我希望我的应用程序中的用户保持登录状态。我使用IDToken的firebase身份验证,该身份验证持续1小时,直到过期。如果会话即将过期,我希望每次都自动刷新会话。
到目前为止我在这里读到了什么https://firebase.google.com/docs/reference/rest/auth/#section-刷新令牌https://securetoken.googleapis.com/v1/token?key=[API_KEY]应该是可能的
这是我现在进行身份验证的完整代码(颤动(
import 'dart:convert';
import 'package:flutter/material.dart';
import 'package:http/http.dart' as http;
import '../provider/http_exception.dart';
import 'dart:async';
import 'package:shared_preferences/shared_preferences.dart';
class Auth with ChangeNotifier {
String _token;
DateTime _expiryDate;
String _userId;
Timer _authTimer;
bool wasLoggedOut = false;
bool onBoarding = false;
Future<void> createUser(String email, String firstName, String lastName) async {
final url = 'https://test45.firebaseio.com/users/$userId.json?auth=$token';
final response = await http.put(url, body: json.encode({
'userEmail': email,
'userIsArtist': false,
'userFirstName': firstName,
'userLastName': lastName,
}));
print('post ist done');
print(json.decode(response.body));
}
bool get isAuth {
return token != null;
}
String get userId {
return _userId;
}
String get token {
if (_expiryDate != null &&
_expiryDate.isAfter(DateTime.now()) &&
_token != null) {
return _token;
}
return null;
}
Future<void> authenticate(
String email, String password, String urlSegement) async {
final url = 'https://identitytoolkit.googleapis.com/v1/accounts:$urlSegement?key=AIzaSyD8pb3M325252dfsDC-4535dfd';
try {
final response = await http.post(url,
body: json.encode({
'email': email,
'password': password,
'returnSecureToken': true,
}));
final responseData = json.decode(response.body);
if (responseData['error'] != null) {
throw HttpException(responseData['error']['message']);
}
_token = responseData['idToken'];
_userId = responseData['localId'];
_expiryDate = DateTime.now().add(Duration(seconds: int.parse(responseData['expiresIn'])));
_autoLogout();
notifyListeners();
final prefs = await SharedPreferences.getInstance();
final userData = json.encode({
'token': _token,
'userId': _userId,
'expiryDate': _expiryDate.toIso8601String(),
});
prefs.setString('userData', userData);
} catch (error) {
throw error;
}
}
Future<void> signup(String email, String password) async {
return authenticate(email, password, 'signUp');
}
Future<void> signin(String email, String password) async {
return authenticate(email, password, 'signInWithPassword');
}
Future<bool> tryAutoLogin() async {
final prefs = await SharedPreferences.getInstance();
if(!prefs.containsKey('userData')){
return false;
}
final extractedUserData = json.decode(prefs.getString('userData')) as Map<String, Object>;
final expiryDate = DateTime.parse(extractedUserData['expiryDate']);
if(expiryDate.isBefore(DateTime.now())) {
return false;
}
_token = extractedUserData['token'];
_userId = extractedUserData['userId'];
_expiryDate = expiryDate;
notifyListeners();
_autoLogout();
return true;
}
Future<void> logout() async {
_token = null;
_userId = null;
_expiryDate = null;
if(_authTimer != null){
_authTimer.cancel();
_authTimer = null;
}
notifyListeners();
final prefs = await SharedPreferences.getInstance();
prefs.remove('userData');
}
void _autoLogout() {
if(_authTimer != null) {
_authTimer.cancel();
}
final timetoExpiry = _expiryDate.difference(DateTime.now()).inSeconds;
_authTimer = Timer(Duration(seconds: timetoExpiry), logout);
}
}
如何修改我的auth.dart以实现自动刷新?
编辑:
如评论中所述,我与提供商合作,在那里我有以下功能来检索令牌:
update(String token, id, List<items> itemsList) {
authToken = token;
userId = id;
}
在我的每一个API调用中,im都已经使用了auth参数:
var url = 'https://test45.firebaseio.com/folder/$inside/$ym.json?auth=$authToken';
我只需要有人能告诉我如何用刷新令牌修改我的代码。
提前感谢!
