openid_client_implicit_flow 0.2.6

  • Readme
  • Changelog
  • Installing
  • 14

Openid Client Implicit Flow #

Build Status

Library for working with OpenID Connect and implementing clients.

It currently supports these features:

  • discover OpenID Provider metadata
  • parsing and validating id tokens
  • basic tools for implementing implicit and authorization code flow
  • authentication for command line tools

Besides authentication providers that support OpenID Connect, this library can also work with other authentication providers supporting oauth2, like Facebook. For these providers, some features (e.g. discovery and id tokens) will not work. You should define the metadata for those providers manually, except for Facebook, which is predefined in the library.

Usage #

A simple usage example:

import 'package:openid_client/openid_client.dart';

main() async {

  // print a list of known issuers
  print(Issuer.knownIssuers);

  // discover the metadata of the google OP
  var issuer = await Issuer.discover(Issuer.google);
  
  // create a client
  var client = new Client(issuer, "client_id", "client_secret");
  
  // create a credential object from authorization code
  var c = client.createCredential(code: "some received authorization code");

  // or from an access token
  c = client.createCredential(accessToken: "some received access token");

  // or from an id token
  c = client.createCredential(idToken: "some id token");      

  // get userinfo
  var info = await c.getUserInfo();
  print(info.name);
  
  // get claims from id token if present
  print(c.idToken?.claims?.name);
  
  // create an implicit authentication flow
  var f = new Flow.implicit(client);
  
  // or an explicit flow
  f = new Flow.authorizationCode(client);
  
  // set the redirect uri
  f.redirectUri = Uri.parse("http://localhost");
  
  // do something with the authentication url
  print(f.authenticationUrl);
  
  // handle the result and get a credential object
  c = await f.callback({
    "code": "some code",
  });
  
  // validate an id token
  var violations = await c.validateToken();
}

Usage example on flutter #

// import the io version
import 'package:openid_client/openid_client_io.dart';
// use url launcher package 
import 'package:url_launcher/url_launcher.dart';

authenticate(Uri uri, String clientId, List<String> scopes) async {   
    
    // create the client
    var issuer = await Issuer.discover(uri);
    var client = new Client(issuer, clientId);
    
    // create a function to open a browser with an url
    urlLauncher(String url) async {
        if (await canLaunch(url)) {
          await launch(url, forceWebView: true);
        } else {
          throw 'Could not launch $url';
        }
    }
    
    // create an authenticator
    var authenticator = new Authenticator(client,
        scopes: scopes,
        port: 4000, urlLancher: urlLauncher);
    
    // starts the authentication
    var c = await authenticator.authorize();
    
    // close the webview when finished
    closeWebView();
    
    // return the user info
    return await c.getUserInfo();

}

Usage example on command line #

// import the io version
import 'package:openid_client/openid_client_io.dart';

authenticate(Uri uri, String clientId, List<String> scopes) async {   
    
    // create the client
    var issuer = await Issuer.discover(uri);
    var client = new Client(issuer, clientId);
    
    // create an authenticator
    var authenticator = new Authenticator(client,
        scopes: scopes,
        port: 4000);
    
    // starts the authentication
    var c = await authenticator.authorize(); // this will open a browser
    
    // return the user info
    return await c.getUserInfo();
}

Usage example in browser #

// import the browser version
import 'package:openid_client/openid_client_browser.dart';

authenticate(Uri uri, String clientId, List<String> scopes) async {   
    
    // create the client
    var issuer = await Issuer.discover(uri);
    var client = new Client(issuer, clientId);
    
    // create an authenticator
    var authenticator = new Authenticator(client, scopes: scopes);
    
    // get the credential
    var c = await authenticator.credential;
    
    if (c==null) {
      // starts the authentication
      authenticator.authorize(); // this will redirect the browser
    } else {
      // return the user info
      return await c.getUserInfo();
    }
}

