AuthScope constructor Null safety

  1. String scopeString

Creates an instance of this type from scopeString.

A simple authorization scope string is a single keyword. Valid characters are


For example, 'account' is a valid scope. An Authorizer can require an access token to have the 'account' scope to pass through it. Access tokens without the 'account' scope are unauthorized.

More advanced scopes may contain multiple segments and a modifier. For example, the following are valid scopes:


Segments are delimited by the colon character (:). Segments allow more granular scoping options. Each segment adds a restriction to the segment prior to it. For example, the scope user would allow all user actions, whereas user:settings would only allow access to a user's settings. Routes that are secured to either user:settings or user:posts.readonly are accessible by an access token with user scope. A token with user:settings would not be able to access a route limited to user:posts.

A modifier is an additional restrictive measure and follows scope segments and the dot character (.). A scope may only have one modifier at the very end of the scope. A modifier can be any string, as long as its characters are in the above list of valid characters. A modifier adds an additional restriction to a scope, without having to make up a new segment. An example is the 'readonly' modifier above. A route that requires user:posts.readonly would allow passage when the token has user, user:posts or user:posts.readonly. A route that required user:posts would not allow user:posts.readonly.


factory AuthScope(String scopeString) {
  final cached = _cache[scopeString];
  if (cached != null) {
    return cached;

  final scope = AuthScope._parse(scopeString);
  _cache[scopeString] = scope;
  return scope;