Id4me Relying Party Api

Id4me Relying Party Api provides easy integration of the Id4me login into your projects. Since Id4me is still in beta, the login process can change at any time and make this package unusable!

Table of Contents

1. Install
   • pubspec.yaml
2. Import
3. Login Flow
   • Basics
   • Create login service
   • Create Session Data
   • Build Authorization Url
   • Authenticate
   • Fetch UserInfo
4. Exceptions
5. Changelog
6. Copyright and license

Install

pubspec.yaml

Update pubspec.yaml and add the following line to your dependencies.

dependencies:
  id4me_relying_party_api: ^0.5.1

Import

Import the package with :

import 'package:id4me_relying_party_api/id4me_relying_party_api.dart';

Login Flow

Basics

The main class used is the Id4meLogon class. The package also contains many more classes that are used by the Id4meLogon class. View the Example for a detailed example on how to use the Id4meLogon.

Create login service

The first step in the login flow is to create an instance of the login service class Id4meLogon with the necessery properties and claimsparameter. See the example on how to set them up.

Map<String, dynamic> properties = {
    Id4meConstants.KEY_CLIENT_NAME: "ID4me Login Demo",
    Id4meConstants.KEY_LOGO_URI: "https://domain.com/favicon.png",
    Id4meConstants.KEY_REDIRECT_URI: "https://domain.com/redirect"
};

Map<String, dynamic> claimsParameters = {
    Id4meConstants.KEY_CLAIM_EMAIL: {
      "required": true,
      "reason": "Needed to create the profile"
    },
    Id4meConstants.KEY_CLAIM_NAME: {
      "required": true,
      "reason": "Displayname in the user data"
    },
    Id4meConstants.KEY_CLAIM_GIVEN_NAME: {"required": true, "reason": ""},
};

Id4meLogon logon = new Id4meLogon(properties: properties, claimsParameters: claimsParameters);

Create Session Data

The next step is to create the session data, that is needed throughout the hole login process. It fetches for example the DNS data and identity authority data.

Id4meSessionData sessionData;
try {
  sessionData = await logon.createSessionData(domain, true);
} on DnsResolveException {
  // Handle DnsResolveException
} on IdentityAuthorityDataFetchException {
  // Handle IdentityAuthorityDataFetchException
} on Id4meIdentifierFormatException {
  // Handle Id4meIdentifierFormatException
} on DnsDataNotParseableException {
  // Handle DnsDataNotParseableException
} catch (e) {
  // Handle any other exception
}

Build Authorization Url

The data from the DNS can now be used to create an authentication url to which the user is routed.

String authorizationURL = logon.buildAuthorizationUrl(sessionData);

Authenticate

After the user has been redirected by the Identity Authority, the code, given as a query parameter in the redirect url, can be used to authorize with the Identity Agent.

The redirect url could look like this : https://domain.com/redirect?code=DKYPkDfkH0cLw3_NmS6IGQ.BPA4gUtfLh0gljqQ3wJNVw&state=authorize

try {
  await logon.authenticate(sessionData, code);
} on BearerTokenFetchException {
  // Handle BearerTokenFetchException
} on BearerTokenNotFoundException {
  // Handle BearerTokenNotFoundException
} catch (e) {
  // Handle any other exception
}

Fetch UserInfo

After successful authorization, the requested user data can be queried.

Map<String, dynamic> info;
try {
  info = await logon.fetchUserinfo(sessionData);
} on MandatoryClaimsException {
  // Handle MandatoryClaimsException
} on UserInfoFetchException {
  // Handle UserInfoFetchException
} catch (e) {
  // Handle any other exception
}

Exceptions

The login service can throw several id4me specific exceptions throughout the login flow. View the example for the right time to catch them.

Id4meIdentifierFormatException

If the ID4me identifier has the wrong format, an Id4meIdentifierFormatException is thrown.

DnsResolveException

The DnsResolveException is thrown when something unexpected happens while trying to fetch the _openid TXT record for the given id4me login.

DnsDataNotParseableException

DnsDataNotParseableException is thrown if the Id4meDnsData could not be parsed from the dns record value.

IdentityAuthorityDataFetchException

If it is not possible to fetch the data for configured Identity Authority, an IdentityAuthorityDataFetchException is thrown.

BearerTokenFetchException

A BearerTokenFetchException is thrown when something unexpected happens while trying to fetch the bearer token from the Idenity Agent.

BearerTokenNotFoundException

If the response from the Idenity Agent does not contain a bearer token the BearerTokenNotFoundException is thrown.

UserInfoFetchException

When something unexpected happens while trying to fetch the userinfo from the Identity Agent, an UserInfoFetchException is thrown.

MandatoryClaimsException

If the UserInfo does not contain all claimes that are marked as required, the MandatoryClaimsException is thrown.

Changelog

For a detailed changelog, see the CHANGELOG.md file

Copyright and license

MIT License

Copyright (c) 2019 Ephenodrom

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.