A secure, lightweight, and null-safe authentication package for Flutter.
It supports:
- 🔐 OAuth2 PKCE Authorization Code flow
- 🔁 Access/Refresh token handling
- 🧠 Auto token refresh
- 💾 Secure token storage (Keychain / Keystore)
- ⚡ Easy REST integration
Designed for developers who want security + simplicity when integrating login systems in Flutter apps.
Add this to your pubspec.yaml:
dependencies:
flutter_secure_auth: ^0.1.0
🧩 Usage
#Initialize
final authService = AuthService(
tokenEndpoint: Uri.parse('https://api.example.com/oauth/token'),
revokeEndpoint: Uri.parse('https://api.example.com/oauth/revoke'),
);
#🔸 Sign in with username/password
final tokens = await authService.signInWithPassword(
endpoint: Uri.parse('https://api.example.com/auth/login'),
username: 'user@example.com',
password: 'securePassword',
);
#🔸 OAuth2 PKCE Flow
final pkce = createPkcePair();
final authUrl = Uri.parse('https://auth.example.com/authorize').replace(queryParameters: {
'response_type': 'code',
'client_id': 'your-client-id',
'redirect_uri': 'com.example.app:/oauthredirect',
'scope': 'openid profile offline_access',
'code_challenge': pkce.codeChallenge,
'code_challenge_method': 'S256',
'state': pkce.state,
});
// After redirect and code received:
final tokens = await authService.exchangeAuthorizationCode(
code: 'returned-code',
codeVerifier: pkce.codeVerifier,
redirectUri: Uri.parse('com.example.app:/oauthredirect'),
);
#🔸 Make authorized requests
final request = http.Request('GET', Uri.parse('https://api.example.com/user'));
final authed = await authService.authorizedRequest(request);
final response = await authed.send();
#🔸 Sign out
await authService.signOut();