Config class

Parameters according to official Microsoft Documentation:

• Azure AD https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
• Azure AD B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

DartDocs of parameters are mostly from those pages.

Constructors

Config.new({required String tenant, String? policy, required String clientId, String responseType = 'code', String? redirectUri, required String scope, bool webUseRedirect = false, String? responseMode, String? state, String? prompt, String? codeChallenge, String? codeChallengeMethod, String nonce = '12345', String tokenIdentifier = 'Token', String? clientSecret, String? resource, bool isB2C = false, String? customAuthorizationUrl, String? customTokenUrl, String? customDomainUrlWithTenantId, String? loginHint, String? domainHint, String? codeVerifier, String? userAgent, bool isStub = false, Widget loader = const SizedBox(), AndroidOptions? aOptions, CacheLocation? cacheLocation, required GlobalKey<NavigatorState> navigatorKey, String? origin, Map<String, String> customParameters = const {}, String? postLogoutRedirectUri, PreferredSizeWidget? appBar, dynamic onPageFinished(String url)?})

Azure AD OAuth Configuration. Look at individual fields for description.

Properties

aOptions ↔ AndroidOptions

android storage options for shared preferences - defaults to encrypting shared prefs

getter/setter pair

appBar ↔ PreferredSizeWidget?

add an app bar to the login page

getter/setter pair

authorizationUrl → String

Azure AD authorization URL.

final

cacheLocation ↔ CacheLocation

Cache location used when authenticating with a web client. "CacheLocation.localStorage" - Local browser storage (default) "CacheLocation.sessionStorage" - Session context "CacheLocation.memoryStorage" - Memory only

getter/setter pair

clientId → String

The Application (client) ID that the Azure portal – App registrations experience assigned to your app.

final

clientSecret → String?

The client secret that you generated for your app in the app registration portal.

final

codeChallenge → String?

Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). Required if codeChallengeMethod is included. For more information, see the PKCE RFC. This is now recommended for all application types - native apps, SPAs, and confidential clients like web apps.

final

codeChallengeMethod → String?

The method used to encode the code_verifier for the code_challenge parameter. This SHOULD be S256, but the spec allows the use of plain if for some reason the client cannot support SHA256. If excluded, code_challenge is assumed to be plaintext if codeChallenge is included. Microsoft identity platform supports both plain and S256. For more information, see the PKCE RFC. This is required for single page apps using the authorization code flow.

final

codeVerifier ↔ String?

The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request. For more information, see the PKCE RFC.

getter/setter pair

customAuthorizationUrl → String?

Override of the authorization URL, can be used to enable ADFS authentication.

final

customDomainUrlWithTenantId → String?

When using Azure AD B2C with a custom domain or Azure Front Door, the custom domain URL must be used instead of the default login.microsoftonline.com URL. This will change the issuer of the token to the custom domain URL. Example: https://account.examplecompany.com/01234567-89ab-cdef-0123-456789abcdef. More information can be found here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain.

final

customParameters → Map<String, String>

Support for custom url parameters for dynamic UI support View docs on Azure B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview#dynamic-ui-customization

final

customTokenUrl → String?

Override of the token URL, can be used to enable ADFS authentication.

final

domainHint ↔ String?

If included, it will skip the email-based discovery process that user goes through on the sign-in page, leading to a slightly more streamlined user experience - for example, sending them to their federated identity provider. Often apps will use this parameter during re-authentication, by extracting the tid from a previous sign-in. If the tid claim value is 9188040d-6c67-4c5b-b112-36a304b66dad, you should use domain_hint=consumers. Otherwise, use domain_hint=organizations.

getter/setter pair

hashCode → int

The hash code for this object.

no setter, inherited

isB2C → bool

Using Azure AD B2C instead of standard Azure AD. Azure Active Directory B2C provides business-to-customer identity as a service.

final

isStub ↔ bool

Flag whether to use a stub implementation for unit testing or not

getter/setter pair

loader ↔ Widget

Loader Widget (before load web page)

getter/setter pair

loginHint ↔ String?

Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know their username ahead of time. Often apps will use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.

getter/setter pair

navigatorKey ↔ GlobalKey<NavigatorState>

Navigator key used to navigate to the login webview if interactive login is required

getter/setter pair

nonce → String

AAD B2C only: A nonce is a strategy used to mitigate token replay attacks. Your application can specify a nonce in an authorization request by using the nonce query parameter. The value you provide in the request is emitted unmodified in the nonce claim of an ID token only. This claim allows your application to verify the value against the value specified on the request. Your application should perform this validation during the ID token validation process.

final

onPageFinished ↔ dynamic Function(String url)?

add onPageFinished callback

getter/setter pair

origin ↔ String?

Origin header parameter for TokenRequestDetails and TokenRefreshRequestDetails

getter/setter pair

policy → String?

AAD B2C only: The user flow to be run. Specify the name of a user flow you've created in your Azure AD B2C tenant. For example: b2c_1_sign_in, b2c_1_sign_up, or b2c_1_edit_profile

final

postLogoutRedirectUri ↔ String?

Sign-out with a redirect On Azure logout process, it'll redirect the user to this url By this we can verify the user is logged out successfully View docs: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-sign-in?tabs=javascript2#tabpanel_4_javascript2

getter/setter pair

prompt → String?

Indicates the type of user interaction that is required. The only valid values at this time are login, none, and consent.

final

redirectUri → String

The redirect uri of your app, where authentication responses can be sent and received by your app. It must exactly match one of the redirect_uris you registered in the portal, except it must be url encoded. For native & mobile apps, you should use the default value.

final

resource → String?

Resource

final

responseMode → String?

Specifies the method that should be used to send the resulting token back to your app. Can be one of the following:

final

responseType → String

Must include code for the authorization code flow.

final

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

scope → String

A space-separated list of scopes that you want the user to consent to. For the /authorize leg of the request, this can cover multiple resources, allowing your app to get consent for multiple web APIs you want to call.

final

state → String?

A value included in the request that will also be returned in the token response. It can be a string of any content that you wish. A randomly generated unique value is typically used for preventing cross-site request forgery attacks. The value can also encode information about the user's state in the app before the authentication request occurred, such as the page or view they were on.

final

tenant → String

The tenant value in the path of the request can be used to control who can sign into the application. The allowed values are common, organizations, consumers, and tenant identifiers. Or Name of your Azure AD B2C tenant.

final

tokenIdentifier ↔ String

AAD B2C only: Identifies access tokens, to allow multiple concurrent sessions.

getter/setter pair

tokenUrl → String

Azure AD token URL.

final

userAgent ↔ String?

User agent of web view. (using flutter_webview_plugin)

getter/setter pair

webUseRedirect ↔ bool

On Web only, use http redirect instead of popups to acquire an access token. This may be useful to avoid popup warnings and on iOS devices that prevent sharing of information between the popup and a Progressive web application (PWA) installed on the home screen.

getter/setter pair

Methods

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited

Static Methods

getDefaultRedirectUri() → String

Determine an appropriate redirect URI for AAD authentication. On web, it is the location that the application is being served from. On mobile, it is https://login.live.com/oauth20_desktop.srf

Constants

contentType → const String

Content type for token request.