OAuth2

open class OAuth2 : OAuth2Base

Base class for specific OAuth2 flow implementations.

clientIdMandatory
Whether the flow type mandates client identification.
Declaration
Swift

open class var clientIdMandatory: Bool { get }
onBeforeDynamicClientRegistration
If non-nil, will be called before performing dynamic client registration, giving you a chance to instantiate your own registrar.
Declaration
Swift

public final var onBeforeDynamicClientRegistration: ((URL) -> OAuth2DynReg?)?
authorizer
The authorizer to use for UI handling, depending on platform.
Declaration
Swift

open var authorizer: OAuth2AuthorizerUI!
init(settings:)
Designated initializer.

The following settings keys are currently supported:
- client_id (String)
- client_secret (String), usually only needed for code grant
- authorize_uri (URL-String)
- token_uri (URL-String), if omitted the authorize_uri will be used to obtain tokens
- refresh_uri (URL-String), if omitted the token_uri will be used to obtain tokens
- redirect_uris (Array of URL-Strings)
- scope (String)
- client_name (String)
- registration_uri (URL-String)
- logo_uri (URL-String)
- keychain (Bool, true by default, applies to using the system keychain)
- keychain_access_mode (String, value for keychain kSecAttrAccessible attribute, kSecAttrAccessibleWhenUnlocked by default)
- keychain_access_group (String, value for keychain kSecAttrAccessGroup attribute, nil by default)
- keychain_account_for_client_credentials(String, “clientCredentials” by default)
- keychain_account_for_tokens(String, “currentTokens” by default)
- secret_in_body (Bool, false by default, forces the flow to use the request body for the client secret)
- token_assume_unexpired (Bool, true by default, whether to use access tokens that do not come with an “expires_in” parameter)
- use_pkce (Bool, false by default)
- verbose (bool, false by default, applies to client logging)
Declaration
Swift

override public init(settings: OAuth2JSON)

Authorization


                    
                    
                    authorize(params:callback:)

Use this method to obtain an access token. Take a look at authConfig on how to configure how authorization is presented to the user.

This method is running asynchronously and can only be run one at a time.

This method will first check if the client already has an unexpired access token (possibly from the keychain), if not and it’s able to use a refresh token it will try to use the refresh token. If this fails it will check whether the client has a client_id and show the authorize screen if you have authConfig set up sufficiently. If authConfig is not set up sufficiently this method will end up calling the callback with a failure. If client_id is not set but a “registration_uri” has been provided, a dynamic client registration will be attempted and if it success, an access token will be requested.

Declaration

Swift

public final func authorize(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))

Parameters

`params`	Optional key/value pairs to pass during authorization and token refresh
`callback`	The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or is canceled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)


                    
                    
                    authorizeEmbedded(from:params:callback:)

Shortcut function to start embedded authorization from the given context (a UIViewController on iOS, an NSWindow on OS X).

This method sets authConfig.authorizeEmbedded = true and authConfig.authorizeContext = <# context #>, then calls authorize()

Declaration

Swift

@available(*, deprecated, message: "Use ASWebAuthenticationSession (preferred﹚ or SFSafariWebViewController. This will be removed in v6.")
open func authorizeEmbedded(from context: AnyObject, params: OAuth2StringDict? = nil, callback: @escaping ((_ authParameters: OAuth2JSON?, _ error: OAuth2Error?) -> Void))

Parameters

`from`	The context to start authorization from, depends on platform (UIViewController or NSWindow, see `authorizeContext`)
`params`	Optional key/value pairs to pass during authorization
`callback`	The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or is canceled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)

hasUnexpiredAccessToken()
If the instance has an accessToken, checks if its expiry time has not yet passed. If we don’t have an expiry date we assume the token is still valid.
Declaration
Swift

open func hasUnexpiredAccessToken() -> Bool
Return Value

A Bool indicating whether a probably valid access token exists


                    
                    
                    tryToObtainAccessTokenIfNeeded(params:callback:)

Attempts to receive a new access token by:

checking if there still is an unexpired token
attempting to use a refresh token

Indicates, in the callback, whether the client has been able to obtain an access token that is likely to still work (but there is no guarantee!) or not.

Declaration

Swift

open func tryToObtainAccessTokenIfNeeded(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))

Parameters

`params`	Optional key/value pairs to pass during authorization
`callback`	The callback to call once the client knows whether it has an access token or not; if `success` is true an access token is present


                    
                    
                    doAuthorize(params:)

Method to actually start authorization. The public authorize() method only proceeds to this method if there is no valid access token and if optional client registration succeeds.