Command line tool #

Install #

pub global activate openid_client

Usage #

Show a list of known OpenID providers:

openid_client issuers list

Discover and show the metadata of an OP:

openid_client issusers discover https://www.example.com

Show a list of known clients:

openid_client clients list

Add a client:

openid_client clients configure --secret optional_secret https://some.issuer.com client_id
 

Remove a client:

openid_client clients remove https://some.issuer.com client_id

Authenticate with a client:

openid_client clients auth --secret optional_secret https://some.issuer.com client_id

Show the content of an id token and validate it:

openid_client tokens validate eyJhbGciOiJSUzI1NiIsImtpZCI6ImE2YzJjNmQ0ZTZkYTFmOWJjMTdmYzhkMzExMzNiOTJmMDdlOTgxMTkifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE0ODU4ODQyNzcsImV4cCI6MTQ4NTg4Nzg3NywiYXRfaGFzaCI6Ik9nWUlZRzM1WXB6RmVvRlZBeWd1VUEiLCJhdWQiOiI1ODExNTUxMDQ5NDMtcnBqazBzanZucDFrZ2FkYzV0Mm5pOXFvYWt0ZGpzMjEuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMTI2NzgyNTk2NzYyMTE3MDcxNDgiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXpwIjoiNTgxMTU1MTA0OTQzLXJwamswc2p2bnAxa2dhZGM1dDJuaTlxb2FrdGRqczIxLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJyaWsuYmVsbGVuc0BnbWFpbC5jb20iLCJuYW1lIjoiUmlrIEJlbGxlbnMiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDUuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1lRmpwUXFfUTZWUS9BQUFBQUFBQUFBSS9BQUFBQUFBQUFCUS9md1U0alVicTJ5US9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiUmlrIiwiZmFtaWx5X25hbWUiOiJCZWxsZW5zIiwibG9jYWxlIjoibmwifQ.TlXzuNLdd5hX-bzMrwBaclcE8z4So2wFJAZ_H7hGz8YA4lCxHV8iON8yuJ1PdXGuOOkDXScj4qSPK80IZ_J29Uf2azCH83djpjyP4McB_dG4zXkUSFGFTHiNnqmvFbMmL-91A74teAr1ZHDx5-so2bHs16_c8immj2YM5GqlN4FG_IFCqRZ-7jEn9m_SjBXpb_NahiDB-bk47npmM9GIWq4OhV4e4tpFO1XY7H4fDHoiBhkc1nrbUjiqTH3VOJVQNp6FjiO2ErR7UWWnSKX6PMFDJ-U-QSsC8gu0PtuIa1ZUXvTAdX5vKt_fsKijbiT0xUUq8xJATaDh8-aBsNKpqQ

Features and bugs #

Please file feature requests and bugs at the issue tracker.

Changelog #

0.2.4 #

  • Allow only signing algorithms specified in id_token_signing_alg_values_supported parameter of issuer metadata

0.2.1 #

  • Fix Authorization Code PKCE flow

0.2.0 #

  • Dart 2/flutter compatibility

0.1.0 #

  • Initial version

Use this package as an executable

1. Install it

You can install the package from the command line:


$ pub global activate openid_client_implicit_flow

2. Use it

The package has the following executables:


$ openid_client

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  openid_client_implicit_flow: ^0.2.6

2. Install it

You can install packages from the command line:

with pub:


$ pub get

Alternatively, your editor might support pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:openid_client_implicit_flow/openid_client.dart';
import 'package:openid_client_implicit_flow/openid_client_browser.dart';
import 'package:openid_client_implicit_flow/openid_client_io.dart';
import 'package:openid_client_implicit_flow/openid_implicit_flow.dart';
  
Popularity:
Describes how popular the package is relative to other packages. [more]
0
Health:
Code health derived from static analysis. [more]
0
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
70
Overall:
Weighted score of the above. [more]
14
Learn more about scoring.

We analyzed this package on Nov 22, 2019, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.6.0
  • pana: 0.12.21

Platforms

Detected platforms:

Error(s) prevent platform classification:

Error(s) in lib/openid_client_browser.dart: Target of URI doesn't exist: 'dart:html'.

