From 85ce3647f23233010dafddc78b4b4a9ac0586f62 Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 13:52:37 +1000 Subject: [PATCH 1/7] Custom solid oidc config parameters --- lib/src/auth/solid_oidc_config.dart | 229 ++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 lib/src/auth/solid_oidc_config.dart diff --git a/lib/src/auth/solid_oidc_config.dart b/lib/src/auth/solid_oidc_config.dart new file mode 100644 index 0000000..1e8ed5f --- /dev/null +++ b/lib/src/auth/solid_oidc_config.dart @@ -0,0 +1,229 @@ +/// Support for flutter apps authenticating to a Solid server. +/// +/// Copyright (C) 2026, Software Innovation Institute, ANU. +/// +/// Licensed under the MIT License (the "License"). +/// +/// License: https://choosealicense.com/licenses/mit/. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +/// +/// Authors: Anushka Vidanage +library; + +import 'package:http/http.dart' as http; +import 'package:oidc/oidc.dart'; + +import 'package:solid_auth/src/utils/solid_scopes.dart'; + +/// Configuration for building an [OidcUserManager] targeted at a Solid POD. +/// +/// Includes fine-grained control over the OpenID Connect authentication +/// process, including security settings, token management, and platform-specific +/// behaviors. It extends the standard OIDC configuration with Solid-specific +/// requirements and optimizations. +/// +/// Example +/// +/// Used internally by [SolidOidcManagerFactory], but may be exposed for advanced +/// use cases requiring custom OIDC flow configuration: +/// +/// ```dart +/// final settings = SolidOidcConfig( +/// clientId: 'my_client_id' +/// redirectUri: Uri.parse('https://myapp.com/callback'), +/// refreshBefore: Duration(minutes: 5), +/// ); +/// ``` +/// Solid-Specific Defaults +/// +/// This class provides sensible defaults for Solid OIDC: +/// - Default scopes: `['openid', 'webid', 'offline_access']` (recommended for Flutter apps) +/// - Automatic `consent` prompt when `offline_access` scope is requested +/// - WebID discovery integration via [getIssuers] +/// - DPoP token support for enhanced security +/// - Automatic session restoration capabilities +/// +/// cope Usage in Solid +/// +/// Unlike traditional OAuth2 APIs, Solid applications typically don't need +/// additional scopes beyond the defaults. Access control in Solid is handled +/// at the resource level through Web Access Control (WAC) or Access Control +/// Policies (ACP), not through OAuth2 scopes. +/// +/// The default scopes `['openid', 'webid', 'offline_access']` are sufficient +/// for virtually all Solid applications. Extra scopes are only needed for +/// specialized scenarios such as hybrid applications that integrate with +/// both Solid pods and traditional OAuth2 APIs. +/// +class SolidOidcConfig { + const SolidOidcConfig({ + required this.clientId, + required this.redirectUri, + this.postLogoutRedirectUri, + this.scopes = SolidScopes.defaultScopes, + this.clientSecret, + this.httpClient, + this.uiLocales, + this.extraTokenHeaders, + this.prompt = const [], + this.display, + this.acrValues, + this.maxAge, + this.expiryTolerance = const Duration(minutes: 1), + this.options, + this.frontChannelLogoutUri, + this.userInfoSettings = const OidcUserInfoSettings(), + this.frontChannelRequestListeningOptions = + const OidcFrontChannelRequestListeningOptions(), + this.refreshBefore = defaultRefreshBefore, + this.strictJwtVerification = true, + this.getExpiresIn, + this.sessionManagementSettings = const OidcSessionManagementSettings(), + this.getIdToken, + this.supportOfflineAuth = false, + this.hooks, + this.extraRevocationParameters, + this.extraRevocationHeaders, + this.extraTokenParameters, + this.extraAuthParameters, + }); + + /// Your registered client ID. For dynamic registration this is assigned + /// by the Solid server after registration. + final String clientId; + + /// The redirect URI registered with the identity provider. + /// On web this should be the `redirect.html` page URL. + final Uri redirectUri; + + /// Post-logout redirect URI (optional). + final Uri? postLogoutRedirectUri; + + /// Scopes to request. Defaults to [SolidScopes.defaultScopes] which + /// includes the mandatory `webid` scope. + final List scopes; + + /// Optional client secret for confidential clients. + /// Leave null for public clients (mobile / SPA). + final String? clientSecret; + + /// Custom HTTP client (useful for proxying or testing). + final http.Client? httpClient; + + /// Custom prompts for the authorization request. + /// + /// These prompts control how the identity provider handles user interaction + /// during authentication. See [OidcAuthorizeRequest.prompt] for standard values. + /// + /// **Note**: The `consent` prompt is automatically added when the effective + /// scopes include `offline_access` (which is included by default). This ensures + /// users explicitly consent to refresh token capabilities required for offline access. + /// + /// Example: `['login', 'select_account']` - force re-authentication and account selection + final List prompt; + + /// see [OidcAuthorizeRequest.display]. + final String? display; + + /// see [OidcAuthorizeRequest.uiLocales]. + final List? uiLocales; + + /// see [OidcAuthorizeRequest.acrValues]. + final List? acrValues; + + /// see [OidcAuthorizeRequest.maxAge] + final Duration? maxAge; + + /// see [OidcTokenRequest.extra] + final Map? extraTokenHeaders; + + /// see [OidcRevocationRequest.extra] + final Map? extraRevocationParameters; + + /// Extra headers to send with the revocation request. + final Map? extraRevocationHeaders; + + /// see [OidcIdTokenVerificationOptions.expiryTolerance]. + final Duration expiryTolerance; + + /// platform-specific options. + final OidcPlatformSpecificOptions? options; + + /// the uri of the front channel logout flow. + /// this Uri MUST be registered with the OP first. + /// the OP will call this Uri when it wants to logout the user. + final Uri? frontChannelLogoutUri; + + /// Settings to control using the user_info endpoint. + final OidcUserInfoSettings userInfoSettings; + + /// The options to use when listening to platform channels. + /// + /// [frontChannelLogoutUri] must be set for this to work. + final OidcFrontChannelRequestListeningOptions + frontChannelRequestListeningOptions; + + /// How early the token gets refreshed. + /// + /// for example: + /// + /// - if `Duration.zero` is returned, the token gets refreshed once it's expired. + /// - (default) if `Duration(minutes: 1)` is returned, it will refresh the token 1 minute before it expires. + /// - if `null` is returned, automatic refresh is disabled. + final OidcRefreshBeforeCallback? refreshBefore; + + /// Settings related to the session management spec. + final OidcSessionManagementSettings sessionManagementSettings; + + /// pass this function to control how an `id_token` is fetched from a + /// token response. + /// + /// This can be used to trick the user manager into using a JWT `access_token` + /// as an `id_token` for example. + final Future Function(OidcToken token)? getIdToken; + + /// Whether to support offline authentication or not. + /// + /// When this option is enabled, expired tokens will NOT be removed if the + /// server can't be contacted + /// + /// This parameter is disabled by default due to security concerns. + final bool supportOfflineAuth; + + /// Customized hooks to modify the user manager behavior. + final OidcUserManagerHooks? hooks; + + /// whether JWTs are strictly verified. + /// + /// If set to true, the library will throw an exception if a JWT is invalid. + /// + /// **Security Note**: This defaults to `true` for security. Only set to `false` + /// for development/testing or when working with non-compliant OIDC providers. + final bool strictJwtVerification; + + /// overrides a token's expires_in value. + final Duration? Function(OidcTokenResponse tokenResponse)? getExpiresIn; + + /// Extra parameters sent with every token request. + final Map? extraTokenParameters; + + /// Extra parameters sent with every authorization request. + final Map? extraAuthParameters; +} From 4db7dddff4321a4b1fe11ac0f7fbf5731f4f404b Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 13:53:04 +1000 Subject: [PATCH 2/7] define new oidc