DescopeSession class

The DescopeSession class represents a successful sign in operation.

After a user finishes a sign in flow successfully you should create a DescopeSession object from the AuthenticationResponse value returned by all the authentication APIs.

final authResponse = await Descope.otp.verify(method: DeliveryMethod.email, loginId: 'andy@example.com', code: '123456');
final session = DescopeSession.fromAuthenticationResponse(authResponse);

The session can then be used to authenticate outgoing requests to your backend with a bearer token authorization header.

await request.setAuthorization(Descope.sessionManager);

If your backend uses a different authorization mechanism you can of course use the session JWT directly instead of the extension function:

request.headers['X-Auth-Token'] = session.sessionJwt;

As shown above the session can be used directly but in most circumstances it's recommended to let a DescopeSessionManager object manage it instead, and the code examples above are only slightly different. See the documentation for DescopeSessionManager for more details.

DescopeSession can be constructed either by using DescopeTokens, or by providing an AuthenticationResponse, or using the JWT strings.

Constructors

DescopeSession(DescopeToken sessionToken, DescopeToken refreshToken, DescopeUser user)
Creates a new DescopeSession object from tokens.
factory
DescopeSession.fromAuthenticationResponse(AuthenticationResponse authenticationResponse)
Creates a new DescopeSession object from an AuthenticationResponse.
factory
DescopeSession.fromJwt(String sessionJwt, String refreshJwt, DescopeUser user)
Creates a new DescopeSession object from two JWT strings.
factory

Properties

claims Map<String, dynamic>
A map with all the custom claims in the underlying JWT. It includes any claims whose values aren't already exposed by other accessors or authorization functions.
no setter
hashCode int
The hash code for this object.
no setteroverride
refreshJwt String
The longer lived JWT that is used to create new session JWTs until it expires.
no setter
refreshToken DescopeToken
The wrapper for the longer lived JWT that is used to create new session JWTs until it expires.
no setter
runtimeType Type
A representation of the runtime type of the object.
no setterinherited
sessionJwt String
The short lived JWT that is sent with every request that requires authentication.
no setter
sessionToken DescopeToken
The wrapper for the short lived JWT that can be sent with every server request that requires authentication.
no setter
user DescopeUser
The user to whom the DescopeSession belongs to.
no setter

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
inherited
permissions([String? tenant]) List<String>
Returns the list of permissions granted for the user. Pass null for the tenant parameter if the user isn't associated with any tenant.
roles([String? tenant]) List<String>
Returns the list of roles for the user. Pass null for the tenant parameter if the user isn't associated with any tenant.
toString() String
A string representation of this object.
override
updateTokens(RefreshResponse refreshResponse) → void
Updates the underlying JWTs with those from the given RefreshResponse.
updateUser(DescopeUser descopeUser) → void
Updates the session user's details with those from another DescopeUser value.

Operators

operator ==(Object other) bool
The equality operator.
override