AuthorizationCodeGrant constructor
Creates a new grant.
If basicAuth
is true
(the default), the client credentials are sent to
the server using using HTTP Basic authentication as defined in RFC 2617.
Otherwise, they're included in the request body. Note that the latter form
is not recommended by the OAuth 2.0 spec, and should only be used if the
server doesn't support Basic authentication.
httpClient
is used for all HTTP requests made by this grant, as well as
those of the Client is constructs.
onCredentialsRefreshed
will be called by the constructed Client
whenever the credentials are refreshed.
codeVerifier
String to be used as PKCE code verifier. If none is
provided a random codeVerifier will be generated.
The codeVerifier must meet requirements specified in RFC 7636.
The scope strings will be separated by the provided delimiter
. This
defaults to " "
, the OAuth2 standard, but some APIs (such as Facebook's)
use non-standard delimiters.
By default, this follows the OAuth2 spec and requires the server's
responses to be in JSON format. However, some servers return non-standard
response formats, which can be parsed using the getParameters
function.
This function is passed the Content-Type
header of the response as well
as its body as a UTF-8-decoded string. It should return a map in the same
format as the standard JSON response.
Implementation
AuthorizationCodeGrant(
this.identifier, this.authorizationEndpoint, this.tokenEndpoint,
{this.secret,
String? delimiter,
bool basicAuth = true,
http.Client? httpClient,
CredentialsRefreshedCallback? onCredentialsRefreshed,
Map<String, dynamic> Function(MediaType? contentType, String body)?
getParameters,
String? codeVerifier})
: _basicAuth = basicAuth,
_httpClient = httpClient ?? http.Client(),
_delimiter = delimiter ?? ' ',
_getParameters = getParameters ?? parseJsonParameters,
_onCredentialsRefreshed = onCredentialsRefreshed,
_codeVerifier = codeVerifier ?? _createCodeVerifier();