编辑:
我试图实现它,但我得到了一个无限循环,请帮助:
String get token {
if (_expiryDate != null &&
_expiryDate.isAfter(DateTime.now()) &&
_token != null) {
return _token;
}
refreshSession();
}
Future<void> refreshSession() async {
final url = 'https://securetoken.googleapis.com/v1/token?key=5437fdjskfsdk38438?grant_type=refresh_token?auth=$token';
try {
final response = await http.post(url,
body: json.encode({
'token_type': 'Bearer',
}));
final responseData = json.decode(response.body);
if (responseData['error'] != null) {
throw HttpException(responseData['error']['message']);
}
_token = responseData['id_token'];
_userId = responseData['user_id'];
_expiryDate = DateTime.now().add(Duration(seconds: int.parse(responseData['expires_in'])));
_autoLogout();
notifyListeners();
final prefs = await SharedPreferences.getInstance();
final userData = json.encode({
'token': _token,
'userId': _userId,
'expiryDate': _expiryDate.toIso8601String(),
});
prefs.setString('userData', userData);
} catch (error) {
throw error;
}
}
我编辑了您的refresh_token()函数。
首先,您应该在带有链接的firebase项目中使用您的webapi密钥。您还应该保存刷新令牌。如果你这样发帖,它会起作用的。如果不起作用,请在我提交时尝试在身体上不使用json.encode()功能。
Future<void> refreshSession() async {
final url =
'https://securetoken.googleapis.com/v1/token?key=$WEB_API_KEY';
//$WEB_API_KEY=> You should write your web api key on your firebase project.
try {
final response = await http.post(
url,
headers: {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded"
},
body: json.encode({
'grant_type': 'refresh_token',
'refresh_token': '[REFRESH_TOKEN]', // Your refresh token.
}),
// Or try without json.encode.
// Like this:
// body: {
// 'grant_type': 'refresh_token',
// 'refresh_token': '[REFRESH_TOKEN]',
// },
);
final responseData = json.decode(response.body);
if (responseData['error'] != null) {
throw HttpException(responseData['error']['message']);
}
_token = responseData['id_token'];
_refresh_token = responseData['refresh_token']; // Also save your refresh token
_userId = responseData['user_id'];
_expiryDate = DateTime.now()
.add(Duration(seconds: int.parse(responseData['expires_in'])));
_autoLogout();
notifyListeners();
final prefs = await SharedPreferences.getInstance();
final userData = json.encode({
'token': _token,
'refresh_token': _refresh_token,
'userId': _userId,
'expiryDate': _expiryDate.toIso8601String(),
});
prefs.setString('userData', userData);
} catch (error) {
throw error;
}
}
这是我编辑的完整auth.dart文件。
import 'dart:convert';
import 'package:flutter/material.dart';
import 'package:http/http.dart' as http;
import '../provider/http_exception.dart';
import 'dart:async';
import 'package:shared_preferences/shared_preferences.dart';
class Auth with ChangeNotifier {
String _token;
String _refresh_token;
DateTime _expiryDate;
String _userId;
Timer _authTimer;
bool wasLoggedOut = false;
bool onBoarding = false;
Future<void> createUser(String email, String firstName, String lastName) async {
final url = 'https://test45.firebaseio.com/users/$userId.json?auth=$token';
final response = await http.put(url, body: json.encode({
'userEmail': email,
'userIsArtist': false,
'userFirstName': firstName,
'userLastName': lastName,
}));
print('post ist done');
print(json.decode(response.body));
}
bool get isAuth {
return token != null;
}
String get userId {
return _userId;
}
String get token {
if (_expiryDate != null &&
_expiryDate.isAfter(DateTime.now()) &&
_token != null && _refresh_token!=null) {
return _token;
}
refreshSession();
return null;
}
Future<void> authenticate(
String email, String password, String urlSegement) async {
final url = 'https://identitytoolkit.googleapis.com/v1/accounts:$urlSegement?key=AIzaSyD8pb3M325252dfsDC-4535dfd';
try {
final response = await http.post(url,
body: json.encode({
'email': email,
'password': password,
'returnSecureToken': true,
}));
final responseData = json.decode(response.body);
