A flutter package for authentication with DAuth(an OAuth2 based SSO (Single Sign On) for NITT students) authorisations service on behalf of the resource-owner/user.

Overview

A flutter package for authentication with DAuth(an OAuth2 based SSO (Single Sign On) for NITT students) authorisations service on behalf of the resource-owner/user. DAuth lets the application developers securely get access to users’ data without users having to share their passwords.

DAuth allows a Client-App (the program using this library) to access and manipulate a resource that's owned by a resource owner (the end user) and lives on a remote server. The Client-App directs the resource owner to dauth authorization server, where the resource owner tells the authorization server to give the Client-App an access token. This token serves as proof that the client has permission to access resources on behalf of the resource owner.

Note: OAuth2 provides several different methods for the client to obtain authorization.But, currently This package only supports Authorisation Code Grant

Features

AuthorisationCodeGrant

  • This Package Allows user to get the authorized token by calling fetchToken(authorizationRequest), which automates the following workflow:
    • Generates authorizationUrl using the provided authorizationRequest in the parameter.
    • Opens up a webView with the generated authorizationUrl and Listens to the NavigationRequests.
    • Allows user to enable permissions to Client-App to access the resource of the user from Dauth-Resource-Provider.
    • After Authentication server redirects to the registered redirect_uri and code is fetched by listening to the NavigationRequest.
    • Using the code as body parameter a post-request is automated to retrive the token.
  • Once the tokenResponse is fetched the user can send a post request using fetchResources(token) and get the protectedResources based on the Scope mentioned.

DataTypes

DataTypes Parameters Description
ResultResponse<<T,String>> dynamic response,String message Wraps Http response-body with response-status-message.
ResourceResponse String? tokenType, String? accessToken, String? state, int? expiresIn,String? idToken,String? status,ErrorResponse? errorResponse Response-body returned from fetchResources() request
TokenResponse String? email,String? id,String? name,String? phoneNumber,String? gender,DateTime? createdAt,DateTime? updatedAt, Response-body returned from fetchToken() request
Scope bool isOpenId, bool isEmail, bool isProfile, bool isUser Consists of 4 boolean parameters to enable SCOPE of Resource Access
TokenRequest String? clientId,String? clientSecret,String? redirectUri,String? responseType,String? grantType,String? state,String? scope,String? nonce Request-Parameter for fetchToken()

Methods

Methods Parameters
ResultResponse<<TokenResponse,String>> fetchToken() TokenRequest request
ResultResponse<<ResourceResponse,String>> fetchResource() String access_token
Widget DauthButton() Function OnPressed: (Response<TokenResponse,String> res){}

Getting started

To use this package:

  • Run the following command in terminal
    • flutter pub get flutter_dauth
      
      OR
  • Add the following in pubspec.yaml file
    • dependencies:
          flutter:
              sdk: flutter
          flutter_dauth:   

Usage

Following is an example of Authorization Grant Code using this package.

void main() {
  runApp(const MyApp());
}

class MyApp extends StatelessWidget {
  const MyApp({Key? key}) : super(key: key);

  @override
  Widget build(BuildContext context) => const MaterialApp(
        debugShowCheckedModeBanner: false,
        home: HomePage(),
      );
}

class HomePage extends StatefulWidget {
  const HomePage({Key? key}) : super(key: key);
  @override
  State<StatefulWidget> createState() => HomeState();
}

class HomeState extends State<HomePage> {
  //A string object used in Text() widget as data.
  String _exampleText = 'Flutter Application';

  //Create a TokenRequest Object
  final dauth.TokenRequest _request = TokenRequest(
      //Your Client-Id provided by Dauth Server at the time of registration.
      clientId: 'YOUR CLIENT ID',
      //Your Client-Secret provided by Dauth Server at the time of registration.
      clientSecret: 'YOUR CLIENT SECRET',
      //redirectUri provided by You to Dauth Server at the time of registration.
      redirectUri: 'YOUR REDIRECT URI',
      //A String which will retured with access_token for token verification in client side.
      state: 'STATE',
      //setting isUser to true to retrive UserDetails in ResourceResponse from Dauth server.
      scope: const dauth.Scope(isUser: true));