config parameters as OidcUserManagerSettings --- lib/solid_auth.dart | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/solid_auth.dart b/lib/solid_auth.dart index 0faf197..a505bfb 100644 --- a/lib/solid_auth.dart +++ b/lib/solid_auth.dart @@ -44,6 +44,7 @@ export 'src/models/solid_provider_metadata.dart'; // Core auth functionality. The primary API consumers interact with export 'src/auth/solid_auth_manager.dart'; export 'src/auth/solid_oidc_manager_factory.dart'; +export 'src/auth/solid_oidc_config.dart'; // DPoP token generation export 'src/dpop/dpop_token_generator.dart'; From f0570142724842bafef5f33aa043a120fa9eb64b Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 13:53:18 +1000 Subject: [PATCH 3/7] updates to the auth manager --- lib/src/auth/solid_auth_manager.dart | 22 ++ lib/src/auth/solid_oidc_manager_factory.dart | 200 ++++++++++--------- 2 files changed, 124 insertions(+), 98 deletions(-) diff --git a/lib/src/auth/solid_auth_manager.dart b/lib/src/auth/solid_auth_manager.dart index 77f91d0..6583d05 100644 --- a/lib/src/auth/solid_auth_manager.dart +++ b/lib/src/auth/solid_auth_manager.dart @@ -30,6 +30,7 @@ library; import 'package:http/http.dart' as http; import 'package:logging/logging.dart'; import 'package:oidc/oidc.dart'; +import 'package:solid_auth/src/auth/solid_oidc_config.dart'; import 'package:solid_auth/src/auth/solid_auth_session_store.dart'; import 'package:solid_auth/src/auth/solid_oidc_manager_factory.dart'; @@ -496,6 +497,27 @@ class SolidAuthManager { scopes: effectiveScopes, clientSecret: config.clientSecret, httpClient: config.httpClient, + uiLocales: config.uiLocales, + extraTokenHeaders: config.extraTokenHeaders, + prompt: config.prompt, + display: config.display, + acrValues: config.acrValues, + maxAge: config.maxAge, + expiryTolerance: config.expiryTolerance, + options: config.options, + frontChannelLogoutUri: config.frontChannelLogoutUri, + userInfoSettings: config.userInfoSettings, + frontChannelRequestListeningOptions: + config.frontChannelRequestListeningOptions, + refreshBefore: config.refreshBefore, + strictJwtVerification: config.strictJwtVerification, + getExpiresIn: config.getExpiresIn, + sessionManagementSettings: config.sessionManagementSettings, + getIdToken: config.getIdToken, + supportOfflineAuth: config.supportOfflineAuth, + hooks: config.hooks, + extraRevocationParameters: config.extraRevocationParameters, + extraRevocationHeaders: config.extraRevocationHeaders, extraTokenParameters: config.extraTokenParameters, extraAuthParameters: config.extraAuthParameters, ); diff --git a/lib/src/auth/solid_oidc_manager_factory.dart b/lib/src/auth/solid_oidc_manager_factory.dart index ae5b846..fc0cce0 100644 --- a/lib/src/auth/solid_oidc_manager_factory.dart +++ b/lib/src/auth/solid_oidc_manager_factory.dart @@ -27,10 +27,10 @@ /// Authors: Anushka Vidanage library; -import 'package:http/http.dart' as http; import 'package:logging/logging.dart'; import 'package:oidc/oidc.dart'; import 'package:oidc_default_store/oidc_default_store.dart'; +import 'package:solid_auth/src/auth/solid_oidc_config.dart'; import 'package:solid_auth/src/dpop/dpop_key_manager.dart'; import 'package:solid_auth/src/dpop/dpop_token_generator.dart'; @@ -39,48 +39,6 @@ import 'package:solid_auth/src/utils/solid_scopes.dart'; final _log = Logger('solid_auth.SolidOidcManagerFactory'); -/// Configuration for building an [OidcUserManager] targeted at a Solid POD. -class SolidOidcConfig { - const SolidOidcConfig({ - required this.clientId, - required this.redirectUri, - this.postLogoutRedirectUri, - this.scopes = SolidScopes.defaultScopes, - this.clientSecret, - this.httpClient, - this.extraTokenParameters, - this.extraAuthParameters, - }); - - /// Your registered client ID. For dynamic registration this is assigned - /// by the Solid server after registration. - final String clientId; - - /// The redirect URI registered with the identity provider. - /// On web this should be the `redirect.html` page URL. - final Uri redirectUri; - - /// Post-logout redirect URI (optional). - final Uri? postLogoutRedirectUri; - - /// Scopes to request. Defaults