core library
This library re-exports the core authentication tools for the authentication module.
Classes
- AppleAccount
- A fully configured "Sign in with Apple"-based account to be used for logins.
- AppleAccountAttachRowRepository
- AppleAccountInclude
- AppleAccountIncludeList
- AppleAccountRepository
- AppleAccountTable
- AppleAccountUpdateTable
- Argon2HashParameters
- Parameters for hashing a secret using the Argon2id algorithm.
- Argon2HashUtil
- A consolidated utility for handling Argon2id-based secret hashing.
- AuthServices
- Global configuration for auth providers that are exposed through endpoints. This object is also used to manage the lifecycle of authentication tokens regardless of who issues the token.
- AuthSuccess
- Response model representing a successful authentication result with all relevant authentication information.
- AuthUser
- Core database entity representing a user in the authentication system.
- AuthUserInclude
- AuthUserIncludeList
- AuthUserModel
- DTO for transferring authentication user information.
- AuthUserRepository
- AuthUsers
- Management functions for auth users.
- AuthUsersConfig
- Configuration options for the auth users module.
- AuthUserTable
- AuthUserUpdateTable
- CompletionTokenCredentials
- Decoded credentials from a completion token.
- CompletionTokenResult
- Result of creating a completion token.
-
DatabaseRateLimitedRequestAttemptUtil<
T> - Utility class for tracking and rate limiting request attempts.
- EcdsaSha512JwtAlgorithmConfiguration
- ECDSA SHA-512 JWT algorithm configuration.
- ECPrivateKey
- For ECDSA algorithm, in sign method
- ECPublicKey
- For ECDSA algorithm, in verify method
- EmailAccount
- A fully configured email account to be used for logins.
- EmailAccountAttachRowRepository
- EmailAccountInclude
- EmailAccountIncludeList
- EmailAccountPasswordResetRequest
- Pending email account password reset.
- EmailAccountPasswordResetRequestAttachRowRepository
- EmailAccountPasswordResetRequestDetachRowRepository
- EmailAccountPasswordResetRequestInclude
- EmailAccountPasswordResetRequestIncludeList
- EmailAccountPasswordResetRequestRepository
- EmailAccountPasswordResetRequestTable
- EmailAccountPasswordResetRequestUpdateTable
- EmailAccountRepository
- EmailAccountRequest
- Pending email account registration.
- EmailAccountRequestAttachRowRepository
- EmailAccountRequestDetachRowRepository
- EmailAccountRequestInclude
- EmailAccountRequestIncludeList
- EmailAccountRequestRepository
- EmailAccountRequestTable
- EmailAccountRequestUpdateTable
- EmailAccountTable
- EmailAccountUpdateTable
- FirebaseAccount
- A fully configured Firebase account to be used for logins.
- FirebaseAccountAttachRowRepository
- FirebaseAccountInclude
- FirebaseAccountIncludeList
- FirebaseAccountRepository
- FirebaseAccountTable
- FirebaseAccountUpdateTable
- GoogleAccount
- A fully configured Google account to be used for logins.
- GoogleAccountAttachRowRepository
- GoogleAccountInclude
- GoogleAccountIncludeList
- GoogleAccountRepository
- GoogleAccountTable
- GoogleAccountUpdateTable
- HmacSha512JwtAlgorithmConfiguration
- HMAC SHA-512 JWT algorithm configuration.
-
IdentityProviderBuilder<
T extends Object> - Interface for building identity providers.
- Jwt
- Business logic for handling JWT-based access and refresh tokens.
- JwtAdmin
- Collection of admin functions for managing authentication tokens.
- JwtAlgorithm
- Configuration for an authentication token algorithm.
- JwtConfig
- Configuration options for the JWT authentication module.
- JwtConfigFromPasswords
-
Creates a new JwtConfig from keys on the
passwords.yamlfile. - JwtContext
- Context provided to the JwtConfig.extraClaimsProvider.
