verify method
Verify the client is allowed to access this resource. Headers contains all HTTP headers, path and query parameters. Secured contains the security metadata on the annotated method. Implementations should extract the claims from headers and verify the condition in secured.
Implementation
@override
Future<bool> verify(Map<String, String> headers, Secured secured) async {
final token = _getToken(headers);
if (token == null) {
return false;
}
final issuer = await Issuer.discover(issuerUri);
final client = Client(issuer, clientId);
final credential = client.createCredential(idToken: token);
final exceptions = await credential.validateToken().toList();
if (exceptions.isNotEmpty) {
_log.fine('Token validation failed: $exceptions');
return false;
}
return secured.condition.evaluate(
credential.idToken.claims.toJson(),
headers,
);
}