GSOC API Auth Draft-PR

[StormGear]

PR Description

1. Proposal Title

• Adding Support for API Authentication Methods

2. Abstract: A brief summary about the problem that you will be tackling & how.

• Authentication Methods Overview for this PR

1. Basic Authentication

Simple username/password transmission
Credentials encoded in Base64
Sent via HTTP Authorization header.

2. API Key Authentication

Single token for identifying application/user
Can be sent via Request headers or
Query parameters

3. Bearer Token Authentication

Uses access tokens for authorization typically JWT-based
Stateless authentication mechanism.

My Approach

New Models

I created new models (AuthorizationModel) with various submodels ( BasicAuthModel, BearerAuthModel, ApikeyAuthModels). These are data models that handle data entered by users.
AuthorizationModel has fields

• AuthType authType - The type of authorization.
• Bool isEnabled - Is authorization enabled for selected request?
• BasicAuthModel basicAuthModel - stores data for basic authorization type
• BearerAuthModel bearerAuthModel - stores data for bearer authorization type
• ApikeyAuthModel apikeyAuthModel - stores data for api key authorization type

StateProviders

AuthorizationProvider for managing the state of the Authorization types

• update method to update fields within the Authorization model
• _syncwithRequest method to sync these values with the selected RequestModel

User Interface

A Tab for enabling and including the various Authorization tabs, currently implemently in this draft PR:

• Basic Authentication
• Bearer Token Authentication

A Visual Summary of My Approach

In this image, I have visually presented my approach to this draft PR.

A Video Demo

In this video, I demonstrate how to enable Authorization for Basic Authorization as well as Bearer Token Authorization. Nasa and Postman Public APIs were used as they support these types of authorization.
I attempted to upload the video here several times, somehow, it wasn't working, hence I have placed the video in this Gdrive:
Link to Video Demo

As I progress through this contribution more authorization types will be incrementally added.

Related Issues

• Relates to Adding Support for API Authentication Methods #609

Checklist

• I have gone through the contributing guide
• I have updated my branch and synced it with project main branch before making this PR
• I am using the latest Flutter stable branch (run flutter upgrade and verify)
• I have run the tests (flutter test) and all tests are passing

Added/updated tests?

• Yes
• No, and this is why: This is a draft PR to demonstrate approach, test would be included as I progress with the contributions.

OS on which you have developed and tested the feature?

• Windows
• macOS
• Linux

[DenserMeerkat]

Hey @StormGear,

1. What's the difference between the isEnabled boolean and AuthType.noAuth?
   Aren't they both doing the same thing? and isn't the check box a UX hurdle for the user.

2. Also when user providers an Authorization header in Headers tab and also uses the Authorization tab, the value mentioned in the Authorization tab is being used which is expected, but your implementation overwrites the value of the Authorization header in the Headers tab which is not acceptable.

The authorization header checking and substitution should only happen for the headers that are being sent with the current request. It should not modify or persist any changes to the headers stored within the collection providers. The collection provider's headers should remain exactly as the user originally defined them.

[StormGear]

Hello @DenserMeerkat ,
Thanks for meticulously reviewing my draft PR. These suggestions are really helpful and practical, I will get to work to implement these suggestions and make an additional commit to this draft PR.
Thanks once again.