if (responseData['error'] != null) {
throw HttpException(responseData['error']['message']);
}
_token = responseData['idToken'];
_refresh_token = responseData['refreshToken'];
_userId = responseData['localId'];
_expiryDate = DateTime.now().add(Duration(seconds: int.parse(responseData['expiresIn'])));
_autoLogout();
notifyListeners();
final prefs = await SharedPreferences.getInstance();
final userData = json.encode({
'token': _token,
'refresh_token': _refresh_token,
'userId': _userId,
'expiryDate': _expiryDate.toIso8601String(),
});
prefs.setString('userData', userData);
} catch (error) {
throw error;
}
}
Future<void> signup(String email, String password) async {
return authenticate(email, password, 'signUp');
}
Future<void> signin(String email, String password) async {
return authenticate(email, password, 'signInWithPassword');
}
Future<bool> tryAutoLogin() async {
final prefs = await SharedPreferences.getInstance();
if(!prefs.containsKey('userData')){
return false;
}
final extractedUserData = json.decode(prefs.getString('userData')) as Map<String, Object>;
final expiryDate = DateTime.parse(extractedUserData['expiryDate']);
if(expiryDate.isBefore(DateTime.now())) {
return false;
}
_token = extractedUserData['token'];
_refresh_token = extractedUserData['refresh_token'];
_userId = extractedUserData['userId'];
_expiryDate = expiryDate;
notifyListeners();
_autoLogout();
return true;
}
Future<void> logout() async {
_token = null;
_refresh_token = null;
_userId = null;
_expiryDate = null;
if(_authTimer != null){
_authTimer.cancel();
_authTimer = null;
}
notifyListeners();
final prefs = await SharedPreferences.getInstance();
prefs.remove('userData');
}
void _autoLogout() {
if(_authTimer != null) {
_authTimer.cancel();
}
final timetoExpiry = _expiryDate.difference(DateTime.now()).inSeconds;
_authTimer = Timer(Duration(seconds: timetoExpiry), logout);
}
Future<void> refreshSession() async {
final url =
'https://securetoken.googleapis.com/v1/token?key=$WEB_API_KEY';
//$WEB_API_KEY=> You should write your web api key on your firebase project.
try {
final response = await http.post(
url,
headers: {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded"
},
body: json.encode({
'grant_type': 'refresh_token',
'refresh_token': '[REFRESH_TOKEN]', // Your refresh token.
}),
// Or try without json.encode.
// Like this:
// body: {
// 'grant_type': 'refresh_token',
// 'refresh_token': '[REFRESH_TOKEN]',
// },
);
final responseData = json.decode(response.body);
if (responseData['error'] != null) {
throw HttpException(responseData['error']['message']);
}
_token = responseData['id_token'];
_refresh_token = responseData['refresh_token']; // Also save your refresh token
_userId = responseData['user_id'];
_expiryDate = DateTime.now()
.add(Duration(seconds: int.parse(responseData['expires_in'])));
_autoLogout();
notifyListeners();
final prefs = await SharedPreferences.getInstance();
final userData = json.encode({
'token': _token,
'refresh_token': _refresh_token,
'userId': _userId,
'expiryDate': _expiryDate.toIso8601String(),
});
prefs.setString('userData', userData);
} catch (error) {
throw error;
}
}
}
您需要保存刷新令牌。
按照本主题使用刷新令牌刷新IDToken:https://firebase.google.com/docs/reference/rest/auth#section-刷新令牌
当对API进行任何调用时,请使用函数来检索IDToken。此函数必须检查当前IDToken是否仍然有效,如果仍然有效,则请求新的IDToken(使用提供的链接(。
我认为Dio库适合您
dio = Dio();
dio.options.baseUrl = URL_API_PROD;
dio.interceptors.add(InterceptorsWrapper(
onRequest: (Options option) async{
//getToken() : you can check token expires and renew in this function
await getToken().then((result) {
token = result;
});
option.headers = {
"Authorization": "Bearer $token"
};
}
));
Response response = await dio.get('/api/users');
body需要字符串。。。因此,将refreshSession((中的body更改为body: 'grant_type=refresh_token&refresh_token=[YOUR REFRESH TOKEN]',。
在发送http.post请求之前,您需要从SharedPreferences加载"refreshToken"。