Authorizer class
A Controller that validates the Authorization header of a request.
An instance of this type will validate that the authorization information in an Authorization header is sufficient to access the next controller in the channel.
For each request, this controller parses the authorization header, validates it with an AuthValidator and then create an Authorization object if successful. The Request keeps a reference to this Authorization and is then sent to the next controller in the channel.
If either parsing or validation fails, a 401 Unauthorized response is sent and the Request is removed from the channel.
Parsing occurs according to parser. The resulting value (e.g., username and password) is sent to validator. validator verifies this value (e.g., lookup a user in the database and verify their password matches).
Usage:
router
.route("/protected-route")
.link(() =>new Authorizer.bearer(authServer))
.link(() => new ProtectedResourceController());
- Inheritance
-
- Object
- Controller
- Authorizer
Constructors
-
Authorizer(AuthValidator? validator, {AuthorizationParser parser = const AuthorizationBearerParser(), List<
String> ? scopes}) - Creates an instance of Authorizer.
- Authorizer.basic(AuthValidator? validator)
- Creates an instance of Authorizer with Basic Authentication parsing.
-
Authorizer.bearer(AuthValidator? validator, {List<
String> ? scopes}) - Creates an instance of Authorizer with Bearer token parsing.
Properties
- hashCode → int
-
The hash code for this object.
no setterinherited
- logger → Logger
-
An instance of the 'conduit' logger.
no setterinherited
- nextController → Controller?
-
Receives requests that this controller does not respond to.
no setterinherited
- parser → AuthorizationParser
-
Parses the Authorization header.
final
- policy ↔ CORSPolicy?
-
The CORS policy of this controller.
getter/setter pairinherited
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
-
scopes
→ List<
AuthScope> ? -
The list of required scopes.
final
- validator → AuthValidator?
-
The validating authorization object.
final
Methods
-
applyCORSHeadersIfNecessary(
Request req, Response resp) → void -
inherited
-
didAddToChannel(
) → void -
Lifecycle callback, invoked after added to channel, but before any requests are served.
inherited
-
documentComponents(
APIDocumentContext context) → void -
Tells this object to add its components to
context
.override -
documentOperations(
APIDocumentContext context, String route, APIPath path) → Map< String, APIOperation> -
Tells this object to return all
APIOperation
s it handles.override -
documentPaths(
APIDocumentContext context) → Map< String, APIPath> -
Tells this object to return all
APIPath
s it handles.inherited -
handle(
Request request) → FutureOr< RequestOrResponse> -
The primary request handling method of this object.
override
-
handleError(
Request request, dynamic caughtValue, StackTrace trace) → Future -
Sends an HTTP response for a request that yields an exception or error.
inherited
-
link(
Controller instantiator()) → Linkable -
Links a controller to the receiver to form a request channel.
inherited
-
linkFunction(
FutureOr< RequestOrResponse?> handle(Request request)) → Linkable? -
Links a function controller to the receiver to form a request channel.
inherited
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
receive(
Request req) → Future? -
Delivers
req
to this instance to be processed.inherited -
toString(
) → String -
A string representation of this object.
inherited
-
willSendResponse(
Response response) → void -
Executed prior to Response being sent.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited