getUserFromToken method

User getUserFromToken(String token)

If token or structure is invalid, an exception is thrown.

Implementation

User getUserFromToken(String token) {
  try {
    final parts = token.split('.');
    if (parts.length != 3) {
      throw Exception('Invalid JWT');
    }
    final payload = parts[1];
    String normalized = base64Url.normalize(payload);
    final payloadMap = json.decode(utf8.decode(base64Url.decode(normalized)));
    if (payloadMap is! Map<String, dynamic>) {
      throw Exception('Invalid Json Format');
    }
    String fullName, firstName, lastName, email;
    fullName = firstName = lastName = email = '-';

    ///Entra AccessToken
    if (payloadMap.hasUsableStringAttribute('given_name')) firstName = payloadMap['given_name'];
    if (payloadMap.hasUsableStringAttribute('family_name')) lastName = payloadMap['family_name'];
    if (payloadMap.hasUsableStringAttribute('name')) {
      //For externals, the name contains an email in brackets, which we want to remove
      fullName = payloadMap['name'].replaceAll(RegExp(r'\s*\(.*?\)'), '');
    }

    ///Email will be empty if internal and original scope, but then provided as unique_name
    if (payloadMap.hasUsableStringAttribute('email')) email = payloadMap['email'];
    if (payloadMap.hasUsableStringAttribute('unique_name')) email = payloadMap['unique_name'];

    ///NAM ID Token interpretation
    if (payloadMap.hasUsableStringAttribute('fullName')) fullName = payloadMap['fullName'];
    if (payloadMap.hasUsableStringAttribute('firstName')) firstName = payloadMap['firstName'];
    if (payloadMap.hasUsableStringAttribute('lastName')) lastName = payloadMap['lastName'];
    if (payloadMap.hasUsableStringAttribute('mail')) email = payloadMap['mail'];

    ///Will be empty if external and original scope against entra
    final upn = payloadMap.hasUsableStringAttribute('upn') ? payloadMap['upn'] : null;

    if (fullName == '-' && firstName != '-' && lastName != '-') fullName = '$firstName $lastName';
    if (fullName != '-' && firstName == '-' && lastName == '-') {
      firstName = fullName.split(' ').first;
      lastName = fullName.split(' ').last;
    }

    if (fullName == '-' || firstName == '-' || lastName == '-' || email == '-') {
      throw Exception('No usable user details found in Token');
    }

    return User(
      name: fullName,
      givenName: firstName,
      familyName: lastName,
      email: email,
      upn: upn,
      sub: BasfLogicLocalizationUtils.localizations.userDetailsFromToken,
    );
  } catch (_) {
    throw Exception(BasfLogicLocalizationUtils.localizations.failedToGetUserDetailsFromToken);
  }
}