google_oauth2_jwt 0.4.1

  • README.md
  • CHANGELOG.md
  • Installing
  • Versions
  • 0

google-oauth2-jwt

Build Status

Introduction

This is a parser and validator for the Google OAuth2 JWT id tokens received when a client authenticates with Google's OAuth2 servers.

Usage

To decode the contents of the id_token field in an authorization result

JsonWebToken<GoogleClaimSet> jwt = decodeGoogleIdToken(idToken);

All claims can then be accessed through jwt.claimSet

String email = jwt.claimSet.email;
bool emailVerified = jwt.claimSet.emailVerified;

Validating the claims checks for expiry, and token or code tampering

GoogleClaimSetValidationContext validationContext =
    new GoogleClaimSetValidationContext(
        accessToken: 'the-token',
        code: 'the-code');

Set<ConstraintViolation> violations = jwt.claimSet.validate(validationContext);
if (violations > 0) {
  // Id token is expired or claims may have been tampered with.
  throw new Exception(violations.join(', '));
}

Example

This is a complete example of how it would typically be used.

var authResult = {
  'access_token': 'rYgpM7eIkUcd9e8hg9Fq2j_ai_-zvTjrKv_leEo_ra87TJgwvBWi929ThwZHp',
  'code': 'qxz9kz2IJBLLfRAdvdUxxtIepI3VTMxin9h4hP2cS6MNKA34_XrNbwl_CYGRs1',
  'id_token': {
    'iat': 1410770387,
    'exp': 1410774287,
    'iss': 'accounts.google.com',
    'sub': '12345678901234567890',
    'aud': '1234567890-youramazingapp.apps.googleusercontent.com',
    'at_hash': 'dxgKHVb2pl9g30gzBN0gog',
    'azp': '1234567890-youramazingapp.apps.googleusercontent.com',
    'c_hash': 'Yk8AmAWG2HFgSvGgTGeU-g',
    'email': 'email@example.com',
    'email_verified': false,
    'hd': 'example.com'
  }
};

JsonWebToken<GoogleClaimSet> jwt = decodeGoogleIdToken(authResult['id_token']);

GoogleClaimSetValidationContext validationContext =
    new GoogleClaimSetValidationContext(
        accessToken: authResult['access_token'],
        code: authResult['code']);

Set<ConstraintViolation> violations = jwt.claimSet.validate(validationContext);
if (violations > 0) {
  // Beware! Claims may have been tampered with.
  throw new Exception(violations.join(', '));
}

// The claims made are authentic.

More information

More information about OpenID Connect and OAuth 2.0 can be found on the links below:

0.4.1

  • Enable autopublishing from CI

0.4.0

  • Rename library file according to pub guidelines

0.3.0

  • Upgrade dependencies and refactor package accordingly

0.2.1

  • Change pub version strings to older format

0.2.0

  • Use official dart-jwt as this now supports RSA keys as Google JWT claim sets requires
  • Switch to cipher package instead of depending on Google APIs Auth functions

0.1.0

  • Implement access_token, code and expiry validation

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  google_oauth2_jwt: ^0.4.1

2. Install it

You can install packages from the command line:

with pub:


$ pub get

Alternatively, your editor might support pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:google_oauth2_jwt/google_oauth2_jwt.dart';
  
Version Uploaded Documentation Archive
0.4.1 Sep 17, 2016 Go to the documentation of google_oauth2_jwt 0.4.1 Download google_oauth2_jwt 0.4.1 archive
0.4.0 Sep 17, 2016 Go to the documentation of google_oauth2_jwt 0.4.0 Download google_oauth2_jwt 0.4.0 archive
0.2.1 Jun 21, 2015 Go to the documentation of google_oauth2_jwt 0.2.1 Download google_oauth2_jwt 0.2.1 archive
0.1.0 Sep 15, 2014 Go to the documentation of google_oauth2_jwt 0.1.0 Download google_oauth2_jwt 0.1.0 archive
0.0.2 Sep 15, 2014 Go to the documentation of google_oauth2_jwt 0.0.2 Download google_oauth2_jwt 0.0.2 archive
0.0.1+1 Sep 14, 2014 Go to the documentation of google_oauth2_jwt 0.0.1+1 Download google_oauth2_jwt 0.0.1+1 archive
Popularity:
Describes how popular the package is relative to other packages. [more]
0
Health:
Code health derived from static analysis. [more]
--
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
--
Overall:
Weighted score of the above. [more]
0
Learn more about scoring.

The package version is not analyzed, because it does not support Dart 2. Until this is resolved, the package will receive a health and maintenance score of 0.

Analysis issues and suggestions

Fix dependencies in pubspec.yaml.

Running pub upgrade failed with the following output:

ERR: The current Dart SDK version is 2.1.0.
 
 Because google_oauth2_jwt depends on dart_jwt >=0.1.0+1 which requires SDK version >=1.2.0 <2.0.0, version solving failed.

Health suggestions

Format lib/src/token.dart.

Run dartfmt to format lib/src/token.dart.

Maintenance issues and suggestions

Add SDK constraint in pubspec.yaml. (-50 points)

For information about setting SDK constraint, please see https://www.dartlang.org/tools/pub/pubspec#sdk-constraints.

Fix platform conflicts. (-20 points)

Error(s) prevent platform classification:

Fix dependencies in pubspec.yaml.

Running dartdoc failed. (-10 points)

Make sure dartdoc runs without any issues.

Package is too old. (-100 points)

The package was released more than two years ago.

The description is too short. (-20 points)

Add more detail about the package, what it does and what is its target use case. Try to write at least 60 characters.

Maintain an example. (-10 points)

Create a short demo in the example/ directory to show how to use this package. Common file name patterns include: main.dart, example.dart or you could also use google_oauth2_jwt.dart.