to [SolidScopes.defaultScopes] which - /// includes the mandatory `webid` scope. - final List scopes; - - /// Optional client secret for confidential clients. - /// Leave null for public clients (mobile / SPA). - final String? clientSecret; - - /// Custom HTTP client (useful for proxying or testing). - final http.Client? httpClient; - - /// Extra parameters sent with every token request. - final Map? extraTokenParameters; - - /// Extra parameters sent with every authorization request. - final Map? extraAuthParameters; -} - /// Factory that constructs a fully configured [OidcUserManager] for /// Solid-OIDC authentication. /// @@ -109,7 +67,11 @@ abstract class SolidOidcManagerFactory { /// /// [metadata] is optional — pass it if you have already fetched the /// discovery document to avoid an extra network round-trip. - static Future<({OidcUserManager manager, DpopKeyManager keyManager})> create({ + static Future< + ({ + OidcUserManager manager, + DpopKeyManager keyManager, + })> create({ required String issuerUri, required SolidOidcConfig config, SolidProviderMetadata? metadata, @@ -119,20 +81,23 @@ abstract class SolidOidcManagerFactory { // Ensure webid scope is always present (Solid-OIDC requirement). final scopes = _ensureWebIdScope(config.scopes); - // 1. Generate (or reuse) the DPoP key pair BEFORE the manager is used. - // The key must exist before the first token-endpoint call so the hook - // can sign the proof. + // Generate (or reuse) the DPoP key pair BEFORE the manager is used. + // The key must exist before the first token-endpoint call so the hook + // can sign the proof. final keyManager = await DpopKeyManager.getInstance(); - // 2. Build the DPoP injection hook using OidcHook.modifyRequest. + // Initialise OIDC manager hooks + final hooks = config.hooks ?? OidcUserManagerHooks(); + + // Build the DPoP injection hook using OidcHook.modifyRequest. // - // OidcTokenHookRequest exposes: - // .request — OidcTokenRequest (has .grantType, .tokenEndpoint, etc.) - // .headers — Map, mutated in place before the HTTP - // call is fired. + // OidcTokenHookRequest exposes: + // .request — OidcTokenRequest (has .grantType, .tokenEndpoint, etc.) + // .headers — Map, mutated in place before the HTTP + // call is fired. // - // We inject a fresh DPoP proof on every token request (authorization_code, - // refresh_token, etc.) because the Solid OP requires it each time. + // We inject a fresh DPoP proof on every token request (authorization_code, + // refresh_token, etc.) because the Solid OP requires it each time. final dpopTokenHook = OidcHook( modifyRequest: (hookRequest) async { final tokenEndpointUrl = hookRequest.tokenEndpoint.toString(); @@ -149,22 +114,52 @@ abstract class SolidOidcManagerFactory { // Mutate the headers map in place — OidcUserManagerBase reads it // after modifyRequest returns and includes it in the HTTP POST. + hookRequest.headers ??= {}; hookRequest.headers!['DPoP'] = dpopProof; - return hookRequest; + return Future.value(hookRequest); }, ); - // 3. Wire the hook into OidcUserManagerSettings. + // Create OIDC hook group and combine any existing hooks with the created + // dpopTokenHook. + hooks.token = OidcHookGroup( + hooks: [if (hooks.token != null) hooks.token!, dpopTokenHook], + executionHook: (hooks.token is OidcExecutionHookMixin< + OidcTokenHookRequest, OidcTokenResponse>) + ? hooks.token + as OidcExecutionHookMixin + : dpopTokenHook, + ); + + // Wire the hook into OidcUserManagerSettings. final settings = OidcUserManagerSettings( + strictJwtVerification: config.strictJwtVerification, + scope: scopes, + frontChannelLogoutUri: config.frontChannelLogoutUri, redirectUri: config.redirectUri, postLogoutRedirectUri: config.postLogoutRedirectUri, - scope: scopes, - extraAuthenticationParameters: config.extraAuthParameters ?? {}, - extraTokenParameters: config.extraTokenParameters ?? {}, - hooks: OidcUserManagerHooks( - token: dpopTokenHook, - ), + hooks: hooks, + acrValues: config.acrValues, + display: config.display, + expiryTolerance: config.expiryTolerance, + extraAuthenticationParameters: