angel_auth #

A complete authentication plugin for Angel. Inspired by Passport.

Wiki #

Bundled Strategies #

Local (with and without Basic Auth)
Find other strategies (Twitter, Google, OAuth2, etc.) on Pub!!!

Example #

Ensure you have read the wiki.

configureServer(Angel app) async {
  var auth = AngelAuth<User>();
  auth.serializer = ...;
  auth.deserializer = ...;
  auth.strategies['local'] = LocalAuthStrategy(...);
  
  // POST route to handle username+password
  app.post('/local', auth.authenticate('local'));

  // Using Angel's asynchronous injections, we can parse the JWT
  // on demand. It won't be parsed until we check.
  app.get('/profile', ioc((User user) {
    print(user.description);
  }));
  
  // Use a comma to try multiple strategies!!!
  //
  // Each strategy is run sequentially. If one succeeds, the loop ends.
  // Authentication failures will just cause the loop to continue.
  // 
  // If the last strategy throws an authentication failure, then
  // a `401 Not Authenticated` is thrown.
  var chainedHandler = auth.authenticate(
    ['basic','facebook'],
    authOptions
  );
  
  // Apply angel_auth-specific configuration.
  await app.configure(auth.configureServer);
}

Default Authentication Callback #

A frequent use case within SPA's is opening OAuth login endpoints in a separate window. angel_client provides a facility for this, which works perfectly with the default callback provided in this package.

configureServer(Angel app) async {
  var handler = auth.authenticate(
    'facebook',
    AngelAuthOptions(callback: confirmPopupAuthentication()));
  app.get('/auth/facebook', handler);
  
  // Use a comma to try multiple strategies!!!
  //
  // Each strategy is run sequentially. If one succeeds, the loop ends.
  // Authentication failures will just cause the loop to continue.
  // 
  // If the last strategy throws an authentication failure, then
  // a `401 Not Authenticated` is thrown.
  var chainedHandler = auth.authenticate(
    ['basic','facebook'],
    authOptions
  );
}

This renders a simple HTML page that fires the user's JWT as a token event in window.opener. angel_client exposes this as a Stream:

app.authenticateViaPopup('/auth/google').listen((jwt) {
  // Do something with the JWT
});

2.1.5 #

Modify _apply to honor an existing User over Future<User>.

2.1.4 #

Deprecate decodeJwt, in favor of asynchronous injections.

2.1.3 #

Use await on redirects, etc.

2.1.2 #

Change empty cookie string to have double quotes (thanks @korsvanloon).

2.1.1 #

Added scopes to ExternalAuthOptions.

2.1.0 #

Added ExternalAuthOptions.

2.0.4 #

successRedirect was previously explicitly returning a 200; remove this and allow the default 302.

2.0.3 #

Updates for streaming parse of request bodies.

2.0.2 #

Handle null return in authenticate + failureRedirect.

2.0.1 #

Add generic parameter to options on AuthStrategy.authenticate.

2.0.0+1 #

Meta update to improve Pub score.

2.0.0 #

Made AuthStrategy generic.
AngelAuth.strategies is now a Map<String, AuthStrategy<User>>.
Removed AuthStrategy.canLogout.
Made AngelAuthTokenCallback generic.

2.0.0-alpha #

Depend on Dart 2 and Angel 2.
Remove dart2_constant.
Remove requireAuth.
Remove userKey, instead favoring generic parameters.

1.2.0 #

Deprecate requireAuth, in favor of requireAuthentication.
Allow configuring of the userKey.
Deprecate middlewareName.

1.1.1+6 #

Fix a small logic bug that prevented LocalAuthStrategy from correctly propagating the authenticated user when using Basic auth.

1.1.1+5 #

Prevent duplication of cookies.
Regenerate the JWT if tokenCallback is called.

1.1.1+4 #

Patched logout to properly erase cookies
Fixed checking of expired tokens.

1.1.1+3 #

authenticate returns the current user, if one is present.

