identidad_sdk

Flutter/Dart helpers for verifying Identidad access tokens and parsing Identidad-specific assurance claims:

• acr: AAL0..AAL3
• ial: IAL0..IAL3

This package is a plain Dart package, so it works in Flutter apps and server-side Dart code.

This package is the Flutter/Dart core verifier defined by the shared SDK requirements in ../../docs/sdk-specification.md.

Install

dart pub add identidad_sdk

Verify an access token

import 'package:identidad_sdk/identidad_sdk.dart';

final verifier = createIdentidadVerifier(
  const IdentidadVerifierOptions(
    issuer: 'https://issuer.example',
    audiences: ['demo-client'],
    clockSkew: Duration(seconds: 60),
  ),
);

final verified = await verifier.verifyAccessToken(accessToken);

print(verified.claims.sub);
print(verified.claims.acr.wireValue);
print(verified.claims.ial.wireValue);
print(verified.claims.scopes);

if (hasAalAtLeast(verified.claims.acr, Aal.aal2)) {
  // allow sensitive action
}

Example issuer

If your public issuer is https://identidad.com.py, configure:

final verifier = createIdentidadVerifier(
  const IdentidadVerifierOptions(
    issuer: 'https://identidad.com.py',
    audiences: ['your-client-id'],
    clockSkew: Duration(seconds: 60),
  ),
);

Package contents

• createIdentidadVerifier: verifies RS256 access tokens against the issuer JWKS
• parseAal / parseIal: strict assurance claim parsing
• hasAalAtLeast / hasIalAtLeast: assurance policy helpers
• parseScopes: scope parsing with trimming and de-duplication

What it validates

• token signature using the issuer JWKS
• iss against the configured issuer
• aud against the configured audience list
• exp and optional nbf, with configurable clock skew
• Identidad assurance claims acr and ial

What it does not do

• browser-based login
• redirect/callback handling
• token refresh or logout
• passkey or QR login flows

For the interactive login flow, use ../identidad_oidc_flutter.

Development

dart pub get
dart test

Publish

See RELEASING.md.