config.extraAuthParameters, + extraTokenHeaders: config.extraTokenHeaders, + extraTokenParameters: config.extraTokenParameters, + uiLocales: config.uiLocales, + prompt: _getEffectivePrompts(scopes, config), + maxAge: config.maxAge, + extraRevocationHeaders: config.extraRevocationHeaders, + extraRevocationParameters: config.extraRevocationParameters, + options: config.options, + frontChannelRequestListeningOptions: + config.frontChannelRequestListeningOptions, + refreshBefore: config.refreshBefore, + getExpiresIn: config.getExpiresIn, + sessionManagementSettings: config.sessionManagementSettings, + getIdToken: config.getIdToken, + supportOfflineAuth: config.supportOfflineAuth, + userInfoSettings: config.userInfoSettings, ); final clientAuth = config.clientSecret != null @@ -174,19 +169,7 @@ abstract class SolidOidcManagerFactory { ) : OidcClientAuthentication.none(clientId: config.clientId); - // final settings = OidcUserManagerSettings( - // redirectUri: config.redirectUri, - // postLogoutRedirectUri: config.postLogoutRedirectUri, - // scope: scopes, - // extraAuthenticationParameters: { - // // Solid-OIDC requires PKCE; package:oidc uses it by default for - // // the Authorization Code flow, so no extra wiring is needed. - // ...?config.extraAuthParameters, - // }, - // extraTokenParameters: config.extraTokenParameters ?? {}, - // ); - - // 4. Construct the manager — plain httpClient, no DPoP wrapping needed. + // Construct the manager — plain httpClient, no DPoP wrapping needed. final manager = metadata != null ? OidcUserManager( discoveryDocument: metadata.oidcMetadata, @@ -194,6 +177,8 @@ abstract class SolidOidcManagerFactory { store: OidcDefaultStore(), settings: settings, httpClient: config.httpClient, + keyStore: null, + id: null, ) : OidcUserManager.lazy( discoveryDocumentUri: OidcUtils.getOpenIdConfigWellKnownUri( @@ -203,33 +188,20 @@ abstract class SolidOidcManagerFactory { store: OidcDefaultStore(), settings: settings, httpClient: config.httpClient, + keyStore: null, + id: null, ); - // if (metadata != null) { - // // Use the pre-fetched discovery document to skip a network call. - // return OidcUserManager( - // discoveryDocument: metadata.oidcMetadata, - // clientCredentials: clientAuth, - // store: OidcDefaultStore(), - // settings: settings, - // httpClient: config.httpClient, - // ); - // } - - // // Lazy path: let package:oidc fetch the discovery document on init(). - // return OidcUserManager.lazy( - // discoveryDocumentUri: OidcUtils.getOpenIdConfigWellKnownUri( - // Uri.parse(issuerUri), - // ), - // clientCredentials: clientAuth, - // store: OidcDefaultStore(), - // settings: settings, - // httpClient: config.httpClient, - // ); - - return (manager: manager, keyManager: keyManager); + // Return OIDC manager and custom key manager + return ( + manager: manager, + keyManager: keyManager, + ); } + // Check if the current scope contains webid. + // Solid-OIDC specification require webid to be included in the + // request scopes. If not available add the webid to the scopes static List _ensureWebIdScope(List scopes) { if (scopes.contains(SolidScopes.webid)) return scopes; _log.warning( @@ -238,4 +210,36 @@ abstract class SolidOidcManagerFactory { ); return [...scopes, SolidScopes.webid]; } + + // Calculates the effective prompts for the OIDC authorization request. + // - Includes all configured prompts from [SolidOidcConfig.prompt] + // - Automatically adds `consent` when `offline_access` is in the provided scopes + // - Custom prompts from [SolidOidcConfig.prompt] are preserved + // + // Automatic Consent Prompt (Default Behavior) + // + // The `consent` prompt is required when requesting `offline_access` because: + // - Refresh tokens allow long-term access without user interaction + // - Users must explicitly consent to this enhanced access level + // - Many OIDC providers require explicit consent for offline access + // + // Returns a list of prompt values to be sent to the identity provider + // during the authorization request. + static List _getEffectivePrompts( + List scopes, + SolidOidcConfig config, + ) { + // Default behavior: include configured prompts and add consent for offline_access + final prompts = {...config.prompt}; + + // Automatically add 'consent' prompt when offline_access is requested + // This ensures users explicitly consent to refresh token capabilities + if (scopes.contains('offline_access')) { + prompts.add('consent'); + } + + return prompts.toList() + // Ensure consistent ordering + ..sort(); + } } From 94c2e929a132535bbef883c37dcafdcc3d3a3bdd Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 13:55:55 +1000 Subject: [PATCH 4/7] changelog --- CHANGELOG.md | 2 ++ pubspec.