- JwtTokenInfo
- DTO for transferring JWT token information between server and client.
- JwtTokenManager
- Token manager adapter for Jwt.
- MultiTokenManager
- A composite token manager that delegates operations to multiple underlying token managers.
- PasskeyAccount
- A fully configured passkey to be used for logins.
- PasskeyAccountAttachRowRepository
- PasskeyAccountInclude
- PasskeyAccountIncludeList
- PasskeyAccountRepository
- PasskeyAccountTable
- PasskeyAccountUpdateTable
- PasskeyChallenge
- A challenge handed out for a subsequent Passkey registration or login.
- PasskeyChallengeInclude
- PasskeyChallengeIncludeList
- PasskeyChallengeRepository
- PasskeyChallengeTable
- PasskeyChallengeUpdateTable
- PasskeyLoginRequest
- Data to be sent for a Passkey login.
- PasskeyRegistrationRequest
- Data to be sent when adding a Passkey to an existing user.
-
PreBuiltIdpBuilder<
T extends Object> - A builder that returns a pre-built identity provider.
-
PreBuiltTokenManagerBuilder<
T extends TokenManager> - A builder that returns a pre-built token manager.
- RateLimitedRequestAttempt
- Database table for tracking rate limited request attempts. A new entry will be created whenever the request is attempted.
-
RateLimitedRequestAttemptConfig<
T> - Configuration for rate limiting request attempts.
- RateLimitedRequestAttemptInclude
- RateLimitedRequestAttemptIncludeList
- RateLimitedRequestAttemptRepository
- RateLimitedRequestAttemptTable
- RateLimitedRequestAttemptUpdateTable
-
RateLimitedRequestAttemptUtil<
T> - Utility class for tracking and rate limiting request attempts.
- RefreshJwtTokensEndpoint
- Endpoint for JWT tokens management.
- RefreshToken
- Refresh token for JWT-based authentication.
- RefreshTokenAttachRowRepository
- RefreshTokenInclude
- RefreshTokenIncludeList
- RefreshTokenRepository
- RefreshTokenTable
- RefreshTokenUpdateTable
- SecretChallenge
- Database entity for storing hashed verification codes used in challenge-based authentication flows.
-
SecretChallengeCompletionConfig<
T> - Configuration for completion token validation with all protection mechanisms.
- SecretChallengeInclude
- SecretChallengeIncludeList
- SecretChallengeRepository
- SecretChallengeTable
- SecretChallengeUpdateTable
-
SecretChallengeUtil<
T> - Utility class for creating and verifying secret challenges.
-
SecretChallengeVerificationConfig<
T> - Configuration for challenge verification with all protection mechanisms.
- SecretKey
- For HMAC algorithms
- ServerSideSession
- Server-side authentication session.
- ServerSideSessionAttachRowRepository
- ServerSideSessionInclude
- ServerSideSessionIncludeList
- ServerSideSessionInfo
- DTO for transferring server-side session information between server and client.
- ServerSideSessionRepository
- ServerSideSessions
- Management functions for ServerSideSessions.
- ServerSideSessionsAdmin
- Collection of admin functions for managing sessions.
- ServerSideSessionsConfig
- Configuration options for the session module.
- ServerSideSessionsConfigFromPasswords
-
Creates a new ServerSideSessionsConfig from keys on the
passwords.yamlfile. - ServerSideSessionsTokenManager
- Token manager adapter for ServerSideSessions.
- ServerSideSessionTable
- ServerSideSessionUpdateTable
- TokenInfo
- Information about an authentication token.
- TokenIssuer
- An interface for issuing authentication tokens.
- TokenManager
- An interface for managing authentication tokens.
-
TokenManagerBuilder<
T extends TokenManager> - Interface for builders that can create token managers.
- TokenPair
- A pair of refresh and access tokens, in their external format.
