A storage-agnostic OAuth 2.0 authorization 'server'.

Instances of this type will carry out authentication and authorization tasks. They are created during a RequestSink's initialization process and injected in Authorizers, AuthCodeController and AuthController instances.

An AuthServer requires storage. This is typically implemented by using ManagedAuthStorage from package:aqueduct/managed_auth.dart.

It's atypical to invoke methods directly on instances of this type - Authorizer, AuthCodeController and AuthController take care of that.

An example:

    import 'package:aqueduct/aqueduct.dart';
    import 'package:aqueduct/managed_auth.dart';

    class MyRequestSink extends RequestSink {
      MyRequestSink(ApplicationConfiguration config) : super (config) {
        context = createContext();
        authServer = new AuthServer(new ManagedAuthStorage<User>(context));
      }

      ManagedContext context;
      AuthServer authServer;

      @override
      void setupRouter(Router router) {
        router
          .route("/protected")
          .pipe(new Authorizer(authServer))
          .generate(() => new ProtectedResourceController());

        router
          .route("/auth/token")
          .generate(() => new AuthController(authServer));
      }
    }
Implements
  • AuthValidator
Mixes-in
  • APIDocumentable

Constants

TokenTypeBearer → String

"bearer"

Constructors

AuthServer(AuthStorage storage)

Creates a new instance of an AuthServer with a storage.

Properties

storage AuthStorage

The object responsible for carrying out the storage mechanisms of this instance.

read / write
documentableChild APIDocumentable

Returns the next documentable object in a chain of documentable objects.

read-only, inherited
hashCode → int

The hash code for this object.

read-only, inherited
runtimeType → Type

A representation of the runtime type of the object.

read-only, inherited

Operators

operator ==(other) → bool

The equality operator.

inherited

Methods

authenticate(String username, String password, String clientID, String clientSecret, { Duration expiration: const Duration(hours: 24), List<AuthScope> requestedScopes }) → Future<AuthToken>

Authenticates a username and password of an Authenticatable and returns an AuthToken upon success.

authenticateForCode(String username, String password, String clientID, { int expirationInSeconds: 600, List<AuthScope> requestedScopes }) → Future<AuthCode>

Creates a one-time use authorization code for a given client ID and user credentials.

clientForID(String clientID) → Future<AuthClient>

Returns a AuthClient record for its clientID.

documentSecuritySchemes(PackagePathResolver resolver) → Map<String, APISecurityScheme>

Returns all APISecuritySchemes this instance knows about.

exchange(String authCodeString, String clientID, String clientSecret, { int expirationInSeconds: 3600 }) → Future<AuthToken>

Exchanges a valid authorization code for an AuthToken.

fromBasicCredentials(AuthBasicCredentials credentials) → Future<Authorization>

// //

fromBearerToken(String bearerToken, { List<AuthScope> scopesRequired }) → Future<Authorization>

Returns an Authorization from a bearer token.

refresh(String refreshToken, String clientID, String clientSecret, { List<AuthScope> requestedScopes }) → Future<AuthToken>

Refreshes a valid AuthToken instance.

requirementsForStrategy(AuthStrategy strategy) → List<APISecurityRequirement>

revokeAuthenticatableAccessForIdentifier(identifier) → Future

Revokes access for an Authenticatable.

revokeClientID(String clientID) → Future

Revokes a AuthClient record.

verify(String accessToken, { List<AuthScope> scopesRequired }) → Future<Authorization>

Returns a Authorization for accessToken.

documentAPI(PackagePathResolver resolver) APIDocument

Returns an entire APIDocument describing an OpenAPI specification.

inherited
documentOperations(PackagePathResolver resolver) → List<APIOperation>

Returns all APIOperations this object knows about.

inherited
documentPaths(PackagePathResolver resolver) → List<APIPath>

Returns all APIPath objects this instance knows about.

inherited
documentRequestBodyForOperation(APIOperation operation) APIRequestBody

Returns all APIRequestBodys for operation.

inherited
documentResponsesForOperation(APIOperation operation) → List<APIResponse>

Returns all APIResponses for operation.

inherited
noSuchMethod(Invocation invocation) → dynamic

Invoked when a non-existent method or property is accessed.

inherited
toString() → String

Returns a string representation of this object.

inherited