grant method

  1. @Operation()
Future<Response> grant({
  1. @Bind("username") String? username,
  2. @Bind("password") String? password,
  3. @Bind("refresh_token") String? refreshToken,
  4. @Bind("code") String? authCode,
  5. @Bind("grant_type") String? grantType,
  6. @Bind("scope") String? scope,
})

Creates or refreshes an authentication token.

When grant_type is 'password', there must be username and password values. When grant_type is 'refresh_token', there must be a refresh_token value. When grant_type is 'authorization_code', there must be a authorization_code value.

This endpoint requires client_id authentication. The Authorization header must include a valid Client ID and Secret in the Basic authorization scheme format.

Implementation

@Operation.post()
Future<Response> grant({
  @Bind.query("username") String? username,
  @Bind.query("password") String? password,
  @Bind.query("refresh_token") String? refreshToken,
  @Bind.query("code") String? authCode,
  @Bind.query("grant_type") String? grantType,
  @Bind.query("scope") String? scope,
}) async {
  AuthBasicCredentials basicRecord;
  try {
    basicRecord = _parser.parse(authHeader);
  } on AuthorizationParserException {
    return _responseForError(AuthRequestError.invalidClient);
  }

  try {
    final scopes = scope?.split(" ").map((s) => AuthScope(s)).toList();

    if (grantType == "password") {
      final token = await authServer.authenticate(
        username,
        password,
        basicRecord.username,
        basicRecord.password,
        requestedScopes: scopes,
      );

      return AuthController.tokenResponse(token);
    } else if (grantType == "refresh_token") {
      final token = await authServer.refresh(
        refreshToken,
        basicRecord.username,
        basicRecord.password,
        requestedScopes: scopes,
      );

      return AuthController.tokenResponse(token);
    } else if (grantType == "authorization_code") {
      if (scope != null) {
        return _responseForError(AuthRequestError.invalidRequest);
      }

      final token = await authServer.exchange(
          authCode, basicRecord.username, basicRecord.password);

      return AuthController.tokenResponse(token);
    } else if (grantType == null) {
      return _responseForError(AuthRequestError.invalidRequest);
    }
  } on FormatException {
    return _responseForError(AuthRequestError.invalidScope);
  } on AuthServerException catch (e) {
    return _responseForError(e.reason);
  }

  return _responseForError(AuthRequestError.unsupportedGrantType);
}