google_oauth2_jwt 0.4.1

  • README.md
  • CHANGELOG.md
  • Installing
  • Versions
  • 35

google-oauth2-jwt

Build Status

Introduction

This is a parser and validator for the Google OAuth2 JWT id tokens received when a client authenticates with Google's OAuth2 servers.

Usage

To decode the contents of the id_token field in an authorization result

JsonWebToken<GoogleClaimSet> jwt = decodeGoogleIdToken(idToken);

All claims can then be accessed through jwt.claimSet

String email = jwt.claimSet.email;
bool emailVerified = jwt.claimSet.emailVerified;

Validating the claims checks for expiry, and token or code tampering

GoogleClaimSetValidationContext validationContext =
    new GoogleClaimSetValidationContext(
        accessToken: 'the-token',
        code: 'the-code');

Set<ConstraintViolation> violations = jwt.claimSet.validate(validationContext);
if (violations > 0) {
  // Id token is expired or claims may have been tampered with.
  throw new Exception(violations.join(', '));
}

Example

This is a complete example of how it would typically be used.

var authResult = {
  'access_token': 'rYgpM7eIkUcd9e8hg9Fq2j_ai_-zvTjrKv_leEo_ra87TJgwvBWi929ThwZHp',
  'code': 'qxz9kz2IJBLLfRAdvdUxxtIepI3VTMxin9h4hP2cS6MNKA34_XrNbwl_CYGRs1',
  'id_token': {
    'iat': 1410770387,
    'exp': 1410774287,
    'iss': 'accounts.google.com',
    'sub': '12345678901234567890',
    'aud': '1234567890-youramazingapp.apps.googleusercontent.com',
    'at_hash': 'dxgKHVb2pl9g30gzBN0gog',
    'azp': '1234567890-youramazingapp.apps.googleusercontent.com',
    'c_hash': 'Yk8AmAWG2HFgSvGgTGeU-g',
    'email': 'email@example.com',
    'email_verified': false,
    'hd': 'example.com'
  }
};

JsonWebToken<GoogleClaimSet> jwt = decodeGoogleIdToken(authResult['id_token']);

GoogleClaimSetValidationContext validationContext =
    new GoogleClaimSetValidationContext(
        accessToken: authResult['access_token'],
        code: authResult['code']);

Set<ConstraintViolation> violations = jwt.claimSet.validate(validationContext);
if (violations > 0) {
  // Beware! Claims may have been tampered with.
  throw new Exception(violations.join(', '));
}

// The claims made are authentic.

More information

More information about OpenID Connect and OAuth 2.0 can be found on the links below:

0.4.1

  • Enable autopublishing from CI

0.4.0

  • Rename library file according to pub guidelines

0.3.0

  • Upgrade dependencies and refactor package accordingly

0.2.1

  • Change pub version strings to older format

0.2.0

  • Use official dart-jwt as this now supports RSA keys as Google JWT claim sets requires
  • Switch to cipher package instead of depending on Google APIs Auth functions

0.1.0

  • Implement access_token, code and expiry validation

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  google_oauth2_jwt: "^0.4.1"

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter packages get

Alternatively, your editor might support pub get or packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:google_oauth2_jwt/google_oauth2_jwt.dart';
        
Version Uploaded Documentation Archive
0.4.1 Sep 17, 2016 Go to the documentation of google_oauth2_jwt 0.4.1 Download google_oauth2_jwt 0.4.1 archive
0.4.0 Sep 17, 2016 Go to the documentation of google_oauth2_jwt 0.4.0 Download google_oauth2_jwt 0.4.0 archive
0.2.1 Jun 21, 2015 Go to the documentation of google_oauth2_jwt 0.2.1 Download google_oauth2_jwt 0.2.1 archive
0.1.0 Sep 15, 2014 Go to the documentation of google_oauth2_jwt 0.1.0 Download google_oauth2_jwt 0.1.0 archive
0.0.2 Sep 15, 2014 Go to the documentation of google_oauth2_jwt 0.0.2 Download google_oauth2_jwt 0.0.2 archive
0.0.1+1 Sep 14, 2014 Go to the documentation of google_oauth2_jwt 0.0.1+1 Download google_oauth2_jwt 0.0.1+1 archive

Analysis

We analyzed this package on Apr 23, 2018, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.0.0-dev.49.0
  • pana: 0.10.6

Scores

Popularity:
Describes how popular the package is relative to other packages. [more]
17 / 100
Health:
Code health derived from static analysis. [more]
63 / 100
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
39 / 100
Overall score:
Weighted score of the above. [more]
35
Learn more about scoring.

Platforms

Detected platforms: Flutter, web, other

No platform restriction found in primary library package:google_oauth2_jwt/google_oauth2_jwt.dart.

Suggestions

  • Fix analysis and formatting issues.

    Analysis or formatting checks reported 2 errors.

    Strong-mode analysis of lib/src/token.dart failed with the following error:

    line: 51 col: 9
    super call must be last in an initializer list (see https://goo.gl/EY6hDP): 'super.fromJson(json)'.

  • The description is too short.

    Add more detail about the package, what it does and what is its target use case. Try to write at least 60 characters.

  • Package is pre-v1 release.

    While there is nothing inherently wrong with versions of 0.*.*, it usually means that the author is still experimenting with the general direction API.

  • Maintain an example.

    Create a short demo in the example/ directory to show how to use this package. Common file name patterns include: main.dart, example.dart or you could also use google_oauth2_jwt.dart.

Dependencies

Package Constraint Resolved Available
Direct dependencies
crypto >=0.9.2 <3.0.0 2.0.2+1
cryptoutils >=0.2.0 <0.3.0 0.2.0+2 0.3.0
dart_jwt >=0.5.1 <0.6.0 0.5.2 0.6.0
Transitive dependencies
analyzer 0.27.6 0.31.1
args 0.13.7 1.4.2
async 2.0.6
charcode 1.1.1
cli_util 0.0.1+2 0.1.2+1
collection 1.14.9
convert 2.0.1
csslib 0.14.1
dart_style 0.2.11+1 1.0.10
fixnum 0.9.1+2 0.10.7
glob 1.1.5
html 0.13.3
isolate 0.2.3 2.0.0
logging 0.11.3+1
matcher 0.12.2
package_config 1.0.3
path 1.5.1
plugin 0.2.0+2
quiver 0.21.4 0.29.0+1
source_gen 0.4.8 0.8.1
source_span 1.4.0
stack_trace 1.9.2
string_scanner 1.0.2
typed_data 1.1.5
utf 0.9.0+4
watcher 0.9.7+7
when 0.2.0
which 0.1.3
yaml 2.1.13
zengen 0.3.2 0.4.0
Dev dependencies
asn1lib >=0.4.2 <0.5.0
bignum any 0.0.7 0.1.0
cipher >=0.7.1 <0.8.0 0.7.1
test >=0.12.15+6 <0.13.0