OAuth2Client class

Base class that implements OAuth2 authorization flows.

It currently supports the following grants:

• Authorization Code
• Client Credentials

For the Authorization Code grant, PKCE is used by default. If you need to disable it, pass the 'enablePKCE' param to false.

You can use directly this class, but normally you want to extend it and implement your own client. When instantiating the client, pass your custom uri scheme in the customUriScheme field. Normally you would use something like

Implementers

• FacebookOAuth2Client
• GitHubOAuth2Client
• GoogleOAuth2Client
• LinkedInOAuth2Client
• RedditOauth2Client
• ShopifyOAuth2Client
• SpotifyOAuth2Client

Constructors

OAuth2Client({required String authorizeUrl, required String tokenUrl, String? refreshUrl, String? revokeUrl, required String redirectUri, required String customUriScheme, CredentialsLocation credentialsLocation = CredentialsLocation.HEADER, String scopeSeparator = ' '})

Creates a new client instance with the following parameters:

Properties

accessTokenRequestHeaders ← Map<String, String>

no getter

authorizeUrl ↔ String

getter/setter pair

credentialsLocation ↔ CredentialsLocation

getter/setter pair

customUriScheme ↔ String

getter/setter pair

hashCode → int

The hash code for this object.

no setter, inherited

redirectUri ↔ String

getter/setter pair

refreshUrl ↔ String?

getter/setter pair

revokeUrl ↔ String?

getter/setter pair

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

scopeSeparator ↔ String

getter/setter pair

tokenUrl ↔ String

getter/setter pair

webAuthClient ↔ BaseWebAuth

getter/setter pair

Methods

getAuthorizationHeader({required String clientId, String? clientSecret}) → Map<String, String>

getAuthorizeUrl({required String clientId, String responseType = 'code', String? redirectUri, List<String>? scopes, bool enableState = true, String? state, String? codeChallenge, Map<String, dynamic>? customParams}) → String

Generates the url to be used for fetching the authorization code.

getRefreshUrlParams({required String refreshToken}) → Map<String, String>

Returns the parameters needed for the refresh token request

getTokenUrlParams({required String code, String? redirectUri, String? codeVerifier, Map<String, dynamic>? customParams}) → Map<String, dynamic>

Returns the parameters needed for the authorization code request

getTokenWithAuthCodeFlow({required String clientId, List<String>? scopes, String? clientSecret, bool enablePKCE = true, bool enableState = true, String? state, String? codeVerifier, Function? afterAuthorizationCodeCb, Map<String, dynamic>? authCodeParams, Map<String, dynamic>? accessTokenParams, dynamic httpClient, BaseWebAuth? webAuthClient, Map<String, dynamic>? webAuthOpts}) → Future<AccessTokenResponse>

Requests an Access Token to the OAuth2 endpoint using the Authorization Code Flow.

getTokenWithClientCredentialsFlow({required String clientId, required String clientSecret, List<String>? scopes, dynamic httpClient}) → Future<AccessTokenResponse>

Requests an Access Token to the OAuth2 endpoint using the Client Credentials flow.

getTokenWithImplicitGrantFlow({required String clientId, List<String>? scopes, bool enableState = true, String? state, dynamic httpClient, BaseWebAuth? webAuthClient, Map<String, dynamic>? webAuthOpts}) → Future<AccessTokenResponse>

Requests an Access Token to the OAuth2 endpoint using the Implicit grant flow (https://tools.ietf.org/html/rfc6749#page-31)

http2TokenResponse(Response response, {List<String>? requestedScopes}) → AccessTokenResponse

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

refreshToken(String refreshToken, {dynamic httpClient, required String clientId, String? clientSecret}) → Future<AccessTokenResponse>

Refreshes an Access Token issuing a refresh_token grant to the OAuth2 server.

requestAccessToken({required String code, required String clientId, String? clientSecret, String? codeVerifier, List<String>? scopes, Map<String, dynamic>? customParams, dynamic httpClient}) → Future<AccessTokenResponse>

Requests and Access Token using the provided Authorization code.

requestAuthorization({required String clientId, List<String>? scopes, String? codeChallenge, bool enableState = true, String? state, Map<String, dynamic>? customParams, BaseWebAuth? webAuthClient, Map<String, dynamic>? webAuthOpts}) → Future<AuthorizationResponse>

Requests an Authorization Code to be used in the Authorization Code grant.

revokeAccessToken(AccessTokenResponse tknResp, {String? clientId, String? clientSecret, dynamic httpClient}) → Future<OAuth2Response>

Revokes the Access Token in the provided tknResp

revokeRefreshToken(AccessTokenResponse tknResp, {String? clientId, String? clientSecret, dynamic httpClient}) → Future<OAuth2Response>

Revokes the Refresh Token in the provided tknResp

revokeToken(AccessTokenResponse tknResp, {String? clientId, String? clientSecret, dynamic httpClient}) → Future<OAuth2Response>

Revokes both the Access and the Refresh tokens in the provided tknResp

serializeScopes(List<String> scopes) → String

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited