Coder Social home page Coder Social logo

Comments (4)

salomaosnff avatar salomaosnff commented on August 19, 2024

@fvisticot
You can return:

OAuthToken.fromMap ({
   "access_token": "<AccessToken>",
   "refresh_token": "<RefreshToken>",
   "expires": "<Seconds>" // a integer
})

from oauth_dio.

fvisticot avatar fvisticot commented on August 19, 2024

@fvisticot
You can return:

OAuthToken.fromMap ({
   "access_token": "<AccessToken>",
   "refresh_token": "<RefreshToken>",
   "expires": "<Seconds>" // a integer
})

I have the following implementation for the securestorage.

  • I need to compute the "expires" token property from "now"
  • I need to save the expiration date in the secure storage

Do you think that this implementation is correct ? (expires field management ?)

Other question:

  • What is happening when you request a new token from refreshToken and get an error from server (by exemple refreshToken expired) ?
    In my case the refreshToken expiration is 30 days... What is hapenning in your implementation in that case ?
  • I see in your code that the toMap token export provide a expires value in ms. is it normal ? should be in second ?
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:oauth_dio/oauth_dio.dart';

class OAuthSecureStorage extends OAuthStorage {
 final FlutterSecureStorage storage = FlutterSecureStorage();
 final accessTokenKey = 'accessToken';
 final refreshTokenKey = 'refreshToken';
 final expirationKey = 'expiration';

 @override
 Future<OAuthToken> fetch() async {
   final accessToken = await storage.read(key: accessTokenKey);
   final refreshToken = await storage.read(key: refreshTokenKey);
   final String expiration = await storage.read(key: expirationKey);

   if (accessToken != null && refreshToken != null && expiration != null) {
     final expirationDate = DateTime.parse(expiration);
     final now = DateTime.now();
     final int expires = ((expirationDate.millisecondsSinceEpoch -
             now.millisecondsSinceEpoch) ~/
         1000);
     return OAuthToken.fromMap({
       'access_token': accessToken,
       'refresh_token': refreshToken,
       'expires': expires
     });
   } else {
     return null;
   }
 }

 @override
 Future<OAuthToken> save(OAuthToken token) async {
   await storage.write(key: accessTokenKey, value: token.accessToken);
   await storage.write(key: refreshTokenKey, value: token.refreshToken);
   await storage.write(
       key: expirationKey, value: token.expiration.toIso8601String());
   return token;
 }

 Future<void> clear() async {
   await storage.delete(key: accessTokenKey);
   await storage.delete(key: refreshTokenKey);
   await storage.delete(key: expirationKey);
 }
}

from oauth_dio.

salomaosnff avatar salomaosnff commented on August 19, 2024

@fvisticot
You can return:

OAuthToken.fromMap ({
   "access_token": "<AccessToken>",
   "refresh_token": "<RefreshToken>",
   "expires": "<Seconds>" // a integer
})

I have the following implementation for the securestorage.

  • I need to compute the "expires" token property from "now"
  • I need to save the expiration date in the secure storage

Do you think that this implementation is correct ? (expires field management ?)

Other question:

  • What is happening when you request a new token from refreshToken and get an error from server (by exemple refreshToken expired) ?
    In my case the refreshToken expiration is 30 days... What is hapenning in your implementation in that case ?
  • I see in your code that the toMap token export provide a expires value in ms. is it normal ? should be in second ?
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:oauth_dio/oauth_dio.dart';

class OAuthSecureStorage extends OAuthStorage {
 final FlutterSecureStorage storage = FlutterSecureStorage();
 final accessTokenKey = 'accessToken';
 final refreshTokenKey = 'refreshToken';
 final expirationKey = 'expiration';

 @override
 Future<OAuthToken> fetch() async {
   final accessToken = await storage.read(key: accessTokenKey);
   final refreshToken = await storage.read(key: refreshTokenKey);
   final String expiration = await storage.read(key: expirationKey);

   if (accessToken != null && refreshToken != null && expiration != null) {
     final expirationDate = DateTime.parse(expiration);
     final now = DateTime.now();
     final int expires = ((expirationDate.millisecondsSinceEpoch -
             now.millisecondsSinceEpoch) ~/
         1000);
     return OAuthToken.fromMap({
       'access_token': accessToken,
       'refresh_token': refreshToken,
       'expires': expires
     });
   } else {
     return null;
   }
 }

 @override
 Future<OAuthToken> save(OAuthToken token) async {
   await storage.write(key: accessTokenKey, value: token.accessToken);
   await storage.write(key: refreshTokenKey, value: token.refreshToken);
   await storage.write(
       key: expirationKey, value: token.expiration.toIso8601String());
   return token;
 }

 Future<void> clear() async {
   await storage.delete(key: accessTokenKey);
   await storage.delete(key: refreshTokenKey);
   await storage.delete(key: expirationKey);
 }
}

According to the OAuth 2.0 specification, it is recommended that your authentication server return an "expires_in" field containing the token lifetime in seconds.

See https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2

The expires field will also prevent sending invalid tokens to the server, validating the tokens before sending them in the request.

from oauth_dio.

fvisticot avatar fvisticot commented on August 19, 2024

@fvisticot
You can return:

OAuthToken.fromMap ({
   "access_token": "<AccessToken>",
   "refresh_token": "<RefreshToken>",
   "expires": "<Seconds>" // a integer
})

I have the following implementation for the securestorage.

  • I need to compute the "expires" token property from "now"
  • I need to save the expiration date in the secure storage

Do you think that this implementation is correct ? (expires field management ?)
Other question:

  • What is happening when you request a new token from refreshToken and get an error from server (by exemple refreshToken expired) ?
    In my case the refreshToken expiration is 30 days... What is hapenning in your implementation in that case ?
  • I see in your code that the toMap token export provide a expires value in ms. is it normal ? should be in second ?
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:oauth_dio/oauth_dio.dart';

class OAuthSecureStorage extends OAuthStorage {
 final FlutterSecureStorage storage = FlutterSecureStorage();
 final accessTokenKey = 'accessToken';
 final refreshTokenKey = 'refreshToken';
 final expirationKey = 'expiration';

 @override
 Future<OAuthToken> fetch() async {
   final accessToken = await storage.read(key: accessTokenKey);
   final refreshToken = await storage.read(key: refreshTokenKey);
   final String expiration = await storage.read(key: expirationKey);

   if (accessToken != null && refreshToken != null && expiration != null) {
     final expirationDate = DateTime.parse(expiration);
     final now = DateTime.now();
     final int expires = ((expirationDate.millisecondsSinceEpoch -
             now.millisecondsSinceEpoch) ~/
         1000);
     return OAuthToken.fromMap({
       'access_token': accessToken,
       'refresh_token': refreshToken,
       'expires': expires
     });
   } else {
     return null;
   }
 }

 @override
 Future<OAuthToken> save(OAuthToken token) async {
   await storage.write(key: accessTokenKey, value: token.accessToken);
   await storage.write(key: refreshTokenKey, value: token.refreshToken);
   await storage.write(
       key: expirationKey, value: token.expiration.toIso8601String());
   return token;
 }

 Future<void> clear() async {
   await storage.delete(key: accessTokenKey);
   await storage.delete(key: refreshTokenKey);
   await storage.delete(key: expirationKey);
 }
}

According to the OAuth 2.0 specification, it is recommended that your authentication server return an "expires_in" field containing the token lifetime in seconds.

See https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2

The expires field will also prevent sending invalid tokens to the server, validating the tokens before sending them in the request.

Tx for the reply.
I check your code and it seems that in case the server returns an error on the refreshToken POST call, the error is not fired and the application stays blocked

from oauth_dio.

Related Issues (9)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.