- UserImageFromBytes
- User image source from raw bytes.
- UserImageFromUrl
- User image source from a URL.
- UserImageSource
- Source of a user image.
- UserProfile
- Core database entity representing a user profile in the authentication system.
- UserProfileAttachRowRepository
- UserProfileConfig
- Configuration options for the user profile module.
- UserProfileData
- Lightweight DTO to be used as specification while creating a new user profile.
- UserProfileDetachRowRepository
- UserProfileEditBaseEndpoint
- Base endpoint for user profile management.
- UserProfileImage
- Database entity for storing user profile image information.
- UserProfileImageAttachRowRepository
- UserProfileImageInclude
- UserProfileImageIncludeList
- UserProfileImageRepository
- UserProfileImageTable
- UserProfileImageUpdateTable
- UserProfileInclude
- UserProfileIncludeList
- UserProfileInfoEndpoint
- Endpoint for read-only access to user profile information.
- UserProfileModel
- DTO for transferring user profile information.
- UserProfileRepository
- UserProfiles
- Business logic for handling user profiles
- UserProfilesAdmin
- Admin operations complementing the end-user UserProfilesAdmin functionality.
- UserProfileTable
- UserProfileUpdateTable
Enums
- AuthStrategy
- Authentication strategies supported the Serverpod authentication core module
- EmailAccountLoginExceptionReason
- The reason for why the authentication via email credentials was rejected.
- EmailAccountPasswordResetExceptionReason
- The reason for why the password reset request was rejected.
- EmailAccountRequestExceptionReason
- The reason for why the account creation with email request was rejected.
- UserProfileImageType
- Defines the format of stored user images.
Extensions
- AuthenticationInfoAuthUserId on AuthenticationInfo
-
AuthUserID extension forAuthenticationInfo - AuthenticationInfoJwt on AuthenticationInfo
-
Extensions for
AuthenticationInfowhen used with moduleserverpod_auth_jwt. - AuthenticationInfoServerSideSessionId on AuthenticationInfo
-
Server side session ID extension for
AuthenticationInfo. - AuthenticationInfoUserProfile on AuthenticationInfo
- Extensions method on the AuthenticationInfo to get the user profile.
- AuthServicesInit on Serverpod
- Extension to initialize the AuthServices with the default configuration.
- AuthUserScopes on AuthUserModel
- Scopes extension for AuthUserModel.
- JwtTokenInfoExtension on JwtTokenInfo
- Extensions for JwtTokenInfo.
-
SecretChallengeCompletionConfigExtension
on SecretChallengeCompletionConfig<
T> - Extension methods for SecretChallengeCompletionConfig.
-
SecretChallengeVerificationConfigExtension
on SecretChallengeVerificationConfig<
T> - Extension methods for SecretChallengeVerificationConfig.
- UserProfileToUserProfileData on UserProfile
- Extensions method to convert a UserProfile to its core data representation.
- UserProfileToUserProfileModel on UserProfile
- Extensions method to convert a UserProfile to its model.
Functions
-
defaultUserImageGenerator(
UserProfileModel userInfo, int imageSize) → Future< Image> - The default UserImageGenerator, mimics the default avatars used by Google.
Typedefs
-
AfterUserProfileCreatedHandler
= FutureOr<
void> Function(Session session, UserProfileModel userProfile, {required Transaction transaction}) - Callback to be invoked with the new user profile after it has been created.
-
AfterUserProfileUpdatedHandler
= FutureOr<
void> Function(Session session, UserProfileModel userProfile, {required Transaction transaction}) - Callback to be invoked with the updated user profile after it has been updated.
-
BeforeUserProfileCreatedHandler
= FutureOr<
UserProfileData> Function(Session session, UuidValue authUserId, UserProfileData userProfile, {required Transaction transaction}) - Callback to be invoked with the new user profile data before it gets created.
