JwtExpress constructor

JwtExpress({
  1. String? issuer,
  2. String? subject,
  3. List<String>? audience,
  4. DateTime? expiry,
  5. DateTime? notBefore,
  6. DateTime? issuedAt,
  7. String? jwtId,
  8. Map<String, dynamic>? otherClaims,
  9. Map<String, dynamic>? payload,
  10. bool defaultIatExp = true,
  11. Duration? maxAge,
})

Registered claims are populated with these parameters:

  • issuer for the Issuer Claim
  • subject for the Subject Claim
  • audience for the Audience Claim (a list of zero or more Strings)
  • expiry for the Expiration Time Claim
  • notBefore for the Not Before Claim
  • issuedAt for the Issued At Claim
  • jwtId for the JWT ID Claim

Non-registered claims are populated using the otherClaims parameter. It is a Map with the Claim Name as the key and the Claim Value as the value. The value must be something that can be converted into a JSON: either a scalar (i.e. null, bool, int, double or String), a List, or Map<String,Object>. The otherClaims parameter cannot be used to set registered claims, only non-registered claims.

To include a 'pld' claim, use the otherClaims parameter. The use of both mechanisms at the same time (to provide two 'pld' claims) is not permitted.

Normally, the Issued At Claim and Expiration Time Claim are both assigned default values if they are not provided. If issuedAt is not specified, the current time is used. If expiry is not specified, maxAge after the Issued At Claim is used. This default behaviour can be disabled by setting defaultIatExp to false. When set to false, the Issued At Claim and and Expiration Time Claim are only set if they are explicitly provided.

Implementation

JwtExpress(
    {this.issuer,
    this.subject,
    this.audience,
    DateTime? expiry,
    DateTime? notBefore,
    DateTime? issuedAt,
    this.jwtId,
    Map<String, dynamic?>? otherClaims,
    Map<String, dynamic?>? payload,
    bool defaultIatExp = true,
    Duration? maxAge})
    : issuedAt = issuedAt?.toUtc() ??
          ((defaultIatExp) ? DateTime.now().toUtc() : null),
      notBefore = notBefore?.toUtc(),
      expiry = expiry?.toUtc() ??
          ((defaultIatExp)
              ? ((issuedAt?.toUtc() ?? DateTime.now().toUtc())
                  .add(maxAge ?? defaultMaxAge))
              : null) {
  // Check and record any non-registered claims
  if (otherClaims != null) {
    // Check otherClaims does not contain any registered claims.
    // Registered claims MUST be set using the specific parameter for them.
    for (String k in otherClaims.keys) {
      if (registeredClaimNames.contains(k)) {
        throw ArgumentError.value(k, 'otherClaims',
            'registred claim not permmitted in otherClaims');
      }
    }
    _otherClaims.addAll(otherClaims);
  }

  // Treat the payload parameter as a way to provide a claim named 'pld'
  if (payload != null) {
    _otherClaims[_payloadClaimName] = payload;
  }
}