verifyAndParseCodeFromCallbackUri function

String verifyAndParseCodeFromCallbackUri(
  1. String callbackUri,
  2. String redirectUri,
  3. String state
)

A utility function to verify and parse the code from the authorization callback URI.

  • verify the callback URI
  • verify the state
  • error detection
  • parse the code from the callback URI

Implementation

String verifyAndParseCodeFromCallbackUri(
    String callbackUri, String redirectUri, String state) {
  if (!callbackUri.startsWith(redirectUri)) {
    throw LogtoAuthException(
        LogtoAuthExceptions.callbackUriValidationError, 'invalid redirect uri');
  }

  var queryParams = Uri.parse(callbackUri).queryParameters;

  if (queryParams['error'] != null) {
    throw LogtoAuthException(LogtoAuthExceptions.callbackUriValidationError,
        queryParams['error']!, queryParams['error_description']);
  }

  if (queryParams['state'] == null) {
    throw LogtoAuthException(
        LogtoAuthExceptions.callbackUriValidationError, 'missing state');
  }

  if (queryParams['state'] != state) {
    throw LogtoAuthException(
        LogtoAuthExceptions.callbackUriValidationError, 'invalid state');
  }

  if (queryParams['code'] == null) {
    throw LogtoAuthException(
        LogtoAuthExceptions.callbackUriValidationError, 'missing code');
  }

  return queryParams['code']!;
}