- @httpPost
Creates or refreshes an authentication token.
When grant_type is 'password', there must be username and password values. When grant_type is 'refresh_token', there must be a refresh_token value. When grant_type is 'authorization_code', there must be a authorization_code value.
This endpoint requires client authentication. The Authorization header must include a valid Client ID and Secret in the Basic authorization scheme format.
Source
@httpPost Future<Response> create( {@HTTPQuery("username") String username, @HTTPQuery("password") String password, @HTTPQuery("refresh_token") String refreshToken, @HTTPQuery("code") String authCode, @HTTPQuery("grant_type") String grantType, @HTTPQuery("scope") String scope}) async { AuthBasicCredentials basicRecord; try { basicRecord = AuthorizationBasicParser.parse(authHeader); } on AuthorizationParserException catch (_) { return _responseForError(AuthRequestError.invalidClient); } try { var scopes = scope ?.split(" ") ?.map((s) => new AuthScope(s)) ?.toList(); if (grantType == "password") { var token = await authServer.authenticate( username, password, basicRecord.username, basicRecord.password, requestedScopes: scopes); return AuthController.tokenResponse(token); } else if (grantType == "refresh_token") { var token = await authServer.refresh( refreshToken, basicRecord.username, basicRecord.password, requestedScopes: scopes); return AuthController.tokenResponse(token); } else if (grantType == "authorization_code") { if (scope != null) { return _responseForError(AuthRequestError.invalidRequest); } var token = await authServer.exchange( authCode, basicRecord.username, basicRecord.password); return AuthController.tokenResponse(token); } else if (grantType == null) { return _responseForError(AuthRequestError.invalidRequest); } } on FormatException { return _responseForError(AuthRequestError.invalidScope); } on AuthServerException catch (e) { return _responseForError(e.reason); } return _responseForError(AuthRequestError.unsupportedGrantType); }