feat: add support for password flow

appsup-dart · Dec 29, 2022 · c89d11b · c89d11b
1 parent 05343c8
commit c89d11b
Showing 1 changed file with 36 additions and 1 deletion.
diff --git a/lib/src/openid.dart b/lib/src/openid.dart
@@ -335,7 +335,8 @@ enum FlowType {
   implicit,
   authorizationCode,
   proofKeyForCodeExchange,
-  jwtBearer
+  jwtBearer,
+  password,
 }
 
 class Flow {
@@ -379,6 +380,20 @@ class Flow {
     };
   }
 
+  /// Creates a new [Flow] for the password flow.
+  ///
+  /// This flow can be used for active authentication by highly-trusted
+  /// applications. Call [Flow.loginWithPassword] to authenticate a user with
+  /// their username and password.
+  Flow.password(Client client,
+      {List<String> scopes = const ['openid', 'profile', 'email']})
+      : this._(
+          FlowType.password,
+          '',
+          client,
+          scopes: scopes,
+        );
+
   Flow.authorizationCode(Client client,
       {String? state,
       String? prompt,
@@ -495,6 +510,26 @@ class Flow {
     return TokenResponse.fromJson(json);
   }
 
+  /// Login with username and password
+  ///
+  /// Only allowed for [Flow.password] flows.
+  Future<Credential> loginWithPassword(
+      {required String username, required String password}) async {
+    if (type != FlowType.password) {
+      throw UnsupportedError('Flow is not password');
+    }
+    var json = await http.post(client.issuer.tokenEndpoint,
+        body: {
+          'grant_type': 'password',
+          'username': username,
+          'password': password,
+          'scope': scopes.join(' '),
+          'client_id': client.clientId,
+        },
+        client: client.httpClient);
+    return Credential._(client, TokenResponse.fromJson(json), null);
+  }
+
   Future<Credential> callback(Map<String, String> response) async {
     if (response['state'] != state) {
       throw ArgumentError('State does not match');