platform/packages/auth
2023-05-21 11:02:54 +00:00
..
example Fixed auth analysis warnings 2022-08-17 11:17:00 +08:00
lib Updated configuration 2023-05-21 11:02:54 +00:00
test Updated configuration 2023-05-21 11:02:54 +00:00
.gitignore Updated pubspec 2022-08-29 01:51:56 +08:00
analysis_options.yaml Cleanup 2021-09-26 15:09:13 +08:00
AUTHORS.md Publish angel3_auth 2021-05-14 19:09:48 +08:00
CHANGELOG.md Updated auth 2023-05-21 09:29:15 +00:00
LICENSE Updated auth, model, container and its generator 2021-09-26 14:53:42 +08:00
melos_angel3_auth.iml Added melos 2022-03-19 09:37:28 +08:00
pubspec.yaml Updated auth 2023-05-21 09:29:15 +00:00
README.md Updated auth 2021-09-29 15:40:27 +08:00

Angel3 Anthentication

Pub Version (including pre-releases) Null Safety Gitter License

A complete authentication plugin for Angel3. Inspired by Passport. More details in the User Guide.

Bundled Strategies

  • Local (with and without Basic Auth)
  • Find other strategies (Twitter, Google, OAuth2, etc.) on pub

Example

Ensure you have read the User Guide.

configureServer(Angel app) async {
  var auth = AngelAuth<User>(
    serializer: (user) => user.id ?? '',
    deserializer: (id) => fetchAUserByIdSomehow(id)
  );
  auth.strategies['local'] = LocalAuthStrategy(...);
  
  // POST route to handle username+password
  app.post('/local', auth.authenticate('local'));

  // Using Angel's asynchronous injections, we can parse the JWT
  // on demand. It won't be parsed until we check.
  app.get('/profile', ioc((User user) {
    print(user.description);
  }));
  
  // Use a comma to try multiple strategies!!!
  //
  // Each strategy is run sequentially. If one succeeds, the loop ends.
  // Authentication failures will just cause the loop to continue.
  // 
  // If the last strategy throws an authentication failure, then
  // a `401 Not Authenticated` is thrown.
  var chainedHandler = auth.authenticate(
    ['basic','facebook'],
    authOptions
  );
  
  // Apply angel_auth-specific configuration.
  await app.configure(auth.configureServer);
}

Default Authentication Callback

A frequent use case within SPA's is opening OAuth login endpoints in a separate window. angel3_client provides a facility for this, which works perfectly with the default callback provided in this package.

configureServer(Angel app) async {
  var handler = auth.authenticate(
    'facebook',
    AngelAuthOptions(callback: confirmPopupAuthentication()));
  app.get('/auth/facebook', handler);
  
  // Use a comma to try multiple strategies!!!
  //
  // Each strategy is run sequentially. If one succeeds, the loop ends.
  // Authentication failures will just cause the loop to continue.
  // 
  // If the last strategy throws an authentication failure, then
  // a `401 Not Authenticated` is thrown.
  var chainedHandler = auth.authenticate(
    ['basic','facebook'],
    authOptions
  );
}

This renders a simple HTML page that fires the user's JWT as a token event in window.opener. angel3_client exposes this as a Stream:

app.authenticateViaPopup('/auth/google').listen((jwt) {
  // Do something with the JWT
});