authorizationEndpoint method

Future<void> authorizationEndpoint(
  1. RequestContext req,
  2. ResponseContext res
)

A request handler that invokes the correct logic, depending on which type of grant the client is requesting.

Implementation

Future<void> authorizationEndpoint(
    RequestContext req, ResponseContext res) async {
  var state = '';

  try {
    var query = req.queryParameters;
    state = query['state']?.toString() ?? '';
    var responseType = await _getParam(req, 'response_type', state);

    req.container!.registerLazySingleton<Pkce>((_) {
      return Pkce.fromJson(req.queryParameters, state: state);
    });

    if (responseType == 'code' || responseType == 'token') {
      // Ensure client ID
      var clientId = await _getParam(req, 'client_id', state);

      // Find client
      var client = await findClient(clientId)!;

      if (client == null) {
        throw AuthorizationException(ErrorResponse(
          ErrorResponse.unauthorizedClient,
          'Unknown client "$clientId".',
          state,
        ));
      }

      // Grab redirect URI
      var redirectUri = await _getParam(req, 'redirect_uri', state);

      // Grab scopes
      var scopes = await _getScopes(req);

      return await requestAuthorizationCode(client, redirectUri, scopes,
          state, req, res, responseType == 'token');
    }

    throw AuthorizationException(
        ErrorResponse(
          ErrorResponse.invalidRequest,
          'Invalid or no "response_type" parameter provided',
          state,
        ),
        statusCode: 400);
  } on AngelHttpException {
    rethrow;
  } catch (e, st) {
    throw AuthorizationException(
      ErrorResponse(
        ErrorResponse.serverError,
        _internalServerError,
        state,
      ),
      error: e,
      statusCode: 500,
      stackTrace: st,
    );
  }
}