Super Simple Authentication Toolkit
A collection of Dart Frog functions that power the super_simple_authentication_server
Features
- Dart Frog Handlers to handle authentication requests
- Connect to database via DataStorage interface
- Send emails and sms via external providers
- Integration with Google and Apple social sign ins
- Asymmetric and symmetric tokens
Handlers
The super_simple_authentication_toolkit
provides a set of Dart Frog handlers to manage various authentication flows:
createAccountHandler()
: Handles user registration with email and password. It takes an email and password from the request, hashes the password, creates a new user in the configuredDataStorage
, and issues a new JWT and refresh token.refreshTokenHandler()
: Manages the refreshing of access tokens. It expects a refresh token in the request, revokes the old refresh token, updates the associated session, and then issues a new JWT and a new refresh token.sendOtpHandler({String fromEmail, String fromName, String? emailSubject, bool debugOtps})
: Sends a One-Time Password (OTP) to a user via email or phone. It uses theDataStorage
to store the hashed OTP and integrates with configured email (Sendgrid
) or SMS (SmsProvider
) providers. ThedebugOtps
parameter can be used to print OTPs to the console for testing purposes.signInAnonymouslyHandler()
: Allows users to sign in without providing any credentials. It creates a new anonymous user inDataStorage
and issues a JWT and refresh token.signInWithCredentialHandler()
: Facilitates third-party sign-in using credentials from providers like Google or Apple. It verifies the provided credential, retrieves or creates a user inDataStorage
, and issues a JWT and refresh token.signInWithEmailPasswordHandler()
: Handles user login with an email and password. It verifies the credentials against the stored user data inDataStorage
and, upon successful verification, issues a JWT and refresh token.verifyOtpHandler({Future<void> Function({required String userId, String? email, String? phoneNumber})? onNewUser})
: Verifies an OTP submitted by the user. If the OTP is valid, it revokes the OTP, either creates a new user or identifies an existing one based on the identifier, and issues a JWT and refresh token. An optionalonNewUser
callback can be provided to execute logic when a new user is created.
Data Storage
The toolkit defines a DataStorage
interface, which abstracts the underlying data persistence layer. This allows for flexible integration with different databases or storage solutions.
DataStorage
(abstract class): Defines the contract for all data storage operations, including creating/retrieving users, sessions, refresh tokens, and OTPs.InMemoryDataStorage
: A provided in-memory implementation of theDataStorage
interface. This is useful for development, testing, and simple deployments where data persistence across restarts is not critical.
3rd Party Integrations
The toolkit offers integrations with various third-party services for sending emails, SMS, and handling social logins:
Sendgrid({required String apiKey, required String baseUrl})
: A client for sending emails via the Sendgrid API. It requires a Sendgrid API key and the base URL for the Sendgrid API.
SMS
SmsProvider
(abstract class): An interface defining methods for sending SMS messages.Textbelt({required String apiKey})
: An implementation ofSmsProvider
that uses the Textbelt API to send SMS messages. It requires a Textbelt API key.Twilio({required String accountSid, required String authenticationToken, required String messagingServiceSid})
: An implementation ofSmsProvider
that uses the Twilio API to send SMS messages. It requires Twilio account SID, authentication token, and messaging service SID.
Social Sign-In
SignInWithApple({required String bundleId, String? serviceId})
: A utility for verifying Apple ID tokens. It requires the iOS/macOS bundle ID and optionally a service ID for web/Android sign-in.SignInWithGoogle({required String clientId})
: A utility for verifying Google ID tokens. It requires the Google client ID.
Libraries
- super_simple_authentication_toolkit
- A collection of Dart Frog functions that power the super_simple_authentication_server