Authorizer class

A Controller that validates the Authorization header of a request.

An instance of this type will validate that the authorization information in an Authorization header is sufficient to access the next controller in the channel.

For each request, this controller parses the authorization header, validates it with an AuthValidator and then create an Authorization object if successful. The Request keeps a reference to this Authorization and is then sent to the next controller in the channel.

If either parsing or validation fails, a 401 Unauthorized response is sent and the Request is removed from the channel.

Parsing occurs according to parser. The resulting value (e.g., username and password) is sent to validator. validator verifies this value (e.g., lookup a user in the database and verify their password matches).

Usage:

    router
      .route("/protected-route")
      .link(() =>new Authorizer.bearer(authServer))
      .link(() => new ProtectedResourceController());
Inheritance

Constructors

Authorizer(AuthValidator validator, { AuthorizationParser parser: const AuthorizationBearerParser(), List<String> scopes })
Creates an instance of Authorizer. [...]
Authorizer.basic(AuthValidator validator)
Creates an instance of Authorizer with Basic Authentication parsing. [...]
Authorizer.bearer(AuthValidator validator, { List<String> scopes })
Creates an instance of Authorizer with Bearer token parsing. [...]

Properties

parser AuthorizationParser
Parses the Authorization header. [...]
final
scopes List<AuthScope>
The list of required scopes. [...]
final
validator AuthValidator
The validating authorization object. [...]
final
hashCode int
The hash code for this object. [...]
read-only, inherited
logger Logger
An instance of the 'aqueduct' logger.
read-only, inherited
nextController Controller
Receives requests that this controller does not respond to. [...]
read-only, inherited
policy CORSPolicy
The CORS policy of this controller.
read / write, inherited
runtimeType Type
A representation of the runtime type of the object.
read-only, inherited

Methods

documentComponents(APIDocumentContext context) → void
documentOperations(APIDocumentContext context, String route, APIPath path) Map<String, APIOperation>
handle(Request request) FutureOr<RequestOrResponse>
The primary request handling method of this object. [...]
applyCORSHeadersIfNecessary(Request req, Response resp) → void
inherited
didAddToChannel() → void
Lifecycle callback, invoked after added to channel, but before any requests are served. [...]
inherited
documentPaths(APIDocumentContext context) Map<String, APIPath>
Tells this object to return all APIPaths it handles. [...]
inherited
handleError(Request request, dynamic caughtValue, StackTrace trace) Future
Sends an HTTP response for a request that yields an exception or error. [...]
inherited
Links a controller to the receiver to form a request channel. [...]
inherited
linkFunction(FutureOr<RequestOrResponse> handle(Request request)) Linkable
Links a function controller to the receiver to form a request channel. [...]
inherited
noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
inherited
receive(Request req) Future
Delivers req to this instance to be processed. [...]
inherited
toString() String
Returns a string representation of this object.
inherited
willSendResponse(Response response) → void
Executed prior to Response being sent. [...]
inherited

Operators

operator ==(dynamic other) bool
The equality operator. [...]
inherited