google_oauth2_jwt 0.4.1

  • README.md
  • CHANGELOG.md
  • Installing
  • Versions
  • 0

google-oauth2-jwt #

Build Status

Introduction #

This is a parser and validator for the Google OAuth2 JWT id tokens received when a client authenticates with Google's OAuth2 servers.

Usage #

To decode the contents of the id_token field in an authorization result

JsonWebToken<GoogleClaimSet> jwt = decodeGoogleIdToken(idToken);

All claims can then be accessed through jwt.claimSet

String email = jwt.claimSet.email;
bool emailVerified = jwt.claimSet.emailVerified;

Validating the claims checks for expiry, and token or code tampering

GoogleClaimSetValidationContext validationContext =
    new GoogleClaimSetValidationContext(
        accessToken: 'the-token',
        code: 'the-code');

Set<ConstraintViolation> violations = jwt.claimSet.validate(validationContext);
if (violations > 0) {
  // Id token is expired or claims may have been tampered with.
  throw new Exception(violations.join(', '));
}

Example #

This is a complete example of how it would typically be used.

var authResult = {
  'access_token': 'rYgpM7eIkUcd9e8hg9Fq2j_ai_-zvTjrKv_leEo_ra87TJgwvBWi929ThwZHp',
  'code': 'qxz9kz2IJBLLfRAdvdUxxtIepI3VTMxin9h4hP2cS6MNKA34_XrNbwl_CYGRs1',
  'id_token': {
    'iat': 1410770387,
    'exp': 1410774287,
    'iss': 'accounts.google.com',
    'sub': '12345678901234567890',
    'aud': '1234567890-youramazingapp.apps.googleusercontent.com',
    'at_hash': 'dxgKHVb2pl9g30gzBN0gog',
    'azp': '1234567890-youramazingapp.apps.googleusercontent.com',
    'c_hash': 'Yk8AmAWG2HFgSvGgTGeU-g',
    'email': 'email@example.com',
    'email_verified': false,
    'hd': 'example.com'
  }
};

JsonWebToken<GoogleClaimSet> jwt = decodeGoogleIdToken(authResult['id_token']);

GoogleClaimSetValidationContext validationContext =
    new GoogleClaimSetValidationContext(
        accessToken: authResult['access_token'],
        code: authResult['code']);

Set<ConstraintViolation> violations = jwt.claimSet.validate(validationContext);
if (violations > 0) {
  // Beware! Claims may have been tampered with.
  throw new Exception(violations.join(', '));
}

// The claims made are authentic.

More information #

More information about OpenID Connect and OAuth 2.0 can be found on the links below:

0.4.1 #

  • Enable autopublishing from CI

0.4.0 #

  • Rename library file according to pub guidelines

0.3.0 #

  • Upgrade dependencies and refactor package accordingly

0.2.1 #

  • Change pub version strings to older format

0.2.0 #

  • Use official dart-jwt as this now supports RSA keys as Google JWT claim sets requires
  • Switch to cipher package instead of depending on Google APIs Auth functions

0.1.0 #

  • Implement access_token, code and expiry validation

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  google_oauth2_jwt: ^0.4.1

2. Install it

You can install packages from the command line:

with pub:


$ pub get

Alternatively, your editor might support pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:google_oauth2_jwt/google_oauth2_jwt.dart';
  
Version Uploaded Documentation Archive
0.4.1 Sep 17, 2016 Go to the documentation of google_oauth2_jwt 0.4.1 Download google_oauth2_jwt 0.4.1 archive
0.4.0 Sep 17, 2016 Go to the documentation of google_oauth2_jwt 0.4.0 Download google_oauth2_jwt 0.4.0 archive
0.2.1 Jun 21, 2015 Go to the documentation of google_oauth2_jwt 0.2.1 Download google_oauth2_jwt 0.2.1 archive
0.1.0 Sep 15, 2014 Go to the documentation of google_oauth2_jwt 0.1.0 Download google_oauth2_jwt 0.1.0 archive
0.0.2 Sep 15, 2014 Go to the documentation of google_oauth2_jwt 0.0.2 Download google_oauth2_jwt 0.0.2 archive
0.0.1+1 Sep 14, 2014 Go to the documentation of google_oauth2_jwt 0.0.1+1 Download google_oauth2_jwt 0.0.1+1 archive
Popularity:
Describes how popular the package is relative to other packages. [more]
0
Health:
Code health derived from static analysis. [more]
--
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
--
Overall:
Weighted score of the above. [more]
0
Learn more about scoring.

The package version is not analyzed, because it does not support Dart 2. Until this is resolved, the package will receive a health and maintenance score of 0.

Analysis issues and suggestions

Support Dart 2 in pubspec.yaml.

The SDK constraint in pubspec.yaml doesn't allow the Dart 2.0.0 release. For information about upgrading it to be Dart 2 compatible, please see https://www.dartlang.org/dart-2#migration.

Maintenance issues and suggestions

Make sure dartdoc successfully runs on your package's source files. (-10 points)

Dependencies were not resolved.