Authenticates a username and password of an Authenticatable and returns an AuthToken upon success.
This method works with this instance's storage to generate and store a new token if all credentials are correct. If credentials are not correct, it will throw the appropriate AuthRequestError.
After expiration
, this token will no longer be valid.
Source
Future<AuthToken> authenticate( String username, String password, String clientID, String clientSecret, {Duration expiration: const Duration(hours: 24), List<AuthScope> requestedScopes}) async { if (clientID == null) { throw new AuthServerException(AuthRequestError.invalidClient, null); } AuthClient client = await clientForID(clientID); if (client == null) { throw new AuthServerException(AuthRequestError.invalidClient, null); } if (username == null || password == null) { throw new AuthServerException(AuthRequestError.invalidRequest, client); } if (client.isPublic) { if (!(clientSecret == null || clientSecret == "")) { throw new AuthServerException(AuthRequestError.invalidClient, client); } } else { if (clientSecret == null) { throw new AuthServerException(AuthRequestError.invalidClient, client); } if (client.hashedSecret != hashPassword(clientSecret, client.salt)) { throw new AuthServerException(AuthRequestError.invalidClient, client); } } var authenticatable = await storage.fetchAuthenticatableByUsername(this, username); if (authenticatable == null) { throw new AuthServerException(AuthRequestError.invalidGrant, client); } var dbSalt = authenticatable.salt; var dbPassword = authenticatable.hashedPassword; var hash = hashPassword(password, dbSalt); if (hash != dbPassword) { throw new AuthServerException(AuthRequestError.invalidGrant, client); } List<AuthScope> validScopes = _validatedScopes(client, authenticatable, requestedScopes); AuthToken token = _generateToken( authenticatable.id, client.id, expiration.inSeconds, allowRefresh: !client.isPublic, scopes: validScopes); await storage.storeToken(this, token); return token; }