  @override
  Widget build(BuildContext context) => SafeArea(
          child: Scaffold(
              body: Container(
        color: Colors.blueGrey,
        child: Stack(
          children: [
            Center(
                child: Text(
              _exampleText,
              style: const TextStyle(fontSize: 30, fontWeight: FontWeight.bold),
            )),
            Positioned(
                left: 50,
                right: 50,
                bottom: 10,
                //DAuth button returns TokenResponse and ResponseMessage when pressed.
                child: dauth.DauthButton(
                    request: _request,
                    onPressed:
                        (dauth.ResultResponse<dauth.TokenResponse, String>
                            res) {
                      //changes the exampleText as Token_TYPE: <YOUR_TOKEN> from the previous string if the response is success'
                      if (res.message == 'success') {
                        setState(() {
                          _exampleText = 'Token_TYPE: ' +
                              (res.response as dauth.TokenResponse)
                                  .tokenType
                                  .toString();
                        });
                      }
                    }))
          ],
        ),
      )));
}

Issues/Upcoming Changes

  • To Ensure Security issues related to Interception attacks PKCE will be added with Authorisation Code Grant.
  • DAuth only supports Authorisation Grant Flow at the time of writing supports, in future more methods will be added and flutter_dauth will also be updated accordingly.

Credits

This package wouldn't be possible without the following:

  • webviewx : for opening AuthorizationUrl in WebView and Listening to NavigationRequest
  • https : for HTTP requests to the Dauth-Server.

License

You might also like...

Flutter plugin for authenticating a user with a web service

Flutter plugin for authenticating a user with a web service

A Flutter plugin for authenticating a user with a web service, even if the web service is run by a third party. Most commonly used with OAuth2, but can be used with any web flow that can redirect to a custom scheme.

Nov 24, 2022

Attendancelist - App to add Students attendance based on roll numbers and calculate percentage.

attedance A new Flutter project. Getting Started This project is a starting point for a Flutter application. A few resources to get you started if thi

Jan 1, 2022

A Flutter package for generating sign in buttons for different social media accounts.

A Flutter package for generating sign in buttons for different social media accounts.

Sign In Button A Flutter plugin for generating sign in buttons for different social media accounts. Getting Started You must add the library as a depe

Oct 5, 2022

Flutter package implements Sign Google redirect(working for incognito mode)

google_sign_in_web_redirect Flutter package implements Sign Google redirect(working for incognito mode). Usage Import the package dependencies: goog

Oct 24, 2022

Lite version of smart_select package, zero dependencies, an easy way to provide a single or multiple choice chips.

Lite version of smart_select package, zero dependencies, an easy way to provide a single or multiple choice chips.

Lite version of smart_select package, zero dependencies, an easy way to provide a single or multiple choice chips. What's New in Version 2.x.x Added p

Nov 10, 2022

Push Notification service for anime episodes and news. The episode updates will be based on actual upload on the internet and NOT Japan tv schedule as other apps do.

Push Notification service for anime episodes and news. The episode updates will be based on actual upload on the internet and NOT Japan tv schedule as other apps do.

Quantz Push Notification service for anime episodes and news. Features Sub and dub - get notified with latest anime episodes on the internet. Ongoing

Nov 3, 2022

Flutter user authentication with back-end handler

Flutter user authentication with back-end handler

user_auth Dart - Backend user auth helpe, with common methods Show some ❤️ and star the repo usage import package:user_auth/user_auth.dart. create ins

Jan 2, 2022

A chat💬 application📱 developed using Flutter and Firebase along with feature of user authentication👩🏼‍💻

Chitty-Chat A chat 💬 application 📱 developed using Flutter and Firebase along with feature of user authentication👩🏼‍💻. Along with it, it has the

Sep 26, 2022
Comments
  • [Feat] : Add PKCE for Authorization Code Flow

    [Feat] : Add PKCE for Authorization Code Flow

    In this PR,

    • To Secure clients using Authorization Code Flow from intercept attack PKCE is added.
      • Instead of client_secret, client app sends code_challenge in authorizationEndPoint.
        • code_challenge is a SHA256 encoded string of code_verifier.
        • code_verifier is a long string which can be provided by client else it is auto-generated by the package.
      • Then code_verifier and the code received as response fromauthorizationEndPoint is passed to tokenEndPoint to receive the access_token.
    • Updated README.md and CHANGELOGS.md
    opened by Muhesh7 0
  • [Feat] : Add Mock-HTTP-Tests, gitHooks & githubActions

    [Feat] : Add Mock-HTTP-Tests, gitHooks & githubActions

    In this PR,

    • Added Test cases
      • Test for checking the authorisationUrl format
      • Test for checking the Mock Http response of TokenEndpoint
    • Added Github Workflow for main branch
      • Runs in ubuntu-latest
      • caches-flutter-dependencies
      • if pull_request
        • runs flutter format
        • runs flutter analyse
      • if pull
        • runs flutter test
    • Added Git hooks for main branch
      • pre-commit
        • runs flutter format .
        • runs flutter Analyse
      • pre-push
        • checks for un-committed files
        • runs flutter test
    opened by Muhesh7 0
  • [Feat]: Add Documentation Comments

