completeChallenge method

Future<T> completeChallenge(Session session, { required String completionToken, required Transaction transaction, })

Validates a completion token with all protection mechanisms.

This method handles the complete completion token validation flow including:

• Token decoding
• Request retrieval
• Not-verified detection (completion challenge missing)
• Code verification
• Expiration checks

Throws:

• ChallengeInvalidCompletionTokenException if the token format is invalid.
• ChallengeRequestNotFoundException if the request is not found.
• ChallengeAlreadyUsedException if the request has not been verified yet.
• ChallengeInvalidVerificationCodeException if the verification code is invalid.
• ChallengeExpiredException if the request has expired.

Returns the validated request that can be used to complete the operation.

Implementation

Future<T> completeChallenge(
  final Session session, {
  required final String completionToken,
  required final Transaction transaction,
}) async {
  final config = _completionConfig;

  final credentials = _decodeCompletionToken(completionToken);

  if (await config.hasTooManyAttempts(
    session,
    nonce: credentials.requestId,
  )) {
    throw ChallengeRateLimitExceededException();
  }

  final request = await config.getRequest(
    session,
    credentials.requestId,
    transaction: transaction,
  );
  if (request == null) {
    throw ChallengeRequestNotFoundException();
  }

  final completionChallenge = config.getCompletionChallenge(request);
  if (completionChallenge == null) {
    throw ChallengeNotVerifiedException();
  }

  if (!await _validateVerificationCode(
    verificationCode: credentials.verificationCode,
    challenge: completionChallenge,
  )) {
    throw ChallengeInvalidVerificationCodeException();
  }

  if (config.isExpired(request)) {
    await config.onExpired(session, request);
    throw ChallengeExpiredException();
  }

  return request;
}