fromUserCredsAndChallenge static method

Future<User> fromUserCredsAndChallenge({
  1. required String userId,
  2. required String password,
  3. required Challenge challenge,
  4. bool useUserIdInPrivateKey = true,
  5. KdfChoice? kdf,
  6. Kdf? customKdf,
  7. Uint8List? ephemeralUserPrivateKey,
})

As part of initial user authentication handshake, create a User from a challenge provided by the server.

WARNING: If the server provides the core SRP parameters (safe prime, generator, hash algorithm) it is highly recommended for the client to verify they are cryptographically secure. This could include checking the hash algorithm is one of those expected, and that the safe prime and generator and secure (see verifySafePrime and verifyGenerator).

Enable useUserIdInPrivateKey if the user ID was used for key generation during user registration. See createSaltedVerificationKey for details. If useUserIdInPrivateKey is false, the user ID is only used to generate the user-side verifier.

If kdf is not provided, Argon2id is used since it is slow and hence relatively secure. Be sure this KDF matches the one used during registration. Alternatively, provide customKdf to use a custom KDF implementation (cannot provide both kdf and customKdf).

If a ephemeralUserPrivateKey is not provided, one is generated.

For improved security, use fromUserCredsBytesAndChallenge to pass credentials as Uint8List instead of String.

Implementation

static Future<User> fromUserCredsAndChallenge({
  required String userId,
  required String password,
  required Challenge challenge,
  final bool useUserIdInPrivateKey = true,
  KdfChoice? kdf,
  Kdf? customKdf,
  final Uint8List? ephemeralUserPrivateKey,
}) async {
  return fromUserCredsBytesAndChallenge(
    userIdBytes: userId.utf8Bytes,
    passwordBytes: password.utf8Bytes,
    challenge: challenge,
    useUserIdInPrivateKey: useUserIdInPrivateKey,
    kdf: kdf,
    customKdf: customKdf,
    ephemeralUserPrivateKey: ephemeralUserPrivateKey,
  );
}