angel_auth

Pubbuild status

A complete authentication plugin for Angel. Inspired by Passport.

Wiki

Click here.

Bundled Strategies

  • Local (with and without Basic Auth)
  • Find other strategies (Twitter, Google, OAuth2, etc.) on Pub!!!

Example

Ensure you have read the wiki.

  1. configureServer(Angel app) async {
  2.   var auth = AngelAuth<User>();
  3.   auth.serializer = ...;
  4.   auth.deserializer = ...;
  5.   auth.strategies['local'] = LocalAuthStrategy(...);
  6.  
  7.   // POST route to handle username+password
  8.   app.post('/local', auth.authenticate('local'));
  9.  
  10.   // Using Angel's asynchronous injections, we can parse the JWT
  11.   // on demand. It won't be parsed until we check.
  12.   app.get('/profile', ioc((User user) {
  13.     print(user.description);
  14.   }));
  15.  
  16.   // Use a comma to try multiple strategies!!!
  17.   //
  18.   // Each strategy is run sequentially. If one succeeds, the loop ends.
  19.   // Authentication failures will just cause the loop to continue.
  20.   // 
  21.   // If the last strategy throws an authentication failure, then
  22.   // a `401 Not Authenticated` is thrown.
  23.   var chainedHandler = auth.authenticate(
  24.     ['basic','facebook'],
  25.     authOptions
  26.   );
  27.  
  28.   // Apply angel_auth-specific configuration.
  29.   await app.configure(auth.configureServer);
  30. }

Default Authentication Callback

A frequent use case within SPA's is opening OAuth login endpoints in a separate window.angel_clientprovides a facility for this, which works perfectly with the default callback providedin this package.

  1. configureServer(Angel app) async {
  2.   var handler = auth.authenticate(
  3.     'facebook',
  4.     AngelAuthOptions(callback: confirmPopupAuthentication()));
  5.   app.get('/auth/facebook', handler);
  6.  
  7.   // Use a comma to try multiple strategies!!!
  8.   //
  9.   // Each strategy is run sequentially. If one succeeds, the loop ends.
  10.   // Authentication failures will just cause the loop to continue.
  11.   // 
  12.   // If the last strategy throws an authentication failure, then
  13.   // a `401 Not Authenticated` is thrown.
  14.   var chainedHandler = auth.authenticate(
  15.     ['basic','facebook'],
  16.     authOptions
  17.   );
  18. }

This renders a simple HTML page that fires the user's JWT as a token event in window.opener.angel_client exposes this as a Stream:

  1. app.authenticateViaPopup('/auth/google').listen((jwt) {
  2.   // Do something with the JWT
  3. });