authenticate method

Future<AuthResult?> authenticate(
  1. HttpRequest request, {
  2. List<String>? requiredScopes,
})

Process HTTP request authentication

Implementation

Future<AuthResult?> authenticate(
  HttpRequest request, {
  List<String>? requiredScopes,
}) async {
  // Skip authentication for public paths
  if (publicPaths.contains(request.uri.path)) {
    return const AuthResult.success(userInfo: {'public': true});
  }

  // Extract token from Authorization header
  final authHeader = request.headers.value('Authorization');
  if (authHeader == null || !authHeader.startsWith('Bearer ')) {
    if (strictMode) {
      return const AuthResult.failure(error: 'Missing or invalid Authorization header');
    }
    return null; // Allow unauthenticated access in non-strict mode
  }

  final token = authHeader.substring(7); // Remove "Bearer " prefix
  final scopes = requiredScopes ?? defaultRequiredScopes;

  return await validator.validateToken(token, requiredScopes: scopes);
}