-
BeforeUserProfileUpdatedHandler
= FutureOr<
UserProfileData> Function(Session session, UuidValue authUserId, UserProfileData userProfile, {required Transaction transaction}) - Callback to be invoked with the new user profile before it will be updated.
- DeletedRefreshToken = ({UuidValue authUserId, UuidValue refreshTokenId})
- A tuple of (refresh token ID) representing a deleted refresh token.
- DeletedSession = ({UuidValue authUserId, UuidValue sessionId})
- A tuple of (auth user ID, session ID) representing a deleted session.
-
GetRequestCallback<
T> = Future< T?> Function(Session session, UuidValue requestId, {required Transaction? transaction}) - Callback called when a request is retrieved.
-
LinkCompletionTokenCallback<
T> = Future< void> Function(Session session, T request, SecretChallenge completionChallenge, {required Transaction? transaction}) - Callback called when a request is linked to a completion challenge.
-
OnExpiredCallback<
T> = Future< void> Function(Session session, T request) - Callback called when a request has expired.
-
UserImageGenerator
= Future<
Image> Function(UserProfileModel userProfile, int imageSize) - Generates a default user image (avatar) for a user who hasn't uploaded a user image.
Exceptions / Errors
- AuthUserBlockedException
- Exception thrown when a user attempts to authenticate but their account is blocked.
- AuthUserNotFoundException
- Exception thrown when attempting to access an AuthUser that does not exist.
- ChallengeAlreadyUsedException
- Exception thrown when the challenge has already been used/verified.
- ChallengeExpiredException
- Exception thrown when the challenge has expired.
- ChallengeInvalidCompletionTokenException
- Exception thrown when the completion token is malformed or invalid.
- ChallengeInvalidVerificationCodeException
- Exception thrown when the verification code is invalid.
- ChallengeNotVerifiedException
- Exception thrown when the request has not been verified yet.
- ChallengeRateLimitExceededException
- Exception thrown when the rate limit is exceeded.
- ChallengeRequestNotFoundException
- Exception thrown when the operation request is not found.
- EmailAccountLoginException
- Exception to be thrown if the login via email/password fails.
- EmailAccountPasswordResetException
- Exception to be thrown if email reset request fails.
- EmailAccountRequestException
- Exception to be thrown if email account creation request fails.
- FirebaseIdTokenVerificationException
- Exception to be thrown if the Firebase ID token verification fails.
- GoogleIdTokenVerificationException
- Exception to be thrown if the Google ID token verification fails.
- PasskeyChallengeExpiredException
- Exception to be thrown if a registration or login attempt was made after the challenge used has expired.
- PasskeyChallengeNotFoundException
- Exception to be thrown if a registration or login attempt was made with a challenge id which can not be found (because either it has never existed or has been used already).
- PasskeyPublicKeyNotFoundException
- Exception to be thrown if a login attempt was made with an unknown key id.
- PasswordNotFoundException
- Thrown when a requested password is missing from configuration.
- RefreshTokenExpiredException
- Exception thrown when attempting to use a refresh token that has expired.
- RefreshTokenExpiredServerException
- Exception thrown when a refresh token has expired.
- RefreshTokenInvalidSecretException
- Exception thrown when a refresh token rotation request has an invalid secret.
- RefreshTokenInvalidSecretServerException
- Exception thrown when a refresh token has an invalid secret.
- RefreshTokenMalformedException
- Exception thrown when a refresh token string is malformed or cannot be parsed.
- RefreshTokenMalformedServerException
- Exception thrown when a refresh token is malformed.
- RefreshTokenNotFoundException
- Exception thrown when a refresh token cannot be found in the database.
- RefreshTokenNotFoundServerException
- Exception thrown when a refresh token is not found.
- RefreshTokenServerException
- Base exception for all refresh token related errors.
- SecretChallengeException
- Base exception for all secret challenge related errors.
- UserProfileNotFoundException
- Exception which is thrown when a user's profile could not be found.