Skip to content

using a redirect code flow I cannot handleAuthorizationResponse because of the state of the grant #2018

@mnelsonwhite

Description

@mnelsonwhite

Using a redirect code flow will mean that I must recreate the state of the AuthorizationCodeGrant after redirect.

The current implementation makes the state private.

AuthorizationCodeGrant should be changed to be able to recreate the state or remove the state entirely.

You can avoid the risk of calling methods on the grant out of sequence by providing any additionally required state in the method parameters.

  Future<Client> handleAuthorizationResponse(
      Map<String, String> parameters, bool requireState = false) async {

    if (requireState) {
      if (!parameters.containsKey('state')) {
        throw FormatException('Invalid OAuth response for '
            '"$authorizationEndpoint": parameter "state" expected to be '
            '"$_stateString", was missing.');
      } else if (parameters['state'] != _stateString) {
        throw FormatException('Invalid OAuth response for '
            '"$authorizationEndpoint": parameter "state" expected to be '
            '"$_stateString", was "${parameters['state']}".');
      }
    }

    if (parameters.containsKey('error')) {
      var description = parameters['error_description'];
      var uriString = parameters['error_uri'];
      var uri = uriString == null ? null : Uri.parse(uriString);
      throw AuthorizationException(parameters['error']!, description, uri);
    } else if (!parameters.containsKey('code')) {
      throw FormatException('Invalid OAuth response for '
          '"$authorizationEndpoint": did not contain required parameter '
          '"code".');
    }

    return _handleAuthorizationCode(parameters['code']);
  }

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions