feat: implement client credentials grant handling

2025-12-04 20:13:56 +08:00 · 2025-07-20 23:48:35 +05:30
parent fd4b05663c
commit 1089403467
3 changed files with 67 additions and 4 deletions
--- a/packages/better_networking/lib/utils/auth/oauth2_utils.dart
+++ b/packages/better_networking/lib/utils/auth/oauth2_utils.dart
@@ -4,6 +4,8 @@ import 'dart:io';
 import 'package:flutter_web_auth_2/flutter_web_auth_2.dart';
 import 'package:oauth2/oauth2.dart' as oauth2;

+import '../../models/models.dart';
+
 Future<oauth2.Client> oAuth2AuthorizationCodeGrantHandler({
  required String identifier,
  required String secret,
@@ -73,3 +75,53 @@ Future<oauth2.Client> oAuth2AuthorizationCodeGrantHandler({
    rethrow;
  }
 }
+
+Future<oauth2.Client> oAuth2ClientCredentialsHandler({
+  required AuthOAuth2Model oauth2Model,
+  required File credentialsFile,
+}) async {
+  // Try to use saved credentials
+  if (await credentialsFile.exists()) {
+    try {
+      final json = await credentialsFile.readAsString();
+      final credentials = oauth2.Credentials.fromJson(json);
+
+      if (credentials.accessToken.isNotEmpty && !credentials.isExpired) {
+        log('Using existing valid credentials');
+        // TODO: This adds the client_id parameter to the body instead of the header
+        return oauth2.clientCredentialsGrant(
+          Uri.parse(oauth2Model.authorizationUrl),
+          oauth2Model.clientId,
+          oauth2Model.clientSecret,
+          scopes: oauth2Model.scope != null ? [oauth2Model.scope!] : null,
+        );
+      }
+    } catch (e) {
+      log('Error reading existing credentials: $e');
+    }
+  }
+  log("Creating Client with id: ${oauth2Model.clientId}");
+  log("Creating Client with sec: ${oauth2Model.clientSecret}");
+
+  // Otherwise, perform the client credentials grant
+  final client = await oauth2.clientCredentialsGrant(
+    Uri.parse(oauth2Model.authorizationUrl),
+    oauth2Model.clientId,
+    oauth2Model.clientSecret,
+    scopes: oauth2Model.scope != null ? [oauth2Model.scope!] : null,
+  );
+  log("Created Client with id: ${client.identifier}");
+  log("Created Client with sec: ${client.secret}");
+  log("Created Client with sec: ${client.credentials.toJson()}");
+
+  log('Successfully authenticated via client credentials grant');
+
+  try {
+    await credentialsFile.writeAsString(client.credentials.toJson());
+    log('Saved credentials to file');
+  } catch (e) {
+    log('Failed to save credentials: $e');
+  }
+
+  return client;
+}