← All projects

flutter

Flutter/Dart client SDK for the aice-auth identity service, covering login, refresh, logout and pluggable secure token storage.

  • Dart 100%
View on GitLab ↗
git@gitlab.com:aice-lab/auth/flutter.git

Latest release

v1.0.1 ·

README

aice-auth (Flutter)

Flutter client SDK for the aice-auth identity service.

This package implements the consumer side of the /auth/login, /auth/refresh, and /auth/logout endpoints defined in the canonical OpenAPI spec. It persists the resulting TokenBundle in flutter_secure_storage so app code can call getAccessToken() without re-authenticating on every cold start.

Status

Stable. v1.0.0 covers first-factor handle + credential login, refresh-token rotation, logout, and access-token retrieval. License-token verification is deferred (no audited Dart ML-DSA-65 implementation yet — see docs/license-verification-deferral.md). Passkey, automatic refresh-on-expiry, OIDC code-exchange, and step-up flow land in v1.1+ (see the foundation P4 plan).

Install

dependencies:
  aice_auth:
    git:
      url: git@gitlab.com:aice-lab/auth/flutter.git
      ref: v1.0.0

Pin to a tag (v1.0.0 or later) rather than main. main is unstable between releases.

Quickstart

import 'package:aice_auth/aice_auth.dart';

final client = AiceAuthClient(issuerBaseUrl: 'https://id.example.com');
final tokens = await client.login(
  handle: 'alice@example.org',
  handleType: HandleType.email,
  credential: 'correct-horse-battery-staple',
);

// Later requests:
final accessToken = await client.getAccessToken();

// When the access token expires, rotate the refresh chain:
await client.refresh();

// On sign-out:
await client.logout();

Public API

Everything exported from package:aice_auth/aice_auth.dart is part of the public API:

  • AiceAuthClient — the entry-point.
  • TokenBundleaccess_token, token_type, expires_in, refresh_token, optional id_token, optional scope.
  • HandleTypephone, email, username.
  • TokenStore interface plus SecureTokenStore (default) and InMemoryTokenStore (tests).
  • AiceAuthException — typed exception thrown on auth failures.

Anything imported from package:aice_auth/src/... is internal and may change without notice between minor versions.

Testing

dart pub get
dart analyze --fatal-infos
dart test

For coverage:

dart test --coverage=coverage
dart pub global activate coverage
dart pub global run coverage:format_coverage \
  --lcov --in=coverage --out=coverage/lcov.info \
  --packages=.dart_tool/package_config.json --report-on=lib
lcov --summary coverage/lcov.info

License

FSL-1.1-Apache-2.0. See LICENSE.FAQ.md for the practical effect.

Contributing

See CONTRIBUTING.md. TDD is mandatory; every code change ships with a corresponding test commit.

Reporting security issues

See SECURITY.md. Do not file public issues for vulnerabilities.

This is a snapshot generated from GitLab. For the live README, see the project page.