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e163f83..e54dd7c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ utilised by the flutter version_widget package. ## 1.0 Migrate to using OIDC OpenID certified ++ Add custom OIDC manager settings to enable token refresh + [1.0.2 20260612 anushkavidanage] + Fix token expiry calc for background refresh [1.0.1 20260609 anushkavidanage] + WebID issuer discovery use OpenID certified [1.0.0 20260521 anushkavidanage] + Implementing Authorization Code + PKCE diff --git a/pubspec.yaml b/pubspec.yaml index b02a78f..c691b90 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -1,6 +1,6 @@ name: solid_auth description: Authenticate to a Solid POD server using Solid-OIDC with certified oidc. -version: 1.0.1 +version: 1.0.2 homepage: https://github.com/anusii/solid_auth repository: https://github.com/anusii/solid_auth From dea90a53f1669dce7c3cd173707e17a6d3018076 Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 14:03:00 +1000 Subject: [PATCH 5/7] import order --- lib/src/auth/solid_auth_manager.dart | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/src/auth/solid_auth_manager.dart b/lib/src/auth/solid_auth_manager.dart index 6583d05..7184ed2 100644 --- a/lib/src/auth/solid_auth_manager.dart +++ b/lib/src/auth/solid_auth_manager.dart @@ -30,9 +30,9 @@ library; import 'package:http/http.dart' as http; import 'package:logging/logging.dart'; import 'package:oidc/oidc.dart'; -import 'package:solid_auth/src/auth/solid_oidc_config.dart'; import 'package:solid_auth/src/auth/solid_auth_session_store.dart'; +import 'package:solid_auth/src/auth/solid_oidc_config.dart'; import 'package:solid_auth/src/auth/solid_oidc_manager_factory.dart'; import 'package:solid_auth/src/dpop/dpop_key_manager.dart'; import 'package:solid_auth/src/models/solid_auth_data.dart'; From 09c136f6a962f32d6f074b9c34596644c9d040db Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 14:03:38 +1000 Subject: [PATCH 6/7] changelog --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e54dd7c..9820daa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,8 +11,7 @@ utilised by the flutter version_widget package. ## 1.0 Migrate to using OIDC OpenID certified -+ Add custom OIDC manager settings to enable token refresh - [1.0.2 20260612 anushkavidanage] ++ Add custom OIDC manager settings to enable token refresh [1.0.2 20260612 anushkavidanage] + Fix token expiry calc for background refresh [1.0.1 20260609 anushkavidanage] + WebID issuer discovery use OpenID certified [1.0.0 20260521 anushkavidanage] + Implementing Authorization Code + PKCE From d829402f775cab24a5e9bba64b2b1e1f89cbb3d0 Mon Sep 17 00:00:00 2001 From: anushkavidanage Date: Fri, 12 Jun 2026 14:10:33 +1000 Subject: [PATCH 7/7] import order --- lib/src/auth/solid_oidc_manager_factory.dart | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/src/auth/solid_oidc_manager_factory.dart b/lib/src/auth/solid_oidc_manager_factory.dart index fc0cce0..caabf6e 100644 --- a/lib/src/auth/solid_oidc_manager_factory.dart +++ b/lib/src/auth/solid_oidc_manager_factory.dart @@ -30,8 +30,8 @@ library; import 'package:logging/logging.dart'; import 'package:oidc/oidc.dart'; import 'package:oidc_default_store/oidc_default_store.dart'; -import 'package:solid_auth/src/auth/solid_oidc_config.dart'; +import 'package:solid_auth/src/auth/solid_oidc_config.dart'; import 'package:solid_auth/src/dpop/dpop_key_manager.dart'; import 'package:solid_auth/src/dpop/dpop_token_generator.dart'; import 'package:solid_auth/src/models/solid_provider_metadata.dart';