lib/src/resource_owner_password_grant.dart - oauth2 - Git at Google

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.

 library oauth2.resource_owner_password_grant;

 import 'dart:async';

 import 'package:http/http.dart' as http;

 import 'client.dart';
 import 'handle_access_token_response.dart';
 import 'utils.dart';

 /// Obtains credentials using a [resource owner password grant][].
 ///
 /// This mode of authorization uses the user's username and password to obtain
 /// an authentication token, which can then be stored. This is safer than
 /// storing the username and password directly, but it should be avoided if any
 /// other authorization method is available, since it requires the user to
 /// provide their username and password to a third party (you).
 ///
 /// The client [identifier] and [secret] may be issued by the server, and are
 /// used to identify and authenticate your specific OAuth2 client. These are
 /// usually global to the program using this library.
 ///
 /// The specific permissions being requested from the authorization server may
 /// be specified via [scopes]. The scope strings are specific to the
 /// authorization server and may be found in its documentation. Note that you
 /// may not be granted access to every scope you request; you may check the
 /// [Credentials.scopes] field of [Client.credentials] to see which scopes you
 /// were granted.
 Future<Client> resourceOwnerPasswordGrant(
     Uri authorizationEndpoint,
     String username,
     String password,
     {String identifier,
     String secret,
     Iterable<String> scopes,
     bool basicAuth: true,
     http.Client httpClient}) async {
   var startTime = new DateTime.now();

   var body = {
     "grant_type": "password",
     "username": username,
     "password": password
   };

   var headers = {};

   if (identifier != null) {
     if (basicAuth) {
       headers['Authorization'] = basicAuthHeader(identifier, secret);
     } else {
       body['client_id'] = identifier;
       if (secret != null) body['client_secret'] = secret;
     }
   }

   if (scopes != null && !scopes.isEmpty) body['scope'] = scopes.join(' ');

   if (httpClient == null) httpClient = new http.Client();
   var response = await httpClient.post(authorizationEndpoint,
       headers: headers, body: body);

   var credentials = await handleAccessTokenResponse(
       response, authorizationEndpoint, startTime, scopes);
   return new Client(credentials, identifier: identifier, secret: secret);
 }
	// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
	// for details. All rights reserved. Use of this source code is governed by a
	// BSD-style license that can be found in the LICENSE file.

	library oauth2.resource_owner_password_grant;

	import 'dart:async';

	import 'package:http/http.dart' as http;

	import 'client.dart';
	import 'handle_access_token_response.dart';
	import 'utils.dart';

	/// Obtains credentials using a [resource owner password grant][].
	///
	/// This mode of authorization uses the user's username and password to obtain
	/// an authentication token, which can then be stored. This is safer than
	/// storing the username and password directly, but it should be avoided if any
	/// other authorization method is available, since it requires the user to
	/// provide their username and password to a third party (you).
	///
	/// The client [identifier] and [secret] may be issued by the server, and are
	/// used to identify and authenticate your specific OAuth2 client. These are
	/// usually global to the program using this library.
	///
	/// The specific permissions being requested from the authorization server may
	/// be specified via [scopes]. The scope strings are specific to the
	/// authorization server and may be found in its documentation. Note that you
	/// may not be granted access to every scope you request; you may check the
	/// [Credentials.scopes] field of [Client.credentials] to see which scopes you
	/// were granted.
	Future<Client> resourceOwnerPasswordGrant(
	Uri authorizationEndpoint,
	String username,
	String password,
	{String identifier,
	String secret,
	Iterable<String> scopes,
	bool basicAuth: true,
	http.Client httpClient}) async {
	var startTime = new DateTime.now();

	var body = {
	"grant_type": "password",
	"username": username,
	"password": password
	};

	var headers = {};

	if (identifier != null) {
	if (basicAuth) {
	headers['Authorization'] = basicAuthHeader(identifier, secret);
	} else {
	body['client_id'] = identifier;
	if (secret != null) body['client_secret'] = secret;
	}
	}

	if (scopes != null && !scopes.isEmpty) body['scope'] = scopes.join(' ');

	if (httpClient == null) httpClient = new http.Client();
	var response = await httpClient.post(authorizationEndpoint,
	headers: headers, body: body);

	var credentials = await handleAccessTokenResponse(
	response, authorizationEndpoint, startTime, scopes);
	return new Client(credentials, identifier: identifier, secret: secret);
	}