Can be overridden in subclasses to perform an authorization dance different from directing the user to a website.

Declaration

Swift

open func doAuthorize(params: OAuth2StringDict? = nil) throws

Parameters


                                params

Optional key/value pairs to pass during authorization


                    
                    
                    doOpenAuthorizeURLInBrowser(params:)

Open the authorize URL in the OS’s browser. Forwards to the receiver’s authorizer, which is a platform-dependent implementation of OAuth2AuthorizerUI.

Throws

UnableToOpenAuthorizeURL on failure

Declaration

Swift

final func doOpenAuthorizeURLInBrowser(params: OAuth2StringDict? = nil) throws

Parameters


                                params

Additional parameters to pass to the authorize URL


                    
                    
                    doAuthorizeEmbedded(with:params:)

Tries to use the current auth config context, which on iOS should be a UIViewController and on OS X a NSViewController, to present the authorization screen. Set oauth2.authConfig.authorizeContext accordingly.

Forwards to the receiver’s authorizer, which is a platform-dependent implementation of OAuth2AuthorizerUI.

Throws

Can throw OAuth2Error if the method is unable to show the authorize screen

Declaration

Swift

final func doAuthorizeEmbedded(with config: OAuth2AuthConfig, params: OAuth2StringDict? = nil) throws

Parameters

`with`	The configuration to be used; usually uses the instance’s `authConfig`
`params`	Additional authorization parameters to supply during the OAuth dance


                    
                    
                    authorizeRequest(withRedirect:scope:params:)

Method that creates the OAuth2AuthRequest instance used to create the authorize URL

Declaration

Swift

func authorizeRequest(withRedirect redirect: String, scope: String?, params: OAuth2StringDict?) throws -> OAuth2AuthRequest

Parameters

`redirect`	The redirect URI string to supply. If it is nil, the first value of the settings’ `redirect_uris` entries is used. Must be present in the end!
`scope`	The scope to request
`params`	Any additional parameters as dictionary with string keys and values that will be added to the query part

Return Value

OAuth2AuthRequest to be used to call to the authorize endpoint


                    
                    
                    authorizeURL(params:)

Most convenient method if you want the authorize URL to be created as defined in your settings dictionary.

Declaration

Swift

open func authorizeURL(params: OAuth2StringDict? = nil) throws -> URL

Parameters


                                params

Optional, additional URL params to supply to the request

Return Value

NSURL to be used to start the OAuth dance


                    
                    
                    authorizeURL(withRedirect:scope:params:)

Convenience method to be overridden by and used from subclasses.

Declaration

Swift

open func authorizeURL(withRedirect redirect: String?, scope: String?, params: OAuth2StringDict?) throws -> URL

Parameters

`redirect`	The redirect URI string to supply. If it is nil, the first value of the settings’ `redirect_uris` entries is used. Must be present in the end!
`scope`	The scope to request
`params`	Any additional parameters as dictionary with string keys and values that will be added to the query part

Return Value

NSURL to be used to start the OAuth dance

Refresh Token


                    
                    
                    tokenRequestForTokenRefresh(params:)

Generate the request to be used for token refresh when we have a refresh token.

This will set “grant_type” to “refresh_token”, add the refresh token, and take care of the remaining parameters.

Declaration

Swift

open func tokenRequestForTokenRefresh(params: OAuth2StringDict? = nil) throws -> OAuth2AuthRequest

Parameters


                                params

Additional parameters to pass during token refresh

Return Value

An OAuth2AuthRequest instance that is configured for token refresh


                    
                    
                    doRefreshToken(params:callback:)

If there is a refresh token, use it to receive a fresh access token.

If the request returns an error, the refresh token is thrown away.

Declaration

Swift

open func doRefreshToken(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))

Parameters

`params`	Optional key/value pairs to pass during token refresh
`callback`	The callback to call after the refresh token exchange has finished

Registration


                    
                    
                    registerClientIfNeeded(callback:)

Use OAuth2 dynamic client registration to register the client, if needed.

Returns immediately if the receiver’s clientId is nil (with error = nil) or if there is no registration URL (with error). Otherwise calls onBeforeDynamicClientRegistration() – if it is non-nil – and uses the returned OAuth2DynReg instance – if it is non-nil. If both are nil, instantiates a blank OAuth2DynReg instead, then attempts client registration.

Declaration

Swift

public func registerClientIfNeeded(callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))

Parameters


                                callback

The callback to call on the main thread; if both json and error is nil no registration was attempted; error is nil on success