log in an existing user using phone number and password. In order to use phone and password based log in, the authentication provider needs to be Altogic, meaning a user with phone and password credentials exists in the app database.

signInWithProvider(String provider) → String

Signs in a user using the Oauth2 flow of the specified provider. Calling this method with the name of the sign in provider will return a URL that user have to redirect.

signOut([String? sessionToken]) → Future<APIError?>

If an input token is provided, signs out the user from the current session, clears user and session data in local storage and removes the Session header in Fetcher. Otherwise, signs out the user from the session identified by the input token.

signOutAll() → Future<APIError?>

A user can have multiple active sessions (e.g., logged in form multiple different devices, browsers). This method signs out users from all their active sessions. For the client that triggers this method, also clears user and session data in local storage, and removes the Session header in Fetcher.

signOutAllExceptCurrent() → Future<APIError?>

Signs out users from all their active sessions except the current one which makes the api call.

signUpWithEmail(String email, String password, [dynamic nameOrUser]) → Future<UserSessionResult>

Creates a new user using the email and password authentication method in the database.

signUpWithPhone(String phone, String password, [dynamic nameOrUser]) → Future<UserSessionResult>

Creates a new user using the mobile phone number and password authentication method in the database.

toString() → String

A string representation of this object.

inherited

verifyPhone(String phone, String code) → Future<UserSessionResult>

Verifies the phone number using code sent in SMS and if verified, returns the auth grants (e.g., user and session data) of the user if the phone is verified due to a new sign up. If the phone is verified using the code send as a result of calling the changePhone method, returns the updated user data only.

Operators

operator ==(Object other) → bool

The equality operator.

inherited