@@ -2,7 +2,7 @@ import 'package:auth0_flutter_platform_interface/auth0_flutter_platform_interfac
22import 'src/version.dart' ;
33
44export 'package:auth0_flutter_platform_interface/auth0_flutter_platform_interface.dart'
5- show WebException, CacheLocation;
5+ show WebException, CacheLocation, ApiCredentials ;
66
77/// Primary interface for interacting with Auth0 on web platforms.
88class Auth0Web {
@@ -66,6 +66,12 @@ class Auth0Web {
6666 /// to learn more.
6767 /// * [scopes] defaults to `openid profile email` . You can override these
6868 /// scopes, but `openid` is always requested regardless of this setting.
69+ /// * [useMrrt] enables Multi-Resource Refresh Tokens, allowing a single
70+ /// refresh token to be reused to obtain access tokens for multiple APIs
71+ /// (audiences). Once enabled, request per-audience tokens via
72+ /// [getApiCredentials] . Enabling this forces [useRefreshTokens] on (even if
73+ /// it was explicitly set to `false` ), and requires MRRT to be enabled on your
74+ /// Auth0 tenant.
6975 Future <Credentials ?> onLoad (
7076 {final int ? authorizeTimeoutInSeconds,
7177 final CacheLocation ? cacheLocation,
@@ -79,6 +85,7 @@ class Auth0Web {
7985 final bool ? useFormData,
8086 final bool ? useRefreshTokens,
8187 final bool ? useRefreshTokensFallback,
88+ final bool ? useMrrt,
8289 final String ? audience,
8390 final Set <String >? scopes,
8491 final Map <String , String > parameters = const {}}) async {
@@ -98,6 +105,7 @@ class Auth0Web {
98105 useFormData: useFormData,
99106 useRefreshTokens: useRefreshTokens,
100107 useRefreshTokensFallback: useRefreshTokensFallback,
108+ useMrrt: useMrrt,
101109 audience: audience,
102110 scopes: scopes,
103111 parameters: {
@@ -369,6 +377,53 @@ class Auth0Web {
369377 ),
370378 );
371379
380+ /// Retrieves a set of [ApiCredentials] scoped to a specific API ([audience] )
381+ /// by reusing the stored refresh token via Multi-Resource Refresh Tokens
382+ /// (MRRT).
383+ ///
384+ /// Enable MRRT by passing `useMrrt: true` to [onLoad] . This exchanges the
385+ /// single refresh token obtained at login for an access token valid for the
386+ /// requested [audience] , without requiring the user to log in again.
387+ ///
388+ /// Additional notes:
389+ /// * [scopes] are the scopes to request for the new access token. If empty,
390+ /// the default scopes configured for the API are used.
391+ /// * Arbitrary [parameters] can be specified and then picked up in a custom
392+ /// Auth0 [Action] (https://auth0.com/docs/customize/actions).
393+ ///
394+ /// **Prerequisites:**
395+ /// * MRRT must be enabled on your Auth0 tenant.
396+ /// * The user must have logged in with the `offline_access` scope so that a
397+ /// refresh token is available for the exchange.
398+ ///
399+ /// **Throws** a [WebException] if the exchange fails.
400+ Future <ApiCredentials > getApiCredentials ({
401+ required final String audience,
402+ final Set <String > scopes = const {},
403+ final Map <String , String > parameters = const {},
404+ }) =>
405+ Auth0FlutterWebPlatform .instance.getApiCredentials (
406+ GetApiCredentialsOptions (
407+ audience: audience,
408+ scopes: scopes,
409+ parameters: parameters,
410+ ),
411+ );
412+
413+ /// No-op on the web, kept for cross-platform API parity.
414+ ///
415+ /// `auth0-spa-js` manages API token caching internally and exposes no
416+ /// single-audience eviction API, so this completes without removing anything
417+ /// and logs a warning to the browser console. The [audience] and [scope]
418+ /// arguments are accepted only for consistency with the mobile API.
419+ Future <void > clearApiCredentials ({
420+ required final String audience,
421+ final String ? scope,
422+ }) =>
423+ Auth0FlutterWebPlatform .instance.clearApiCredentials (
424+ ClearApiCredentialsOptions (audience: audience, scope: scope),
425+ );
426+
372427 /// Indicates whether a user is currently authenticated.
373428 Future <bool > hasValidCredentials () =>
374429 Auth0FlutterWebPlatform .instance.hasValidCredentials ();
0 commit comments