OLD | NEW |
(Empty) | |
| 1 A client library for authenticating with a remote service via OAuth2 on |
| 2 behalf of a user, and making authorized HTTP requests with the user's OAuth2 |
| 3 credentials. Currently this only works where `dart:io` is available. |
| 4 |
| 5 OAuth2 allows a client (the program using this library) to access and |
| 6 manipulate a resource that's owned by a resource owner (the end user) and |
| 7 lives on a remote server. The client directs the resource owner to an |
| 8 authorization server (usually but not always the same as the server that |
| 9 hosts the resource), where the resource owner tells the authorization server |
| 10 to give the client an access token. This token serves as proof that the |
| 11 client has permission to access resources on behalf of the resource owner. |
| 12 |
| 13 OAuth2 provides several different methods for the client to obtain |
| 14 authorization. At the time of writing, this library only supports the |
| 15 [AuthorizationCodeGrant][] method, but further methods may be added in the |
| 16 future. The following example uses this method to authenticate, and assumes |
| 17 that the library is being used by a server-side application. |
| 18 |
| 19 [AuthorizationCodeGrant]: https://api.dartlang.org/apidocs/channels/stable/#oaut
h2/oauth2.AuthorizationCodeGrant |
| 20 |
| 21 ```dart |
| 22 import 'dart:io' |
| 23 import 'package:oauth2/oauth2.dart' as oauth2; |
| 24 |
| 25 // These URLs are endpoints that are provided by the authorization |
| 26 // server. They're usually included in the server's documentation of its |
| 27 // OAuth2 API. |
| 28 final authorizationEndpoint = |
| 29 Uri.parse("http://example.com/oauth2/authorization"); |
| 30 final tokenEndpoint = |
| 31 Uri.parse("http://example.com/oauth2/token"); |
| 32 |
| 33 // The authorization server will issue each client a separate client |
| 34 // identifier and secret, which allows the server to tell which client |
| 35 // is accessing it. Some servers may also have an anonymous |
| 36 // identifier/secret pair that any client may use. |
| 37 // |
| 38 // Note that clients whose source code or binary executable is readily |
| 39 // available may not be able to make sure the client secret is kept a |
| 40 // secret. This is fine; OAuth2 servers generally won't rely on knowing |
| 41 // with certainty that a client is who it claims to be. |
| 42 final identifier = "my client identifier"; |
| 43 final secret = "my client secret"; |
| 44 |
| 45 // This is a URL on your application's server. The authorization server |
| 46 // will redirect the resource owner here once they've authorized the |
| 47 // client. The redirection will include the authorization code in the |
| 48 // query parameters. |
| 49 final redirectUrl = Uri.parse("http://my-site.com/oauth2-redirect"); |
| 50 |
| 51 var credentialsFile = new File("~/.myapp/credentials.json"); |
| 52 return credentialsFile.exists().then((exists) { |
| 53 // If the OAuth2 credentials have already been saved from a previous |
| 54 // run, we just want to reload them. |
| 55 if (exists) { |
| 56 return credentialsFile.readAsString().then((json) { |
| 57 var credentials = new oauth2.Credentials.fromJson(json); |
| 58 return new oauth2.Client(identifier, secret, credentials); |
| 59 }); |
| 60 } |
| 61 |
| 62 // If we don't have OAuth2 credentials yet, we need to get the |
| 63 // resource owner to authorize us. We're assuming here that we're a |
| 64 // command-line application. |
| 65 var grant = new oauth2.AuthorizationCodeGrant( |
| 66 identifier, secret, authorizationEndpoint, tokenEndpoint); |
| 67 |
| 68 // Redirect the resource owner to the authorization URL. This will be |
| 69 // a URL on the authorization server (authorizationEndpoint with some |
| 70 // additional query parameters). Once the resource owner has |
| 71 // authorized, they'll be redirected to `redirectUrl` with an |
| 72 // authorization code. |
| 73 // |
| 74 // `redirect` is an imaginary function that redirects the resource |
| 75 // owner's browser. |
| 76 return redirect(grant.getAuthorizationUrl(redirectUrl)).then((_) { |
| 77 // Another imaginary function that listens for a request to |
| 78 // `redirectUrl`. |
| 79 return listen(redirectUrl); |
| 80 }).then((request) { |
| 81 // Once the user is redirected to `redirectUrl`, pass the query |
| 82 // parameters to the AuthorizationCodeGrant. It will validate them |
| 83 // and extract the authorization code to create a new Client. |
| 84 return grant.handleAuthorizationResponse(request.uri.queryParameters); |
| 85 }) |
| 86 }).then((client) { |
| 87 // Once you have a Client, you can use it just like any other HTTP |
| 88 // client. |
| 89 return client.read("http://example.com/protected-resources.txt") |
| 90 .then((result) { |
| 91 // Once we're done with the client, save the credentials file. This |
| 92 // ensures that if the credentials were automatically refreshed |
| 93 // while using the client, the new credentials are available for the |
| 94 // next run of the program. |
| 95 return credentialsFile.open(FileMode.WRITE).then((file) { |
| 96 return file.writeString(client.credentials.toJson()); |
| 97 }).then((file) => file.close()).then((_) => result); |
| 98 }); |
| 99 }).then(print); |
| 100 ``` |
OLD | NEW |