Health issues and suggestions

Fix lib/openid_client_browser.dart. (-98.24 points)

Analysis of lib/openid_client_browser.dart failed with 14 errors, 3 hints, including:

line 2 col 8: Target of URI doesn't exist: 'dart:html'.

line 16 col 20: Undefined name 'window'.

line 18 col 37: Undefined name 'window'.

line 22 col 5: Undefined name 'window'.

line 23 col 5: Undefined name 'window'.

Fix lib/src/openid.dart. (-16.51 points)

Analysis of lib/src/openid.dart reported 36 hints, including:

line 23 col 40: Use = to separate a named parameter from its default value.

line 24 col 21: Unnecessary new keyword.

line 49 col 15: Unnecessary new keyword.

line 49 col 26: Unnecessary new keyword.

line 123 col 9: Unnecessary new keyword.

Fix bin/openid_client_implicit_flow.dart. (-8.17 points)

Analysis of bin/openid_client_implicit_flow.dart reported 17 hints, including:

line 11 col 19: Unnecessary new keyword.

line 12 col 19: Unnecessary new keyword.

line 57 col 19: Unnecessary new keyword.

line 58 col 19: Unnecessary new keyword.

line 59 col 19: Unnecessary new keyword.

Fix additional 6 files with analysis or formatting issues. (-12.30 points)

Additional issues in the following files:

  • lib/openid_client_io.dart (11 hints)
  • lib/src/model/claims.dart (7 hints)
  • lib/openid_implicit_flow.dart (3 hints)
  • lib/src/http_util.dart (2 hints)
  • lib/src/model/token.dart (1 hint)
  • lib/src/model/token_response.dart (1 hint)

Maintenance issues and suggestions

Fix platform conflicts. (-20 points)

Error(s) prevent platform classification:

Error(s) in lib/openid_client_browser.dart: Target of URI doesn't exist: 'dart:html'.

Maintain an example. (-10 points)

Create a short demo in the example/ directory to show how to use this package.

Common filename patterns include main.dart, example.dart, and openid_client_implicit_flow.dart. Packages with multiple examples should provide example/README.md.

For more information see the pub package layout conventions.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=1.21.0 <3.0.0
args ^1.5.0 1.5.2
flutter_webview_plugin ^0.3.1 0.3.9+1
http ^0.12.0 0.12.0+2
jose ^0.1.2 0.1.2
logging ^0.11.3+2 0.11.3+2
pointycastle ^1.0.0-rc4 1.0.2
Transitive dependencies
analyzer 0.38.5 0.39.1
analyzer_plugin 0.2.1
async 2.4.0
build 1.2.2
build_config 0.4.1+1
built_collection 4.3.0
built_value 6.8.2 7.0.0
built_value_generator 6.8.2 7.0.0
charcode 1.1.2
checked_yaml 1.0.2
collection 1.14.11 1.14.12
convert 2.1.1
crypto 2.1.3
crypto_keys 0.1.0
csslib 0.16.1
dart_style 1.3.3
fixnum 0.10.11
flutter 0.0.0
front_end 0.1.27 0.1.29
glob 1.2.0
html 0.14.0+3
http_parser 3.1.3
js 0.6.1+1
json_annotation 3.0.0
kernel 0.3.27 0.3.29
matcher 0.12.6
meta 1.1.7 1.1.8
node_interop 1.0.3
node_io 1.0.1+2
package_config 1.1.0
path 1.6.4
pedantic 1.8.0+1
pub_semver 1.4.2
pubspec_parse 0.1.5
quiver 2.1.2+1
sky_engine 0.0.99
source_gen 0.9.4+6
source_span 1.5.5
stack_trace 1.9.3
string_scanner 1.0.5
term_glyph 1.1.0
typed_data 1.1.6
vector_math 2.0.8
watcher 0.9.7+13
yaml 2.2.0
Dev dependencies
angular ^5.0.0
build_runner >=0.8.10 <0.11.0
build_web_compilers >=0.3.6 <0.5.0
test ^1.0.0