A utility method to generate a ClientID and Client Secret Pair.
secret
may be null. If secret is null, the return value is a 'public' client. Otherwise, the
client is 'confidential'. Public clients must not include a client secret when sent to the
authorization server. Confidential clients must include the secret in all requests. Use public clients when
the source code of the client application is visible, i.e. a JavaScript browser application.
Any client that allows the authorization code flow must include redirectURI
.
Note that secret
is hashed with a randomly generated salt, and therefore cannot be retrieved
later. The plain-text secret must be stored securely elsewhere.
Source
static AuthClient generateAPICredentialPair(String clientID, String secret, {String redirectURI: null, int hashLength: 32, int hashRounds: 1000, Hash hashFunction}) { if (secret == null) { if (redirectURI != null) { throw new AuthUtilityException( "Public API Clients cannot have a redirect URL"); } return new AuthClient.withRedirectURI(clientID, null, null, redirectURI); } var salt = generateRandomSalt(hashLength: hashLength); var hashed = generatePasswordHash(secret, salt, hashRounds: hashRounds, hashLength: hashLength, hashFunction: hashFunction); return new AuthClient.withRedirectURI(clientID, hashed, salt, redirectURI); }