grant method
Creates or refreshes an authentication token.
When grant_type is 'password', there must be username and password values. When grant_type is 'refresh_token', there must be a refresh_token value. When grant_type is 'authorization_code', there must be a authorization_code value.
This endpoint requires client_id authentication. The Authorization header must include a valid Client ID and Secret in the Basic authorization scheme format.
Implementation
@Operation.post()
Future<Response> grant(
{@Bind.query("username") String? username,
@Bind.query("password") String? password,
@Bind.query("refresh_token") String? refreshToken,
@Bind.query("code") String? authCode,
@Bind.query("grant_type") String? grantType,
@Bind.query("scope") String? scope}) async {
AuthBasicCredentials basicRecord;
try {
basicRecord = _parser.parse(authHeader);
} on AuthorizationParserException catch (_) {
return _responseForError(AuthRequestError.invalidClient);
}
try {
final scopes = scope?.split(" ").map((s) => AuthScope(s)).toList();
if (grantType == "password") {
final token = await authServer!.authenticate(
username, password, basicRecord.username, basicRecord.password,
requestedScopes: scopes);
return AuthController.tokenResponse(token);
} else if (grantType == "refresh_token") {
final token = await authServer!.refresh(
refreshToken, basicRecord.username, basicRecord.password,
requestedScopes: scopes);
return AuthController.tokenResponse(token);
} else if (grantType == "authorization_code") {
if (scope != null) {
return _responseForError(AuthRequestError.invalidRequest);
}
final token = await authServer!
.exchange(authCode, basicRecord.username, basicRecord.password);
return AuthController.tokenResponse(token);
} else if (grantType == null) {
return _responseForError(AuthRequestError.invalidRequest);
}
} on FormatException {
return _responseForError(AuthRequestError.invalidScope);
} on AuthServerException catch (e) {
return _responseForError(e.reason);
}
return _responseForError(AuthRequestError.unsupportedGrantType);
}