DescopeSession class
The DescopeSession
class represents a successful sign in operation.
After a user finishes a sign in flow successfully you should create
a DescopeSession
object from the AuthenticationResponse value returned
by all the authentication APIs.
final authResponse = await Descope.otp.verify(method: DeliveryMethod.email, loginId: 'andy@example.com', code: '123456');
final session = DescopeSession.fromAuthenticationResponse(authResponse);
The session can then be used to authenticate outgoing requests to your backend with a bearer token authorization header.
await request.setAuthorization(Descope.sessionManager);
If your backend uses a different authorization mechanism you can of course use the session JWT directly instead of the extension function:
request.headers['X-Auth-Token'] = session.sessionJwt;
As shown above the session can be used directly but in most circumstances
it's recommended to let a DescopeSessionManager
object manage it instead,
and the code examples above are only slightly different. See the documentation
for DescopeSessionManager
for more details.
DescopeSession
can be constructed either by using DescopeTokens,
or by providing an AuthenticationResponse, or using the JWT strings.
Constructors
- DescopeSession(DescopeToken sessionToken, DescopeToken refreshToken, DescopeUser user)
-
Creates a new DescopeSession object from tokens.
factory
- DescopeSession.fromAuthenticationResponse(AuthenticationResponse authenticationResponse)
-
Creates a new DescopeSession object from an AuthenticationResponse.
factory
- DescopeSession.fromJwt(String sessionJwt, String refreshJwt, DescopeUser user)
-
Creates a new DescopeSession object from two JWT strings.
factory
Properties
-
claims
→ Map<
String, dynamic> -
A map with all the custom claims in the underlying JWT. It includes
any claims whose values aren't already exposed by other accessors or
authorization functions.
no setter
- hashCode → int
-
The hash code for this object.
no setteroverride
- refreshJwt → String
-
The longer lived JWT that is used to create new session JWTs until it expires.
no setter
- refreshToken → DescopeToken
-
The wrapper for the longer lived JWT that is used to create
new session JWTs until it expires.
no setter
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
- sessionJwt → String
-
The short lived JWT that is sent with every request that requires authentication.
no setter
- sessionToken → DescopeToken
-
The wrapper for the short lived JWT that can be sent with every server
request that requires authentication.
no setter
- user → DescopeUser
-
The user to whom the DescopeSession belongs to.
no setter
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
permissions(
[String? tenant]) → List< String> -
Returns the list of permissions granted for the user. Pass
null
for thetenant
parameter if the user isn't associated with any tenant. -
roles(
[String? tenant]) → List< String> -
Returns the list of roles for the user. Pass
null
for thetenant
parameter if the user isn't associated with any tenant. -
toString(
) → String -
A string representation of this object.
override
-
updateTokens(
RefreshResponse refreshResponse) → void - Updates the underlying JWTs with those from the given RefreshResponse.
-
updateUser(
DescopeUser descopeUser) → void - Updates the session user's details with those from another DescopeUser value.
Operators
-
operator ==(
Object other) → bool -
The equality operator.
override