authorize method

  1. @Operation()
Future<Response> authorize({
  1. @Bind("username") String? username,
  2. @Bind("password") String? password,
  3. @Bind("scope") String? scope,
})

Creates a one-time use authorization code.

This method will respond with a redirect that contains an authorization code ('code') and the passed in 'state'. If this request fails, the redirect URL will contain an 'error' key instead of the authorization code.

This method is typically invoked by the login form returned from the GET to this controller.

Implementation

@Operation.post()
Future<Response> authorize({
  /// The username of the authenticating user.
  @Bind.query("username") String? username,

  /// The password of the authenticating user.
  @Bind.query("password") String? password,

  /// A space-delimited list of access scopes being requested.
  @Bind.query("scope") String? scope,
}) async {
  final client = await authServer.getClient(clientID!);

  if (state == null) {
    return _redirectResponse(
      null,
      null,
      error: AuthServerException(AuthRequestError.invalidRequest, client),
    );
  }

  if (responseType != "code") {
    if (client?.redirectURI == null) {
      return Response.badRequest();
    }

    return _redirectResponse(
      null,
      state,
      error: AuthServerException(AuthRequestError.invalidRequest, client),
    );
  }

  try {
    final scopes = scope?.split(" ").map((s) => AuthScope(s)).toList();

    final authCode = await authServer.authenticateForCode(
      username,
      password,
      clientID!,
      requestedScopes: scopes,
    );
    return _redirectResponse(client!.redirectURI, state, code: authCode.code);
  } on FormatException {
    return _redirectResponse(
      null,
      state,
      error: AuthServerException(AuthRequestError.invalidScope, client),
    );
  } on AuthServerException catch (e) {
    return _redirectResponse(null, state, error: e);
  }
}