refactor(dart): update the token storage to store a map of access token instance (#17)

Author: simeng-li

lib/logto_client.dart

@@ -3,14 +3,15 @@ import 'package:flutter_web_auth/flutter_web_auth.dart';
 import 'package:http/http.dart' as http;
 import 'package:jose/jose.dart';
 
-import '/logto_core.dart' as logto_core;
+import 'logto_core.dart' as logto_core;
 import '/src/exceptions/logto_auth_exceptions.dart';
 import '/src/interfaces/logto_interfaces.dart';
+import '/src/modules/id_token.dart';
+import '/src/modules/logto_storage_strategy.dart';
+import '/src/modules/pkce.dart';
+import '/src/modules/token_storage.dart';
+
 import '/src/utilities/constants.dart';
-import '/src/utilities/id_token.dart';
-import '/src/utilities/logto_storage_strategy.dart';
-import '/src/utilities/pkce.dart';
-import '/src/utilities/token_storage.dart';
 import '/src/utilities/utils.dart' as utils;
 
 export '/src/interfaces/logto_config.dart';
@@ -148,10 +149,10 @@ class LogtoClient {
     }
 
     await _tokenStorage.save(
-      idToken: idToken,
-      accessToken: tokenResponse.accessToken,
-      refreshToken: tokenResponse.refreshToken,
-    );
+        idToken: idToken,
+        accessToken: tokenResponse.accessToken,
+        refreshToken: tokenResponse.refreshToken,
+        expiresIn: tokenResponse.expiresIn);
   }
 
   Future<void> signOut({

lib/src/interfaces/access_token.dart

@@ -0,0 +1,26 @@
+import 'package:json_annotation/json_annotation.dart';
+
+part 'access_token.g.dart';
+
+@JsonSerializable()
+class AccessToken {
+  @JsonKey(name: 'token', required: true, disallowNullValue: true)
+  final String token;
+  @JsonKey(name: 'scope', required: true, disallowNullValue: true)
+  final String scope;
+  @JsonKey(name: 'expiresAt', required: true, disallowNullValue: true)
+  final DateTime expiresAt;
+
+  AccessToken({
+    required this.token,
+    required this.scope,
+    required this.expiresAt,
+  });
+
+  bool get isExpired => DateTime.now().toUtc().compareTo(expiresAt) > 0;
+
+  factory AccessToken.fromJson(Map<String, dynamic> json) =>
+      _$AccessTokenFromJson(json);
+
+  Map<String, dynamic> toJson() => _$AccessTokenToJson(this);
+}

lib/src/interfaces/access_token.g.dart

@@ -2,3 +2,4 @@ export 'logto_code_token_response.dart';
 export 'logto_config.dart';
 export 'logto_refresh_token_response.dart';
 export 'oidc_provider_config.dart';
+export 'access_token.dart';

lib/src/interfaces/logto_interfaces.dart

@@ -2,7 +2,7 @@ import 'dart:convert';
 
 import 'package:crypto/crypto.dart';
 
-import 'utils.dart' as utils;
+import '/src/utilities/utils.dart' as utils;
 
 class PKCE {
   final String codeVerifier;

