initializeSelfServiceLoginFlowWithoutBrowser method

Future<Response<SelfServiceLoginFlow>> initializeSelfServiceLoginFlowWithoutBrowser({
  1. bool? refresh,
  2. String? aal,
  3. String? xSessionToken,
  4. CancelToken? cancelToken,
  5. Map<String, dynamic>? headers,
  6. Map<String, dynamic>? extra,
  7. ValidateStatus? validateStatus,
  8. ProgressCallback? onSendProgress,
  9. ProgressCallback? onReceiveProgress,
})

Initialize Login Flow for APIs, Services, Apps, ... This endpoint initiates a login flow for API clients that do not use a browser, such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing login flow call `/self-service/login/flows?flow=<flow_id>`. You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks. In the case of an error, the `error.id` of the JSON response body can be one of: `session_already_available`: The user is already signed in. `session_aal1_required`: Multi-factor auth (e.g. 2fa) was requested but the user has no session yet. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). More information can be found at Ory Kratos User Login and User Registration Documentation.

Parameters:

  • refresh - Refresh a login session If set to true, this will refresh an existing login session by asking the user to sign in again. This will reset the authenticated_at time of the session.
  • aal - Request a Specific AuthenticationMethod Assurance Level Use this parameter to upgrade an existing session's authenticator assurance level (AAL). This allows you to ask for multi-factor authentication. When an identity sign in using e.g. username+password, the AAL is 1. If you wish to "upgrade" the session's security by asking the user to perform TOTP / WebAuth/ ... you would set this to "aal2".
  • xSessionToken - The Session Token of the Identity performing the settings flow.
  • cancelToken - A CancelToken that can be used to cancel the operation
  • headers - Can be used to add additional headers to the request
  • extras - Can be used to add flags to the request
  • validateStatus - A ValidateStatus callback that can be used to determine request success based on the HTTP status of the response
  • onSendProgress - A ProgressCallback that can be used to get the send progress
  • onReceiveProgress - A ProgressCallback that can be used to get the receive progress

Returns a Future containing a Response with a SelfServiceLoginFlow as data Throws DioError if API call or serialization fails

Implementation

Future<Response<SelfServiceLoginFlow>> initializeSelfServiceLoginFlowWithoutBrowser({
  bool? refresh,
  String? aal,
  String? xSessionToken,
  CancelToken? cancelToken,
  Map<String, dynamic>? headers,
  Map<String, dynamic>? extra,
  ValidateStatus? validateStatus,
  ProgressCallback? onSendProgress,
  ProgressCallback? onReceiveProgress,
}) async {
  final _path = r'/self-service/login/api';
  final _options = Options(
    method: r'GET',
    headers: <String, dynamic>{
      if (xSessionToken != null) r'X-Session-Token': xSessionToken,
      ...?headers,
    },
    extra: <String, dynamic>{
      'secure': <Map<String, String>>[],
      ...?extra,
    },
    validateStatus: validateStatus,
  );

  final _queryParameters = <String, dynamic>{
    if (refresh != null) r'refresh': encodeQueryParameter(_serializers, refresh, const FullType(bool)),
    if (aal != null) r'aal': encodeQueryParameter(_serializers, aal, const FullType(String)),
  };

  final _response = await _dio.request<Object>(
    _path,
    options: _options,
    queryParameters: _queryParameters,
    cancelToken: cancelToken,
    onSendProgress: onSendProgress,
    onReceiveProgress: onReceiveProgress,
  );

  SelfServiceLoginFlow _responseData;

  try {
    const _responseType = FullType(SelfServiceLoginFlow);
    _responseData = _serializers.deserialize(
      _response.data!,
      specifiedType: _responseType,
    ) as SelfServiceLoginFlow;

  } catch (error, stackTrace) {
    throw DioError(
      requestOptions: _response.requestOptions,
      response: _response,
      type: DioErrorType.other,
      error: error,
    )..stackTrace = stackTrace;
  }

  return Response<SelfServiceLoginFlow>(
    data: _responseData,
    headers: _response.headers,
    isRedirect: _response.isRedirect,
    requestOptions: _response.requestOptions,
    redirects: _response.redirects,
    statusCode: _response.statusCode,
    statusMessage: _response.statusMessage,
    extra: _response.extra,
  );
}