OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. |
| 4 |
| 5 library client; |
| 6 |
| 7 import 'dart:uri'; |
| 8 |
| 9 import '../../../http/lib/http.dart' as http; |
| 10 |
| 11 import 'credentials.dart'; |
| 12 import 'expiration_exception.dart'; |
| 13 import 'utils.dart'; |
| 14 |
| 15 // TODO(nweiz): Add an onCredentialsRefreshed event once we have some event |
| 16 // infrastructure. |
| 17 /// An OAuth2 client. This acts as a drop-in replacement for an |
| 18 /// [http.BaseClient], while sending OAuth2 authorization credentials along with |
| 19 /// each request. |
| 20 /// |
| 21 /// The client also automatically refreshes its credentials if possible. When it |
| 22 /// makes a request, if its credentials are expired, it will first refresh them. |
| 23 /// This means that any request may throw an [AuthorizationException] if the |
| 24 /// refresh is not authorized for some reason, a [FormatException] if the |
| 25 /// authorization server provides ill-formatted responses, or an |
| 26 /// [ExpirationException] if the credentials are expired and can't be refreshed. |
| 27 /// |
| 28 /// Currently this client doesn't attempt to identify errors from the resource |
| 29 /// server that are caused by authentication failure. However, it may throw |
| 30 /// [AuthorizationException]s for such errors in the future. |
| 31 /// |
| 32 /// If you already have a set of [Credentials], you can construct a [Client] |
| 33 /// directly. However, in order to first obtain the credentials, you must |
| 34 /// authorize. At the time of writing, the only authorization method this |
| 35 /// library supports is [AuthorizationCodeGrant]. |
| 36 class Client extends http.BaseClient { |
| 37 /// The client identifier for this client. The authorization server will issue |
| 38 /// each client a separate client identifier and secret, which allows the |
| 39 /// server to tell which client is accessing it. Some servers may also have an |
| 40 /// anonymous identifier/secret pair that any client may use. |
| 41 /// |
| 42 /// This is usually global to the program using this library. |
| 43 final String identifier; |
| 44 |
| 45 /// The client secret for this client. The authorization server will issue |
| 46 /// each client a separate client identifier and secret, which allows the |
| 47 /// server to tell which client is accessing it. Some servers may also have an |
| 48 /// anonymous identifier/secret pair that any client may use. |
| 49 /// |
| 50 /// This is usually global to the program using this library. |
| 51 /// |
| 52 /// Note that clients whose source code or binary executable is readily |
| 53 /// available may not be able to make sure the client secret is kept a secret. |
| 54 /// This is fine; OAuth2 servers generally won't rely on knowing with |
| 55 /// certainty that a client is who it claims to be. |
| 56 final String secret; |
| 57 |
| 58 /// The credentials this client uses to prove to the resource server that it's |
| 59 /// authorized. This may change from request to request as the credentials |
| 60 /// expire and the client refreshes them automatically. |
| 61 Credentials get credentials => _credentials; |
| 62 Credentials _credentials; |
| 63 |
| 64 /// The underlying HTTP client. |
| 65 http.BaseClient _httpClient; |
| 66 |
| 67 /// Creates a new client from a pre-existing set of credentials. When |
| 68 /// authorizing a client for the first time, you should use |
| 69 /// [AuthorizationCodeGrant] instead of constructing a [Client] directly. |
| 70 /// |
| 71 /// [httpClient] is the underlying client that this forwards requests to after |
| 72 /// adding authorization credentials to them. |
| 73 Client( |
| 74 this.identifier, |
| 75 this.secret, |
| 76 this._credentials, |
| 77 {http.BaseClient httpClient}) |
| 78 : _httpClient = httpClient == null ? new http.Client() : httpClient; |
| 79 |
| 80 /// Sends an HTTP request with OAuth2 authorization credentials attached. This |
| 81 /// will also automatically refresh this client's [Credentials] before sending |
| 82 /// the request if necessary. |
| 83 Future<http.StreamedResponse> send(http.BaseRequest request) { |
| 84 return async.chain((_) { |
| 85 if (!credentials.isExpired) return new Future.immediate(null); |
| 86 if (!credentials.canRefresh) throw new ExpirationException(credentials); |
| 87 return refreshCredentials(); |
| 88 }).chain((_) { |
| 89 request.headers['authorization'] = "Bearer ${credentials.accessToken}"; |
| 90 return _httpClient.send(request); |
| 91 }); |
| 92 // TODO(nweiz): parse 401 errors that are caused by OAuth errors here. |
| 93 } |
| 94 |
| 95 /// Explicitly refreshes this client's credentials. Returns this client. |
| 96 /// |
| 97 /// This will throw a [StateError] if the [Credentials] can't be refreshed, an |
| 98 /// [AuthorizationException] if refreshing the credentials fails, or a |
| 99 /// [FormatError] if the authorization server returns invalid responses. |
| 100 /// |
| 101 /// You may request different scopes than the default by passing in |
| 102 /// [newScopes]. These must be a subset of the scopes in the |
| 103 /// [Credentials.scopes] field of [Client.credentials]. |
| 104 Future<Client> refreshCredentials([List<String> newScopes]) { |
| 105 return async.chain((_) { |
| 106 if (!credentials.canRefresh) { |
| 107 var prefix = "OAuth credentials"; |
| 108 if (credentials.isExpired) prefix = "$prefix have expired and"; |
| 109 throw new StateError("$prefix can't be refreshed."); |
| 110 } |
| 111 |
| 112 return credentials.refresh(identifier, secret, |
| 113 newScopes: newScopes, httpClient: _httpClient); |
| 114 }).transform((credentials) { |
| 115 _credentials = credentials; |
| 116 return this; |
| 117 }); |
| 118 } |
| 119 |
| 120 /// Closes this client and its underlying HTTP client. |
| 121 void close() { |
| 122 if (_httpClient != null) _httpClient.close(); |
| 123 _httpClient = null; |
| 124 } |
| 125 } |
OLD | NEW |