    [Feat]: Add Documentation Comments

    In This PR

    • Fixed the bug where loading Screen sometimes still keeps on loading even when the webView is loaded. - This is caused by an unhandled exception when the widget rebuilds itself Future is Completed Already - This is Fixed by adding a if check which checks if the future is completed already before calling the complete() if(!completer.isCompleted) completer.complete(true)
    • Added Dart Documentation Comments for Every files. - This displays the description of a class or object when user Hovers his mouse on the class/methods.
    • Updated the README.md with the newly refractor methods and Objects.
    opened by Muhesh7 0
  • [Feat]:Implement Authorization Code Grant

    [Feat]:Implement Authorization Code Grant

    In this PR

    • Implemented API class to fetchAccessToken and fetchProtectedResources from Dauth server.
    • Implemented Dauth helper class for Authorization Code Grant Flow by performing the following:
      • Takes AuthorizationRequest as Input.
        • AuthorizationRequest includes:
          • client_id : [Obtained during App registration in Dauth Website]
          • client_secret: [Obtained during App registration in Dauth Website]
          • redirect_uri : [Preferably the one given during App registration in Dauth Website]
          • state : [Returned along with Token for verification of token.(Prevents CSRF attacks)]
          • scope : [Includes feature of requesting openId, email, phone_number, profile of the resource owner]
          • request_type : [By Default it has value of 'code' for Authorization Code Grant Flow]
          • grant_type : [By Default it has value of 'authorization_code' for Authorization Code Grant Flow]
      • Automate the Authorization Code Grant Flow by: - Opening WebView with AuthorizationUrl. - Dauth Automatically takes care of authentication proccess and navigates to redirect_uri - By listening to the NavigationRequest provided by webView Widget we retrieve the code as a response. - Using the code a post request is automated to tokenEndPoint and we receive the access token as a response.
      • Using the Access token user can request for protectedResources specified in the scope.
    opened by Muhesh7 0
6.SignIn SignUp-UI - SIGN IN And SIGN UP UI For Flutter

SIGN IN & SIGN UP UI Text Fields Box Shadow Gradient resizeToAvoidBottomInset Ri

Tukhtamurodov Sardorbek 3 May 16, 2022
A pure Dart package for working with RDF (resource description framework).

RDFLib A pure Dart package for working with RDF (resource description framework). Features Create triple instances (with data types) Create a graph to

null 4 Nov 21, 2022
Resource monitor - A flutter plugin for Android and IOS to monitor CPU and RAM usage of device.

resource_monitor A flutter plugin for Android and IOS to monitor CPU and RAM usage of device. TODO Return overall system cpu/memory usage. Implement A

Skandar Munir 1 Nov 11, 2022
This is a simple client of Reddit built with MVVM and Provider powered by a custom OAuth2.0 login

?? ?? ?? Flutter Starter Architecture (MVVM + Hive) My custom starter project for Flutter apps. I was looking for a simple way to build Flutter app in

Junior Medehou 13 Oct 26, 2022
This is a simple client of Reddit built with MVVM and Provider powered by a custom OAuth2.0 login

?? ?? ?? Flutter Starter Architecture (MVVM + Hive) My custom starter project for Flutter apps. I was looking for a simple way to build Flutter app in

Junior Medehou 13 Oct 26, 2022
Imports resource files as string or binary literals in Dart code.

resource_importer Imports resource files as string or binary literals in Dart code. What? resource_importer probably is best described with an example

James D. Lin 1 May 21, 2022
Home-Service-App - Home Service App Built With Flutter

Home-Service-App Home Service App Sample Images

Justin Roy 2 Sep 4, 2022
Our application, MyArmyPal serves to be an all in one service for our service men.

Our application, MyArmyPal serves to be an all in one service for our service men. It seeks to provide convenience and useful features just one tap away. Its main features include an IPPT Calculator, reservist checklist, customized IPPT training plan according to the user's current fitness level and a canteen order pick up service in all army camps. We are also implementing an anytime Eliss system using computer vision for users to check on their push up form easily.

Poh Wei Pin 3 Jun 17, 2022
This is an auction application just like eBay. Using firebase as the backend for signup & sign-in functionality. In addition to that, it's a two pages application with user bid in input and count down view.

Nilam This is an auction application just like eBay. Using firebase as the backend for signup & sign-in functionality. In addition to that, it's a two

Md. Siam 5 Nov 9, 2022