AuthServer class
A OAuth 2.0 authorization server.
An AuthServer is an implementation of an OAuth 2.0 authorization server. An authorization server issues, refreshes and revokes access tokens. It also verifies previously issued tokens, as well as client and resource owner credentials.
AuthServers are typically used in conjunction with AuthController and AuthRedirectController. These controllers provide HTTP interfaces to the AuthServer for issuing and refreshing tokens. Likewise, Authorizers verify these issued tokens to protect endpoint controllers.
AuthServers can be customized through their delegate. This required property manages persistent storage of authorization
objects among other tasks. There are security considerations for AuthServerDelegate implementations; prefer to use a tested
implementation like ManagedAuthDelegate
from package:conduit_core/managed_auth.dart
.
Usage example with ManagedAuthDelegate
:
import 'package:conduit_core/conduit_core.dart';
import 'package:conduit_core/managed_auth.dart';
class User extends ManagedObject<_User> implements _User, ManagedAuthResourceOwner {}
class _User extends ManagedAuthenticatable {}
class Channel extends ApplicationChannel {
ManagedContext context;
AuthServer authServer;
@override
Future prepare() async {
context = createContext();
final delegate = new ManagedAuthStorage<User>(context);
authServer = new AuthServer(delegate);
}
@override
Controller get entryPoint {
final router = new Router();
router
.route("/protected")
.link(() =>new Authorizer(authServer))
.link(() => new ProtectedResourceController());
router
.route("/auth/token")
.link(() => new AuthController(authServer));
return router;
}
}
- Implemented types
Constructors
- AuthServer(AuthServerDelegate delegate, {int hashRounds = 1000, int hashLength = 32, Hash hashFunction = sha256})
-
Creates a new instance of an AuthServer with a
delegate
.
Properties
- delegate → AuthServerDelegate
-
The object responsible for carrying out the storage mechanisms of this instance.
final
- documentedAuthorizationCodeFlow → APISecuritySchemeOAuth2Flow
-
Used during OpenAPI documentation.
final
- documentedImplicitFlow → APISecuritySchemeOAuth2Flow
-
Used during OpenAPI documentation.
final
- documentedPasswordFlow → APISecuritySchemeOAuth2Flow
-
Used during OpenAPI documentation.
final
- hashCode → int
-
The hash code for this object.
no setterinherited
- hashFunction → Hash
-
The
Hash
function used by the PBKDF2 algorithm to generate password hashes by this instance.final - hashLength → int
-
The resulting key length of a password hash when generated by this instance.
final
- hashRounds → int
-
The number of hashing rounds performed by this instance when validating a password.
final
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
addClient(
AuthClient client) → Future - Adds an OAuth2 client.
-
authenticate(
String? username, String? password, String clientID, String? clientSecret, {Duration expiration = const Duration(hours: 24), List< AuthScope> ? requestedScopes}) → Future<AuthToken> - Authenticates a username and password of an ResourceOwner and returns an AuthToken upon success.
-
authenticateForCode(
String? username, String? password, String clientID, {int expirationInSeconds = 600, List< AuthScope> ? requestedScopes}) → Future<AuthCode> - Creates a one-time use authorization code for a given client ID and user credentials.
-
documentComponents(
APIDocumentContext context) → void - /// ///
-
documentRequirementsForAuthorizer(
APIDocumentContext context, Authorizer authorizer, {List< AuthScope> ? scopes}) → List<APISecurityRequirement> -
//
//
override
-
exchange(
String? authCodeString, String clientID, String? clientSecret, {int expirationInSeconds = 3600}) → Future< AuthToken> - Exchanges a valid authorization code for an AuthToken.
-
getClient(
String clientID) → Future< AuthClient?> -
Returns a AuthClient record for its
clientID
. -
hashPassword(
String password, String salt) → String -
Hashes a
password
withsalt
using PBKDF2 algorithm. -
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
refresh(
String? refreshToken, String clientID, String? clientSecret, {List< AuthScope> ? requestedScopes}) → Future<AuthToken> - Refreshes a valid AuthToken instance.
-
removeClient(
String clientID) → Future - Revokes a AuthClient record.
-
revokeAllGrantsForResourceOwner(
int? identifier) → Future - Revokes access for an ResourceOwner.
-
toString(
) → String -
A string representation of this object.
inherited
-
validate<
T> (AuthorizationParser< T> parser, T authorizationData, {List<AuthScope> ? requiredScope}) → FutureOr<Authorization> -
Returns an Authorization if
authorizationData
is valid.override -
verify(
String? accessToken, {List< AuthScope> ? scopesRequired}) → Future<Authorization> -
Returns a Authorization for
accessToken
.
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited
Constants
- tokenTypeBearer → const String