verifyAndParseCodeFromCallbackUri function
A utility function to verify and parse the code from the authorization callback URI.
- verify the callback URI
- verify the state
- error detection
- parse the code from the callback URI
Implementation
String verifyAndParseCodeFromCallbackUri(
String callbackUri, String redirectUri, String state) {
if (!callbackUri.startsWith(redirectUri)) {
throw LogtoAuthException(
LogtoAuthExceptions.callbackUriValidationError, 'invalid redirect uri');
}
var queryParams = Uri.parse(callbackUri).queryParameters;
if (queryParams['error'] != null) {
throw LogtoAuthException(LogtoAuthExceptions.callbackUriValidationError,
queryParams['error']!, queryParams['error_description']);
}
if (queryParams['state'] == null) {
throw LogtoAuthException(
LogtoAuthExceptions.callbackUriValidationError, 'missing state');
}
if (queryParams['state'] != state) {
throw LogtoAuthException(
LogtoAuthExceptions.callbackUriValidationError, 'invalid state');
}
if (queryParams['code'] == null) {
throw LogtoAuthException(
LogtoAuthExceptions.callbackUriValidationError, 'missing code');
}
return queryParams['code']!;
}