AuthController class

HTTPController for issuing and refreshing OAuth 2.0 access tokens.

Instances of this class allow for the issuing and refreshing of access tokens and exchanging authorization codes (from a AuthCodeController) for access tokens.

Do not put an Authorizer in front of instances of this type. Instances of this type will validate authorization headers on its own.

This controller is typically hooked up to a route named /auth/token. It only accepts POST requests. Example:

  router.route("/auth/token").generate(() => new AuthController(authServer));

See create for more details.



AuthController(AuthServer authServer)
Creates a new instance of an AuthController. [...]


authHeader String
Required basic authorization header containing client ID and secret for the authenticating client. [...]
@HTTPHeader(HttpHeaders.AUTHORIZATION), read / write
authServer AuthServer
A reference to the AuthServer this controller uses to grant tokens.
read / write
acceptedContentTypes List<ContentType>
Types of content this HTTPController will accept. [...]
read / write, inherited
documentableChild APIDocumentable
Returns the next documentable object in a chain of documentable objects. [...]
read-only, inherited
hashCode int
The hash code for this object. [...]
read-only, inherited
logger Logger
An instance of the 'aqueduct' logger.
read-only, inherited
nextController RequestController
Receives requests that this controller does not respond to. [...]
read-only, inherited
pathVariables Map<String, String>
Parameters parsed from the URI of the request, if any exist. [...]
read-only, inherited
policy CORSPolicy
The CORS policy of this controller.
read / write, inherited
request Request
The request being processed by this HTTPController. [...]
read / write, inherited
responseContentType ContentType
The default content type of responses from this HTTPController. [...]
read / write, inherited
runtimeType Type
A representation of the runtime type of the object.
read-only, inherited


create({String username, String password, String refreshToken, String authCode, String grantType, String scope }) Future<Response>
Creates or refreshes an authentication token. [...]
documentOperations(PackagePathResolver resolver) List<APIOperation>
documentResponsesForOperation(APIOperation operation) List<APIResponse>
willSendResponse(Response response) → void
Executed prior to Response being sent. [...]
applyCORSHeadersIfNecessary(Request req, Response resp) → void
didDecodeRequestBody(HTTPRequestBody decodedObject) → void
Callback to indicate when a request body has been processed. [...]
documentAPI(PackagePathResolver resolver) APIDocument
Returns an entire APIDocument describing an OpenAPI specification. [...]
documentPaths(PackagePathResolver resolver) List<APIPath>
Returns all APIPath objects this instance knows about. [...]
documentRequestBodyForOperation(APIOperation operation) APIRequestBody
Returns all APIRequestBodys for operation.
documentSecuritySchemes(PackagePathResolver resolver) Map<String, APISecurityScheme>
Returns all APISecuritySchemes this instance knows about.
generate(RequestController instantiator()) RequestController
Sets the nextController that will receive a request after this one. [...]
handleError(Request request, dynamic caughtValue, StackTrace trace) Future<bool>
Sends an HTTP response for a request that yields an exception or error. [...]
listen(FutureOr<RequestOrResponse> process(Request request)) RequestController
Sets the nextController that will receive a request after this one. [...]
noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
pipe(RequestController next) RequestController
Sets the nextController that will receive a request after this one. [...]
processRequest(Request req) Future<RequestOrResponse>
Overridden by subclasses to modify or respond to an incoming request. [...]
receive(Request req) Future
Delivers req to this instance to be processed. [...]
toString() String
Returns a string representation of this object.
willDecodeRequestBody(HTTPRequestBody body) → void
Callback invoked prior to decoding a request body. [...]
willProcessRequest(Request req) FutureOr<RequestOrResponse>
Executed prior to handling a request, but after the request has been set. [...]


operator ==(dynamic other) bool
The equality operator. [...]

Static Methods

tokenResponse(AuthToken token) Response
Transforms a AuthToken into a Response object with an RFC6749 compliant JSON token as the HTTP response body.