authenticate method
Authenticates a username and password of an ResourceOwner and returns an AuthToken
upon success.
This method works with this instance's delegate to generate and store a new token if all credentials are correct. If credentials are not correct, it will throw the appropriate AuthRequestError.
After expiration
, this token will no longer be valid.
Implementation
Future<AuthToken> authenticate(String? username, String? password,
String? clientID, String? clientSecret,
{Duration expiration = const Duration(hours: 24),
List<AuthScope>? requestedScopes}) async {
if (clientID == null) {
throw AuthServerException(AuthRequestError.invalidClient, null);
}
final AuthClient? client = await getClient(clientID);
if (client == null) {
throw AuthServerException(AuthRequestError.invalidClient, null);
}
if (username == null || password == null) {
throw AuthServerException(AuthRequestError.invalidRequest, client);
}
if (client.isPublic) {
if (!(clientSecret == null || clientSecret == "")) {
throw AuthServerException(AuthRequestError.invalidClient, client);
}
} else {
if (clientSecret == null) {
throw AuthServerException(AuthRequestError.invalidClient, client);
}
if (client.hashedSecret != hashPassword(clientSecret, client.salt!)) {
throw AuthServerException(AuthRequestError.invalidClient, client);
}
}
final ResourceOwner? authenticatable =
await delegate.getResourceOwner(this, username);
if (authenticatable == null) {
throw AuthServerException(AuthRequestError.invalidGrant, client);
}
final dbSalt = authenticatable.salt;
final dbPassword = authenticatable.hashedPassword;
final hash = hashPassword(password, dbSalt!);
if (hash != dbPassword) {
throw AuthServerException(AuthRequestError.invalidGrant, client);
}
final validScopes =
_validatedScopes(client, authenticatable, requestedScopes!);
final token = _generateToken(
authenticatable.id!, client.id!, expiration.inSeconds,
allowRefresh: !client.isPublic, scopes: validScopes);
await delegate.addToken(this, token);
return token;
}