lib/src/utilities/id_token.dart renamed to lib/src/modules/id_token.dart

@@ -0,0 +1,177 @@
+import 'dart:convert';
+
+import 'id_token.dart';
+import 'logto_storage_strategy.dart';
+import '/src/interfaces/access_token.dart';
+
+class _TokenStorageKeys {
+  static const accessTokenKey = 'logto_access_token';
+  static const refreshTokenKey = 'logto_refresh_token';
+  static const idTokenKey = 'logto_id_token';
+}
+
+class TokenStorage {
+  IdToken? _idToken;
+  Map<String, AccessToken>? _accessTokenMap;
+  String? _refreshToken;
+
+  late final LogtoStorageStrategy _storage;
+
+  static TokenStorage? loaded;
+
+  TokenStorage(
+    LogtoStorageStrategy? storageStrategy,
+  ) {
+    _storage = storageStrategy ?? SecureStorageStrategy();
+  }
+
+  static IdToken? _decodeIdToken(String? encoded) {
+    if (encoded == null) return null;
+    return IdToken.unverified(encoded);
+  }
+
+  static String? _encodeIdToken(IdToken? token) {
+    return token?.toCompactSerialization();
+  }
+
+  static String _encodeScopes(List<String>? scopes) {
+    final List<String> scopeList = scopes ?? [];
+    scopeList.sort();
+    return scopeList.join(' ');
+  }
+
+  Future<IdToken?> get idToken async {
+    if (_idToken != null) {
+      return _idToken!;
+    }
+
+    final idTokenFromStorage =
+        await _storage.read(key: _TokenStorageKeys.idTokenKey);
+    _idToken = _decodeIdToken(idTokenFromStorage);
+
+    return _idToken;
+  }
+
+  Future<void> setIdToken(IdToken? idToken) async {
+    _idToken = idToken;
+
+    await _storage.write(
+      key: _TokenStorageKeys.idTokenKey,
+      value: _encodeIdToken(idToken),
+    );
+  }
+
+  static String _buildAccessTokenKey(String? resource,
+          [List<String>? scopes]) =>
+      "${_encodeScopes(scopes)}@${resource ?? ''}";
+
+  Future<Map<String, AccessToken>?> _getAccessTokenMapFromStorage() async {
+    final tokenMapStorage =
+        await _storage.read(key: _TokenStorageKeys.accessTokenKey);
+
+    if (tokenMapStorage != null) {
+      try {
+        final Map<String, dynamic> jsonMap = jsonDecode(tokenMapStorage);
+
+        return Map.fromEntries(jsonMap.keys
+            .map((key) => MapEntry(key, AccessToken.fromJson(jsonMap[key]))));
+      } catch (e) {
+        return null;
+      }
+    }
+
+    return null;
+  }
+
+  Future<AccessToken?> getAccessToken(
+      [String? resource, List<String>? scopes]) async {
+    final key = _buildAccessTokenKey(resource, scopes);
+
+    if (_accessTokenMap != null) {
+      return _accessTokenMap![key];
+    }
+
+    _accessTokenMap = await _getAccessTokenMapFromStorage();
+
+    return _accessTokenMap?[key];
+  }
+
+  Future<void> _saveAccessTokenMapToStorage(
+      Map<String, AccessToken> accessTokenMap) async {
+    final jsonMap = Map.fromEntries(accessTokenMap.keys
+        .map((key) => MapEntry(key, accessTokenMap[key]?.toJson())));
+    await _storage.write(
+        key: _TokenStorageKeys.accessTokenKey, value: jsonEncode(jsonMap));
+  }
+
+  Future<void> setAccessToken(String accessToken,
+      {String? resource, List<String>? scopes, required int expiresIn}) async {
+    final key = _buildAccessTokenKey(resource, scopes);
+
+    final Map<String, AccessToken> newAccessTokenMap =
+        Map.from(_accessTokenMap ?? {});
+
+    newAccessTokenMap.addAll({
+      key: AccessToken(
+          token: accessToken,
+          scope: _encodeScopes(scopes),
+
+          /// convert the expireAt to standard utc time
+          expiresAt: DateTime.now().add(Duration(seconds: expiresIn)).toUtc())
+    });
+
+    await _saveAccessTokenMapToStorage(newAccessTokenMap);
+
+    _accessTokenMap = newAccessTokenMap;
+  }
+
+  Future<String?> get refreshToken async {
+    if (_refreshToken != null) {
+      return _refreshToken;
+    }
+
+    _refreshToken = await _storage.read(key: _TokenStorageKeys.refreshTokenKey);
+
+    return _refreshToken;
+  }
+
+  Future<void> setRefreshToken(String? refreshToken) async {
+    _refreshToken = refreshToken;
+
+    await _storage.write(
+      key: _TokenStorageKeys.refreshTokenKey,
+      value: refreshToken,
+    );
+  }
+
+  /// Initial token response saving
+  ///
+  /// * required IdToken
+  /// * required AccessToken
+  /// * required expiresIn
+  /// * optional refreshToken
+  /// * initial AccessToken id for OpenID use only does not have resource & scope
+  Future<void> save({
+    required IdToken idToken,
+    required String accessToken,
+    String? refreshToken,
+    required int expiresIn,
+  }) async {
+    await Future.wait([
+      setAccessToken(accessToken, expiresIn: expiresIn),
+      setIdToken(idToken),
+      setRefreshToken(refreshToken),
+    ]);
+  }
+
+  Future<void> clear() async {
+    _accessTokenMap = null;
+    _refreshToken = null;
+    _idToken = null;
+    await Future.wait<void>([
+      _storage.delete(key: _TokenStorageKeys.accessTokenKey),
+      _storage.delete(key: _TokenStorageKeys.refreshTokenKey),
+      _storage.delete(key: _TokenStorageKeys.idTokenKey),
+    ]);
+  }
+}