dartapi_auth 0.0.2

DartAPI Auth is a lightweight and extensible authentication package for Dart backend applications. It provides JWT-based authentication with Auth Middleware.

DartAPI Auth

DartAPI Auth is a lightweight authentication package for Dart-based backend applications. It provides JWT-based authentication with built-in support for access tokens, refresh tokens, and middleware protection.

🚀 Features

• ✅ JWT Authentication (Signed JSON Web Tokens using dart_jsonwebtoken)
• ✅ Access & Refresh Tokens (With Expiry & Rotation Support)
• ✅ Issuer (iss) & Audience (aud) Validation for Security
• ✅ Middleware Protection for Securing Routes
• ✅ Unit Tested for Maximum Reliability

---

📌 Installation

Add dartapi_auth as a dependency in your Dart project:

dart pub add dartapi_auth

copied to clipboard

Or, add it manually to your pubspec.yaml:

dependencies:
  dartapi_auth: ^1.0.0

copied to clipboard

---

🔑 Usage

1️⃣ Setting Up JwtService

import 'package:dartapi_auth/jwt_service.dart';

void main() {
  final jwtService = JwtService(
    accessTokenSecret: 'your-very-secure-secret',
    refreshTokenSecret: 'your-super-secure-refresh-secret',
    issuer: 'dartapi-auth',
    audience: 'dartapi-users',
  );

  // ✅ Generate Access Token
  final accessToken = jwtService.generateAccessToken(claims: {
    'sub': 'user-123',
    'username': 'john_doe',
  });

  print('Access Token: \$accessToken');
}

copied to clipboard

---

2️⃣ Verifying Access Tokens

final payload = jwtService.verifyAccessToken(accessToken);
if (payload != null) {
  print('Token is valid! User: \${payload['username']}');
} else {
  print('Invalid token!');
}

copied to clipboard

---

3️⃣ Generating & Verifying Refresh Tokens

final refreshToken = jwtService.generateRefreshToken(accessToken: accessToken);
final verifiedPayload = jwtService.verifyRefreshToken(refreshToken);

if (verifiedPayload != null) {
  print('Refresh Token Verified! User: \${verifiedPayload['username']}');
} else {
  print('Invalid Refresh Token!');
}

copied to clipboard

---

4️⃣ Protecting Routes with Authentication Middleware

import 'package:dartapi_auth/auth_middleware.dart';
import 'package:shelf/shelf.dart';
import 'package:shelf/shelf_io.dart' as io;

void main() async {
  final handler = Pipeline()
      .addMiddleware(authMiddleware(jwtService))
      .addHandler((Request request) {
    final user = request.context['user'];
    return Response.ok('Hello, \${user?['username']}!');
  });

  final server = await io.serve(handler, 'localhost', 8080);
  print('🚀 Server running on http://localhost:8080');
}

copied to clipboard

---

Example Login Response:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ...",
  "expires_in": 3600
}

copied to clipboard

---

🛠 Testing the Package

Run tests using:

dart test

copied to clipboard

---

📜 License

This package is open-source and licensed under the BSD-3-Clause License.

© 2025 Akash G Krishnan. All rights reserved.