DescopeSession class

The DescopeSession class represents a successful sign in operation.

After a user finishes a sign in flow successfully you should create a DescopeSession object from the AuthenticationResponse value returned by all the authentication APIs.

final authResponse = await Descope.otp.verify(method: DeliveryMethod.email, loginId: 'andy@example.com', code: '123456');
final session = DescopeSession.fromAuthenticationResponse(authResponse);

The session can then be used to authenticate outgoing requests to your backend with a bearer token authorization header.

await request.setAuthorization(Descope.sessionManager);

If your backend uses a different authorization mechanism you can of course use the session JWT directly instead of the extension function:

request.headers['X-Auth-Token'] = session.sessionJwt;

As shown above the session can be used directly but in most circumstances it's recommended to let a DescopeSessionManager object manage it instead, and the code examples above are only slightly different. See the documentation for DescopeSessionManager for more details.

DescopeSession can be constructed either by using DescopeTokens, or by providing an AuthenticationResponse, or using the JWT strings.

Constructors

DescopeSession(DescopeToken sessionToken, DescopeToken refreshToken, DescopeUser user)

Creates a new DescopeSession object from tokens.

factory

DescopeSession.fromAuthenticationResponse(AuthenticationResponse authenticationResponse)

Creates a new DescopeSession object from an AuthenticationResponse.

factory

DescopeSession.fromJwt(String sessionJwt, String refreshJwt, DescopeUser user)

Creates a new DescopeSession object from two JWT strings.

factory

Properties

claims → Map<String, dynamic>

A map with all the custom claims in the underlying JWT. It includes any claims whose values aren't already exposed by other accessors or authorization functions.

no setter

hashCode → int

The hash code for this object.

no setter, override

refreshJwt → String

The longer lived JWT that is used to create new session JWTs until it expires.

no setter

refreshToken → DescopeToken

The wrapper for the longer lived JWT that is used to create new session JWTs until it expires.

no setter

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

sessionJwt → String

The short lived JWT that is sent with every request that requires authentication.

no setter

sessionToken → DescopeToken

The wrapper for the short lived JWT that can be sent with every server request that requires authentication.

no setter

user → DescopeUser

The user to whom the DescopeSession belongs to.

no setter

Methods

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

permissions([String? tenant]) → List<String>

Returns the list of permissions granted for the user. Pass null for the tenant parameter if the user isn't associated with any tenant.

roles([String? tenant]) → List<String>

Returns the list of roles for the user. Pass null for the tenant parameter if the user isn't associated with any tenant.

toString() → String

A string representation of this object.

override

updateTokens(RefreshResponse refreshResponse) → void

Updates the underlying JWTs with those from the given RefreshResponse.

updateUser(DescopeUser descopeUser) → void

Updates the session user's details with those from another DescopeUser value.

Operators

operator ==(Object other) → bool

The equality operator.

override