AuthClient generateAPICredentialPair(String clientID, String secret, { String redirectURI: null, int hashLength: 32, int hashRounds: 1000, Hash hashFunction })

A utility method to generate a ClientID and Client Secret Pair.

secret may be null. If secret is null, the return value is a 'public' client. Otherwise, the client is 'confidential'. Public clients must not include a client secret when sent to the authorization server. Confidential clients must include the secret in all requests. Use public clients when the source code of the client application is visible, i.e. a JavaScript browser application.

Any client that allows the authorization code flow must include redirectURI.

Note that secret is hashed with a randomly generated salt, and therefore cannot be retrieved later. The plain-text secret must be stored securely elsewhere.

Source

static AuthClient generateAPICredentialPair(String clientID, String secret,
    {String redirectURI: null, int hashLength: 32, int hashRounds: 1000, Hash hashFunction}) {
  if (secret == null) {
    if (redirectURI != null) {
      throw new AuthUtilityException(
          "Public API Clients cannot have a redirect URL");
    }
    return new AuthClient.withRedirectURI(clientID, null, null, redirectURI);
  }

  var salt = generateRandomSalt(hashLength: hashLength);
  var hashed = generatePasswordHash(secret, salt,
      hashRounds: hashRounds, hashLength: hashLength, hashFunction: hashFunction);

  return new AuthClient.withRedirectURI(clientID, hashed, salt, redirectURI);
}