A storage-agnostic OAuth 2.0 authorization 'server'.
Instances of this type will carry out authentication and authorization tasks. They are created during a RequestSink's initialization process and injected in Authorizers, AuthCodeController and AuthController instances.
An AuthServer requires storage. This is typically implemented by using ManagedAuthStorage
from package:aqueduct/managed_auth.dart
.
It's atypical to invoke methods directly on instances of this type - Authorizer, AuthCodeController and AuthController take care of that.
An example:
import 'package:aqueduct/aqueduct.dart';
import 'package:aqueduct/managed_auth.dart';
class MyRequestSink extends RequestSink {
MyRequestSink(ApplicationConfiguration config) : super (config) {
context = createContext();
authServer = new AuthServer(new ManagedAuthStorage<User>(context));
}
ManagedContext context;
AuthServer authServer;
@override
void setupRouter(Router router) {
router
.route("/protected")
.pipe(new Authorizer(authServer))
.generate(() => new ProtectedResourceController());
router
.route("/auth/token")
.generate(() => new AuthController(authServer));
}
}
- Implements
-
- AuthValidator
- Mixes-in
- APIDocumentable
Constants
- TokenTypeBearer → String
-
"bearer"
Constructors
- AuthServer(AuthStorage storage, { int hashRounds: 1000, int hashLength: 32, Hash hashFunction })
-
Creates a new instance of an AuthServer with a storage.
Properties
- hashFunction → Hash
-
The
Hash
function used by the PBKDF2 algorithm to generate password hashes by this instance.final - hashLength → int
-
The resulting key length of a password hash when generated by this instance.
final - hashRounds → int
-
The number of hashing rounds performed by this instance when validating a password.
final - storage → AuthStorage
-
The object responsible for carrying out the storage mechanisms of this instance.
read / write - documentableChild → APIDocumentable
-
Returns the next documentable object in a chain of documentable objects.
read-only, inherited - hashCode → int
-
The hash code for this object.
read-only, inherited - runtimeType → Type
-
A representation of the runtime type of the object.
read-only, inherited
Operators
-
operator ==(
other) → bool -
The equality operator.
inherited
Methods
-
authenticate(
String username, String password, String clientID, String clientSecret, { Duration expiration: const Duration(hours: 24), List<AuthScope> requestedScopes }) → Future<AuthToken> -
Authenticates a username and password of an Authenticatable and returns an AuthToken upon success.
-
authenticateForCode(
String username, String password, String clientID, { int expirationInSeconds: 600, List<AuthScope> requestedScopes }) → Future<AuthCode> -
Creates a one-time use authorization code for a given client ID and user credentials.
-
clientForID(
String clientID) → Future<AuthClient> -
Returns a AuthClient record for its
clientID
. -
documentSecuritySchemes(
PackagePathResolver resolver) → Map<String, APISecurityScheme> -
Returns all
APISecurityScheme
s this instance knows about. -
exchange(
String authCodeString, String clientID, String clientSecret, { int expirationInSeconds: 3600 }) → Future<AuthToken> -
Exchanges a valid authorization code for an AuthToken.
-
fromBasicCredentials(
AuthBasicCredentials credentials) → Future<Authorization> -
// //
-
fromBearerToken(
String bearerToken, { List<AuthScope> scopesRequired }) → Future<Authorization> -
Returns an
Authorization
from a bearer token. -
hashPassword(
String password, String salt) → String -
Hashes a
password
withsalt
using PBKDF2 algorithm. -
refresh(
String refreshToken, String clientID, String clientSecret, { List<AuthScope> requestedScopes }) → Future<AuthToken> -
Refreshes a valid AuthToken instance.
-
requirementsForStrategy(
AuthStrategy strategy) → List<APISecurityRequirement> -
revokeAuthenticatableAccessForIdentifier(
identifier) → Future -
Revokes access for an Authenticatable.
-
revokeClientID(
String clientID) → Future -
Revokes a AuthClient record.
-
verify(
String accessToken, { List<AuthScope> scopesRequired }) → Future<Authorization> -
Returns a Authorization for
accessToken
. -
documentAPI(
PackagePathResolver resolver) → APIDocument -
Returns an entire APIDocument describing an OpenAPI specification.
inherited -
documentOperations(
PackagePathResolver resolver) → List<APIOperation> -
Returns all APIOperations this object knows about.
inherited -
documentPaths(
PackagePathResolver resolver) → List<APIPath> -
Returns all APIPath objects this instance knows about.
inherited -
documentRequestBodyForOperation(
APIOperation operation) → APIRequestBody -
Returns all APIRequestBodys for
operation
.inherited -
documentResponsesForOperation(
APIOperation operation) → List<APIResponse> -
Returns all APIResponses for
operation
.inherited -
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a non-existent method or property is accessed.
inherited -
toString(
) → String -
Returns a string representation of this object.
inherited