A flutter package for authentication with DAuth(an OAuth2 based SSO (Single Sign On) for NITT students) authorisations service on behalf of the resource-owner/user. DAuth lets the application developers securely get access to users’ data without users having to share their passwords.

DAuth allows a Client-App (the program using this library) to access and manipulate a resource that's owned by a resource owner (the end user) and lives on a remote server. The Client-App directs the resource owner to dauth authorization server, where the resource owner tells the authorization server to give the Client-App an access token. This token serves as proof that the client has permission to access resources on behalf of the resource owner.

Note: OAuth2 provides several different methods for the client to obtain authorization.But, currently This package only supports Authorisation Code Grant

Features

AuthorisationCodeGrant

  • This Package Allows user to get the authorized token by calling fetchToken(authorizationRequest), which automates the following workflow:
    • Generates authorizationUrl using the provided authorizationRequest in the parameter.
    • Opens up a webView with the generated authorizationUrl and Listens to the NavigationRequests.
    • Allows user to enable permissions to Client-App to access the resource of the user from Dauth-Resource-Provider.
    • After Authentication server redirects to the registered redirect_uri and code is fetched by listening to the NavigationRequest.
    • Using the code as body parameter a post-request is automated to retrive the token.
  • Once the tokenResponse is fetched the user can send a post request using fetchResources(token) and get the protectedResources based on the Scope mentioned.

DataTypes

DataTypes Parameters Description
ResourceResponse String? tokenType, String? accessToken, String? state, int? expiresIn,String? idToken,String? status,ErrorResponse? errorResponse Response-body returned from fetchResources() request
TokenResponse String? email,String? id,String? name,String? phoneNumber,String? gender,DateTime? createdAt,DateTime? updatedAt, Response-body returned from fetchToken() request
Scope bool isOpenId, bool isEmail, bool isProfile, bool isUser Consists of 4 boolean parameters to enable SCOPE of Resource Access
TokenRequest String? clientId,String? codeVerifier,String codeChallengeMethod,String? redirectUri,String? responseType,String? grantType,String? state,String? scope,String? nonce Request-Parameter for fetchToken()

Methods

Methods Parameters
TokenResponse fetchToken() TokenRequest request
ResourceResponse fetchResource() String access_token
Widget DauthButton() Function OnPressed: (TokenResponse res){}

Getting started

To use this package:

  • Run the following command in terminal
    • flutter pub get flutter_dauth
      
      OR
  • Add the following in pubspec.yaml file
    • dependencies:
          flutter:
              sdk: flutter
          flutter_dauth:   
      

Usage

Following is an example of Authorization Grant Code using this package.

void main() {
  runApp(const MyApp());
}

class MyApp extends StatelessWidget {
  const MyApp({Key? key}) : super(key: key);

  @override
  Widget build(BuildContext context) => const MaterialApp(
        debugShowCheckedModeBanner: false,
        home: HomePage(),
      );
}

class HomePage extends StatefulWidget {
  const HomePage({Key? key}) : super(key: key);
  @override
  State<StatefulWidget> createState() => HomeState();
}

class HomeState extends State<HomePage> {
  //A string object used in Text() widget as data.
  String _exampleText = 'Flutter Application';

  //Create a TokenRequest Object
  final dauth.TokenRequest _request = TokenRequest(
     //Your Client-Id provided by Dauth Server at the time of registration.
      clientId: 'YOUR CLIENT ID',
      //redirectUri provided by You to Dauth Server at the time of registration.
      redirectUri: 'YOUR REDIRECT URI',
      //A String which will retured with access_token for token verification in client side.
      state: 'STATE',
      //setting isUser to true to retrive UserDetails in ResourceResponse from Dauth server.
      scope: const dauth.Scope(isUser: true),
      //codeChallengeMethod Should be specified as `plain` or `S256` based on thier requirement.
      codeChallengeMethod: 'S256');

  @override
  Widget build(BuildContext context) => SafeArea(
          child: Scaffold(
              body: Container(
        color: Colors.blueGrey,
        child: Stack(
          children: [
            Center(
                child: Text(
              _exampleText,
              style: const TextStyle(fontSize: 30, fontWeight: FontWeight.bold),
            )),
            Positioned(
                left: 50,
                right: 50,
                bottom: 10,
                //DAuth button returns TokenResponse and ResponseMessage when pressed.
                child: dauth.DauthButton(
                    request: _request,
                    onPressed:
                        (dauth.TokenResponse res) {
                      //changes the exampleText as Token_TYPE: <YOUR_TOKEN> from the previous string if the response is success'
                        setState(() {
                          _exampleText = 'Token_TYPE: ' +
                              (res)
                                  .tokenType
                                  .toString();
                        });
                    }))
          ],
        ),
      )));
}

Updates

  • To Ensure Security issues related to Interception attacks PKCE is added with Authorisation Code Grant.

Issues/Upcoming Changes

  • DAuth only supports Authorisation Grant Flow at the time of writing supports, in future more methods will be added and flutter_dauth will also be updated accordingly.

Credits

This package wouldn't be possible without the following:

  • webviewx : for opening AuthorizationUrl in WebView and Listening to NavigationRequest
  • https : for HTTP requests to the Dauth-Server.
  • crypto : for SHA256 encryption.

License

Libraries

flutter_dauth