exchangeCodeForToken method

Future<String> exchangeCodeForToken(Session session, { required String code, required String codeVerifier, required String redirectUri, required bool isWebPlatform, })

Exchanges an authorization code for an access token.

This method exchanges the authorization code received from Microsoft's OAuth flow for an access token using PKCE. The code is the authorization code from the callback, and codeVerifier is the PKCE code verifier that was used to generate the code challenge.

The redirectUri must match the redirect URI used in the authorization request.

The isWebPlatform flag indicates whether the client is a web application. Microsoft requires the client secret only for confidential clients (web apps). Public clients (mobile, desktop) using PKCE must not include it. See Microsoft OAuth2 documentation.

This method delegates to the generic OAuth2PkceUtil for token exchange, using Microsoft-specific configuration.

Throws MicrosoftAccessTokenVerificationException if the token exchange fails.

Implementation

Future<String> exchangeCodeForToken(
  final Session session, {
  required final String code,
  required final String codeVerifier,
  required final String redirectUri,
  required final bool isWebPlatform,
}) async {
  try {
    final tokenResponse = await _oauth2Util.exchangeCodeForToken(
      code: code,
      codeVerifier: codeVerifier,
      redirectUri: redirectUri,
      includeClientSecret: isWebPlatform,
    );
    return tokenResponse.accessToken;
  } on OAuth2Exception catch (e) {
    session.log(e.toString(), level: LogLevel.debug);
    throw MicrosoftAccessTokenVerificationException();
  }
}