1. @httpPost
Future<Response> create({String username, String password, String refreshToken, String authCode, String grantType, String scope })

Creates or refreshes an authentication token.

When grant_type is 'password', there must be username and password values. When grant_type is 'refresh_token', there must be a refresh_token value. When grant_type is 'authorization_code', there must be a authorization_code value.

This endpoint requires client authentication. The Authorization header must include a valid Client ID and Secret in the Basic authorization scheme format.

Source

@httpPost
Future<Response> create(
    {@HTTPQuery("username") String username,
    @HTTPQuery("password") String password,
    @HTTPQuery("refresh_token") String refreshToken,
    @HTTPQuery("code") String authCode,
    @HTTPQuery("grant_type") String grantType,
    @HTTPQuery("scope") String scope}) async {
  AuthBasicCredentials basicRecord;
  try {
    basicRecord = AuthorizationBasicParser.parse(authHeader);
  } on AuthorizationParserException catch (_) {
    return _responseForError(AuthRequestError.invalidClient);
  }

  try {
    var scopes = scope
      ?.split(" ")
      ?.map((s) => new AuthScope(s))
      ?.toList();

    if (grantType == "password") {
      var token = await authServer.authenticate(
          username, password, basicRecord.username, basicRecord.password, requestedScopes: scopes);

      return AuthController.tokenResponse(token);
    } else if (grantType == "refresh_token") {
      var token = await authServer.refresh(
          refreshToken, basicRecord.username, basicRecord.password, requestedScopes: scopes);

      return AuthController.tokenResponse(token);
    } else if (grantType == "authorization_code") {
      if (scope != null) {
        return _responseForError(AuthRequestError.invalidRequest);
      }

      var token = await authServer.exchange(
          authCode, basicRecord.username, basicRecord.password);

      return AuthController.tokenResponse(token);
    } else if (grantType == null) {
      return _responseForError(AuthRequestError.invalidRequest);
    }
  } on FormatException {
    return _responseForError(AuthRequestError.invalidScope);
  } on AuthServerException catch (e) {
    return _responseForError(e.reason);
  }

  return _responseForError(AuthRequestError.unsupportedGrantType);
}