AuthServer class

A storage-agnostic OAuth 2.0 authorization 'server'.

Instances of this type will carry out authentication and authorization tasks. They are created during a RequestSink's initialization process and injected in Authorizers, AuthCodeController and AuthController instances.

An AuthServer requires storage. This is typically implemented by using ManagedAuthStorage from package:aqueduct/managed_auth.dart.

It's atypical to invoke methods directly on instances of this type - Authorizer, AuthCodeController and AuthController take care of that.

An example:

    import 'package:aqueduct/aqueduct.dart';
    import 'package:aqueduct/managed_auth.dart';

    class MyRequestSink extends RequestSink {
      MyRequestSink(ApplicationConfiguration config) : super (config) {
        context = createContext();
        authServer = new AuthServer(new ManagedAuthStorage<User>(context));

      ManagedContext context;
      AuthServer authServer;

      void setupRouter(Router router) {
          .pipe(new Authorizer(authServer))
          .generate(() => new ProtectedResourceController());

          .generate(() => new AuthController(authServer));


AuthServer(AuthStorage storage, { int hashRounds: 1000, int hashLength: 32, Hash hashFunction })
Creates a new instance of an AuthServer with a storage. [...]


hashFunction Hash
The Hash function used by the PBKDF2 algorithm to generate password hashes by this instance.
hashLength int
The resulting key length of a password hash when generated by this instance.
hashRounds int
The number of hashing rounds performed by this instance when validating a password.
storage AuthStorage
The object responsible for carrying out the storage mechanisms of this instance. [...]
read / write
documentableChild APIDocumentable
Returns the next documentable object in a chain of documentable objects. [...]
read-only, inherited
hashCode int
The hash code for this object. [...]
read-only, inherited
runtimeType Type
A representation of the runtime type of the object.
read-only, inherited


authenticate(String username, String password, String clientID, String clientSecret, { Duration expiration: const Duration(hours: 24), List<AuthScope> requestedScopes }) Future<AuthToken>
Authenticates a username and password of an Authenticatable and returns an AuthToken upon success. [...]
authenticateForCode(String username, String password, String clientID, { int expirationInSeconds: 600, List<AuthScope> requestedScopes }) Future<AuthCode>
Creates a one-time use authorization code for a given client ID and user credentials. [...]
clientForID(String clientID) Future<AuthClient>
Returns a AuthClient record for its clientID. [...]
documentSecuritySchemes(PackagePathResolver resolver) Map<String, APISecurityScheme>
Returns all APISecuritySchemes this instance knows about.
exchange(String authCodeString, String clientID, String clientSecret, { int expirationInSeconds: 3600 }) Future<AuthToken>
Exchanges a valid authorization code for an AuthToken. [...]
fromBasicCredentials(AuthBasicCredentials credentials) Future<Authorization>
// //
fromBearerToken(String bearerToken, { List<AuthScope> scopesRequired }) Future<Authorization>
Returns an Authorization from a bearer token. [...]
hashPassword(String password, String salt) String
Hashes a password with salt using PBKDF2 algorithm. [...]
refresh(String refreshToken, String clientID, String clientSecret, { List<AuthScope> requestedScopes }) Future<AuthToken>
Refreshes a valid AuthToken instance. [...]
requirementsForStrategy(AuthStrategy strategy) List<APISecurityRequirement>
revokeAuthenticatableAccessForIdentifier(dynamic identifier) Future
Revokes access for an Authenticatable. [...]
revokeClientID(String clientID) Future
Revokes a AuthClient record. [...]
verify(String accessToken, { List<AuthScope> scopesRequired }) Future<Authorization>
Returns a Authorization for accessToken. [...]
documentAPI(PackagePathResolver resolver) APIDocument
Returns an entire APIDocument describing an OpenAPI specification. [...]
documentOperations(PackagePathResolver resolver) List<APIOperation>
Returns all APIOperations this object knows about.
documentPaths(PackagePathResolver resolver) List<APIPath>
Returns all APIPath objects this instance knows about. [...]
documentRequestBodyForOperation(APIOperation operation) APIRequestBody
Returns all APIRequestBodys for operation.
documentResponsesForOperation(APIOperation operation) List<APIResponse>
Returns all APIResponses for operation.
noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
toString() String
Returns a string representation of this object.


operator ==(dynamic other) bool
The equality operator. [...]


TokenTypeBearer → const String