1.1.1+2 #

_apply now always sends a token cookie.

1.1.1+1 #

Update protectCookie to only send maxAge when it is not -1.

1.1.1 #

Added protectCookie, to better protect data sent in cookies.

1.1.0+2 #

LocalAuthStrategy returns true on Basic authentication.

1.1.0+1 #

Modified LocalAuthStrategy's handling of Basic authentication.

example/example.dart

import 'dart:async';
import 'package:angel_auth/angel_auth.dart';
import 'package:angel_framework/angel_framework.dart';
import 'package:angel_framework/http.dart';

main() async {
  var app = Angel();
  var auth = AngelAuth<User>();

  auth.serializer = (user) => user.id;

  auth.deserializer = (id) => fetchAUserByIdSomehow(id);

  // Middleware to decode JWT's and inject a user object...
  await app.configure(auth.configureServer);

  auth.strategies['local'] = LocalAuthStrategy((username, password) {
    // Retrieve a user somehow...
    // If authentication succeeds, return a User object.
    //
    // Otherwise, return `null`.
  });

  app.post('/auth/local', auth.authenticate('local'));

  var http = AngelHttp(app);
  await http.startServer('127.0.0.1', 3000);

  print('Listening at http://127.0.0.1:3000');
}

class User {
  String id, username, password;
}

Future<User> fetchAUserByIdSomehow(id) async {
  // Fetch a user somehow...
  throw UnimplementedError();
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  angel_auth: ^2.1.5

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter packages get

Alternatively, your editor might support pub get or flutter packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:angel_auth/angel_auth.dart';

Version	Uploaded	Documentation	Archive
2.1.5	Apr 20, 2019
2.1.4	Apr 19, 2019
2.1.3	Apr 19, 2019
2.1.2	Apr 11, 2019
2.1.1	Jan 5, 2019
2.1.0	Jan 4, 2019
2.0.4	Dec 31, 2018
2.0.3	Dec 9, 2018
2.0.2	Nov 9, 2018
2.0.1	Sep 12, 2018

All 52 versions...

Popularity: Describes how popular the package is relative to other packages. [more]	79
Health: Code health derived from static analysis. [more]	100
Maintenance: Reflects how tidy and up-to-date the package is. [more]	100
Overall: Weighted score of the above. [more]	89

Learn more about scoring.

We analyzed this package on Apr 20, 2019, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

Dart: 2.2.0
pana: 0.12.14

Platforms

Detected platforms: Flutter, other

Primary library: package:angel_auth/angel_auth.dart with components: io.

Dependencies

Package	Constraint	Resolved
Direct dependencies
Dart SDK	>=2.0.0-dev <3.0.0
angel_framework	^2.0.0-rc.6	2.0.0-rc.8
charcode	^1.0.0	1.1.2
collection	^1.0.0	1.14.11
crypto	^2.0.0	2.0.6
http_parser	^3.0.0	3.1.3
meta	^1.0.0	1.1.7
quiver_hashcode	^2.0.0	2.0.0
Transitive dependencies
angel_container		1.0.4
angel_http_exception		1.1.0
angel_model		1.0.2
angel_route		3.0.6
code_buffer		1.0.1
combinator		1.1.0
convert		2.1.1
dart2_constant		1.0.2+dart2
file		5.0.7
http2		1.0.0
http_server		0.9.8+1
intl		0.15.8
matcher		0.12.5
merge_map		1.0.2
mime		0.9.6+2
mock_request		1.0.5
path		1.6.2
quiver		2.0.3
source_span		1.5.5
stack_trace		1.9.3
string_scanner		1.0.4
term_glyph		1.1.0
tuple		1.0.2
typed_data		1.1.6
uuid		2.0.1
Dev dependencies
http	^0.12.0
io	^0.3.2
logging	^0.11.0	0.11.3+2
pedantic	^1.0.0	1.5.0
test	^1.0.0

Dart pub

angel_auth 2.1.5