Skip to main content

Overview

AuthConfig defines authentication providers, session settings, and security policies. Configuration is typically stored in auth/auth.yaml.

Class Definition

final class AuthConfig {
  const AuthConfig({
    this.providers = const [],
    this.mfa,
    this.sso,
    this.sessionDurationSeconds = 86400,
    this.rbac,
    this.multiTenancy,
  });
  
  factory AuthConfig.fromMap(Map<String, dynamic> map);
  Map<String, dynamic> toJson();
}

Properties

providers
List<AuthProvider>
default:"[]"
List of enabled authentication providers
mfa
MfaConfig?
Multi-factor authentication configuration
sso
SsoConfig?
Single sign-on configuration
sessionDurationSeconds
int
default:"86400"
Session duration in seconds (default: 24 hours)
rbac
RbacConfig?
Role-based access control configuration
multiTenancy
MultiTenancyConfig?
Multi-tenancy configuration

AuthProvider

type
String
required
Provider type: "email", "google", "github", "apple", "microsoft", etc.
clientId
String?
OAuth client ID (for OAuth providers)
enabled
bool
default:"true"
Whether this provider is enabled

MfaConfig

required
bool
default:"false"
Whether MFA is required for all users
methods
List<String>
default:"['totp']"
Allowed MFA methods: "totp", "sms", "email"

SsoConfig

provider
String
required
SSO provider: "okta", "auth0", "azure_ad", "google_workspace"
domain
String?
Domain restriction for SSO
required
bool
default:"false"
Whether SSO is required for this domain

RbacConfig

rolesFile
String?
Path to roles definition file
defaultRole
String
default:"user"
Default role for new users

MultiTenancyConfig

model
MultiTenancyModel
required
Tenancy isolation model: row, schema, or database
tenantField
String
default:"org_id"
Field name for tenant identifier

Usage

Email + OAuth Providers

# auth/auth.yaml
providers:
  - type: email
    enabled: true
  - type: google
    client_id: "{{secrets.google_client_id}}"
    enabled: true
  - type: github
    client_id: "{{secrets.github_client_id}}"
    enabled: true

session_duration_seconds: 604800  # 7 days

import 'package:applad_core/applad_core.dart';

final config = AuthConfig.fromMap(yamlData);

print('Session duration: ${config.sessionDurationSeconds ~/ 3600} hours');
print('Providers:');
for (final provider in config.providers) {
  print('  ${provider.type}: ${provider.enabled ? "enabled" : "disabled"}');
}

With Multi-Factor Authentication

providers:
  - type: email

mfa:
  required: true
  methods:
    - totp
    - sms

final config = AuthConfig.fromMap(yamlData);

if (config.mfa != null) {
  print('MFA required: ${config.mfa!.required}');
  print('MFA methods: ${config.mfa!.methods.join(", ")}');
}

With Single Sign-On

providers:
  - type: email

sso:
  provider: okta
  domain: company.com
  required: true

final config = AuthConfig.fromMap(yamlData);

if (config.sso != null) {
  print('SSO provider: ${config.sso!.provider}');
  if (config.sso!.domain != null) {
    print('SSO domain: ${config.sso!.domain}');
  }
  print('SSO required: ${config.sso!.required}');
}

With RBAC

providers:
  - type: email

rbac:
  roles_file: auth/roles.yaml
  default_role: user

final config = AuthConfig.fromMap(yamlData);

if (config.rbac != null) {
  print('Roles file: ${config.rbac!.rolesFile}');
  print('Default role: ${config.rbac!.defaultRole}');
}

With Multi-Tenancy

providers:
  - type: email

multi_tenancy:
  model: row
  tenant_field: org_id

final config = AuthConfig.fromMap(yamlData);

if (config.multiTenancy != null) {
  print('Tenancy model: ${config.multiTenancy!.model.name}');
  print('Tenant field: ${config.multiTenancy!.tenantField}');
}

Multi-Tenancy Models

enum MultiTenancyModel {
  row,      // Row-level isolation (org_id in each row)
  schema,   // Schema-level isolation (separate schema per tenant)
  database; // Database-level isolation (separate DB per tenant)
}

// Row-level: Best for SaaS with many small tenants
MultiTenancyConfig(
  model: MultiTenancyModel.row,
  tenantField: 'org_id',
);

// Schema-level: Medium isolation, good for compliance
MultiTenancyConfig(
  model: MultiTenancyModel.schema,
  tenantField: 'tenant_id',
);

// Database-level: Maximum isolation, for large enterprise clients
MultiTenancyConfig(
  model: MultiTenancyModel.database,
  tenantField: 'client_id',
);

Complete Enterprise Configuration

providers:
  - type: email
  - type: google
    client_id: "{{secrets.google_client_id}}"
  - type: microsoft
    client_id: "{{secrets.microsoft_client_id}}"

mfa:
  required: true
  methods:
    - totp

sso:
  provider: okta
  domain: enterprise.com
  required: true

session_duration_seconds: 28800  # 8 hours

rbac:
  roles_file: auth/roles.yaml
  default_role: viewer

multi_tenancy:
  model: schema
  tenant_field: org_id

Common OAuth Providers

  • email - Email/password authentication
  • google - Google OAuth
  • github - GitHub OAuth
  • apple - Sign in with Apple
  • microsoft - Microsoft OAuth
  • facebook - Facebook Login
  • twitter - Twitter OAuth
  • linkedin - LinkedIn OAuth

Source Location

packages/applad_core/lib/src/config/auth_config.dart:4

Build docs developers (and LLMs) love

Get started for freeTalk to us