-
Notifications
You must be signed in to change notification settings - Fork 61
Open
Labels
Description
Using a redirect code flow will mean that I must recreate the state of the AuthorizationCodeGrant
after redirect.
The current implementation makes the state private.
AuthorizationCodeGrant
should be changed to be able to recreate the state or remove the state entirely.
You can avoid the risk of calling methods on the grant out of sequence by providing any additionally required state in the method parameters.
Future<Client> handleAuthorizationResponse(
Map<String, String> parameters, bool requireState = false) async {
if (requireState) {
if (!parameters.containsKey('state')) {
throw FormatException('Invalid OAuth response for '
'"$authorizationEndpoint": parameter "state" expected to be '
'"$_stateString", was missing.');
} else if (parameters['state'] != _stateString) {
throw FormatException('Invalid OAuth response for '
'"$authorizationEndpoint": parameter "state" expected to be '
'"$_stateString", was "${parameters['state']}".');
}
}
if (parameters.containsKey('error')) {
var description = parameters['error_description'];
var uriString = parameters['error_uri'];
var uri = uriString == null ? null : Uri.parse(uriString);
throw AuthorizationException(parameters['error']!, description, uri);
} else if (!parameters.containsKey('code')) {
throw FormatException('Invalid OAuth response for '
'"$authorizationEndpoint": did not contain required parameter '
'"code".');
}
return _handleAuthorizationCode(parameters['code']);
}
wisamidris77 and TomaszCz