exchangeAccessToken method
Your server should then daily verify the session with Microsoft, and revoke the session in your system if th authorization has been withdrawn on Microsoft's side.
Implementation
@override
Future<SocialSignInResultInterface> exchangeAccessToken(
String authorizationCode) async {
var response = await http.post(
Uri.parse(_accessTokenUrl),
headers: {"Content-Type": "application/x-www-form-urlencoded"},
body: {
"grant_type": "authorization_code",
"redirect_uri": redirectUrl,
"client_id": clientId,
"client_secret": clientSecret,
"code": authorizationCode
},
);
if (response.statusCode == 200) {
var body =
json.decode(utf8.decode(response.bodyBytes)) as Map<String, dynamic>;
if (body.containsKey("access_token")) {
return MicrosoftSignInResult(
SignInResultStatus.ok,
accessToken: body["access_token"],
state: stateCode,
);
} else {
throw handleResponseBodyFail(body);
}
} else {
throw handleUnSuccessCodeFail(response);
}
}