-
Whether the flow type mandates client identification.
Declaration
Swift
open class var clientIdMandatory: Bool { get }
-
If non-nil, will be called before performing dynamic client registration, giving you a chance to instantiate your own registrar.
Declaration
Swift
public final var onBeforeDynamicClientRegistration: ((URL) -> OAuth2DynReg?)?
-
The authorizer to use for UI handling, depending on platform.
Declaration
Swift
open var authorizer: OAuth2AuthorizerUI!
-
Designated initializer.
The following settings keys are currently supported:
- client_id (String)
- client_secret (String), usually only needed for code grant
- authorize_uri (URL-String)
- token_uri (URL-String), if omitted the authorize_uri will be used to obtain tokens
- refresh_uri (URL-String), if omitted the token_uri will be used to obtain tokens
- redirect_uris (Array of URL-Strings)
scope (String)
client_name (String)
registration_uri (URL-String)
logo_uri (URL-String)
keychain (Bool, true by default, applies to using the system keychain)
keychain_access_mode (String, value for keychain kSecAttrAccessible attribute, kSecAttrAccessibleWhenUnlocked by default)
keychain_access_group (String, value for keychain kSecAttrAccessGroup attribute, nil by default)
keychain_account_for_client_credentials(String, “clientCredentials” by default)
keychain_account_for_tokens(String, “currentTokens” by default)
secret_in_body (Bool, false by default, forces the flow to use the request body for the client secret)
token_assume_unexpired (Bool, true by default, whether to use access tokens that do not come with an “expires_in” parameter)
use_pkce (Bool, false by default)
verbose (bool, false by default, applies to client logging)
Declaration
Swift
override public init(settings: OAuth2JSON)
-
Use this method to obtain an access token. Take a look at
authConfig
on how to configure how authorization is presented to the user.This method is running asynchronously and can only be run one at a time.
This method will first check if the client already has an unexpired access token (possibly from the keychain), if not and it’s able to use a refresh token it will try to use the refresh token. If this fails it will check whether the client has a client_id and show the authorize screen if you have
authConfig
set up sufficiently. IfauthConfig
is not set up sufficiently this method will end up calling the callback with a failure. If client_id is not set but a “registration_uri” has been provided, a dynamic client registration will be attempted and if it success, an access token will be requested.Declaration
Swift
public final func authorize(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))
Parameters
params
Optional key/value pairs to pass during authorization and token refresh
callback
The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or is canceled (error will be non-nil, e.g.
.requestCancelled
if auth was aborted) -
Shortcut function to start embedded authorization from the given context (a UIViewController on iOS, an NSWindow on OS X).
This method sets
authConfig.authorizeEmbedded = true
andauthConfig.authorizeContext = <# context #>
, then callsauthorize()
Declaration
Swift
@available(*, deprecated, message: "Use ASWebAuthenticationSession (preferred﹚ or SFSafariWebViewController. This will be removed in v6.") open func authorizeEmbedded(from context: AnyObject, params: OAuth2StringDict? = nil, callback: @escaping ((_ authParameters: OAuth2JSON?, _ error: OAuth2Error?) -> Void))
Parameters
from
The context to start authorization from, depends on platform (UIViewController or NSWindow, see
authorizeContext
)params
Optional key/value pairs to pass during authorization
callback
The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or is canceled (error will be non-nil, e.g.
.requestCancelled
if auth was aborted) -
If the instance has an accessToken, checks if its expiry time has not yet passed. If we don’t have an expiry date we assume the token is still valid.
Declaration
Swift
open func hasUnexpiredAccessToken() -> Bool
Return Value
A Bool indicating whether a probably valid access token exists
-
Attempts to receive a new access token by:
- checking if there still is an unexpired token
- attempting to use a refresh token
Indicates, in the callback, whether the client has been able to obtain an access token that is likely to still work (but there is no guarantee!) or not.
Declaration
Swift
open func tryToObtainAccessTokenIfNeeded(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))
Parameters
params
Optional key/value pairs to pass during authorization
callback
The callback to call once the client knows whether it has an access token or not; if
success
is true an access token is present -
Method to actually start authorization. The public
authorize()
method only proceeds to this method if there is no valid access token and if optional client registration succeeds.Can be overridden in subclasses to perform an authorization dance different from directing the user to a website.
Declaration
Swift
open func doAuthorize(params: OAuth2StringDict? = nil) throws
Parameters
params
Optional key/value pairs to pass during authorization
-
Open the authorize URL in the OS’s browser. Forwards to the receiver’s
authorizer
, which is a platform-dependent implementation ofOAuth2AuthorizerUI
.Throws
UnableToOpenAuthorizeURL on failureDeclaration
Swift
final func doOpenAuthorizeURLInBrowser(params: OAuth2StringDict? = nil) throws
Parameters
params
Additional parameters to pass to the authorize URL
-
Tries to use the current auth config context, which on iOS should be a UIViewController and on OS X a NSViewController, to present the authorization screen. Set
oauth2.authConfig.authorizeContext
accordingly.Forwards to the receiver’s
authorizer
, which is a platform-dependent implementation ofOAuth2AuthorizerUI
.Throws
Can throw OAuth2Error if the method is unable to show the authorize screenDeclaration
Swift
final func doAuthorizeEmbedded(with config: OAuth2AuthConfig, params: OAuth2StringDict? = nil) throws
Parameters
with
The configuration to be used; usually uses the instance’s
authConfig
params
Additional authorization parameters to supply during the OAuth dance
-
Method that creates the OAuth2AuthRequest instance used to create the authorize URL
Declaration
Swift
func authorizeRequest(withRedirect redirect: String, scope: String?, params: OAuth2StringDict?) throws -> OAuth2AuthRequest
Parameters
redirect
The redirect URI string to supply. If it is nil, the first value of the settings’
redirect_uris
entries is used. Must be present in the end!scope
The scope to request
params
Any additional parameters as dictionary with string keys and values that will be added to the query part
Return Value
OAuth2AuthRequest to be used to call to the authorize endpoint
-
Most convenient method if you want the authorize URL to be created as defined in your settings dictionary.
Declaration
Swift
open func authorizeURL(params: OAuth2StringDict? = nil) throws -> URL
Parameters
params
Optional, additional URL params to supply to the request
Return Value
NSURL to be used to start the OAuth dance
-
Convenience method to be overridden by and used from subclasses.
Declaration
Swift
open func authorizeURL(withRedirect redirect: String?, scope: String?, params: OAuth2StringDict?) throws -> URL
Parameters
redirect
The redirect URI string to supply. If it is nil, the first value of the settings’
redirect_uris
entries is used. Must be present in the end!scope
The scope to request
params
Any additional parameters as dictionary with string keys and values that will be added to the query part
Return Value
NSURL to be used to start the OAuth dance
-
Generate the request to be used for token refresh when we have a refresh token.
This will set “grant_type” to “refresh_token”, add the refresh token, and take care of the remaining parameters.
Declaration
Swift
open func tokenRequestForTokenRefresh(params: OAuth2StringDict? = nil) throws -> OAuth2AuthRequest
Parameters
params
Additional parameters to pass during token refresh
Return Value
An
OAuth2AuthRequest
instance that is configured for token refresh -
If there is a refresh token, use it to receive a fresh access token.
If the request returns an error, the refresh token is thrown away.
Declaration
Swift
open func doRefreshToken(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))
Parameters
params
Optional key/value pairs to pass during token refresh
callback
The callback to call after the refresh token exchange has finished
-
Use OAuth2 dynamic client registration to register the client, if needed.
Returns immediately if the receiver’s
clientId
is nil (with error = nil) or if there is no registration URL (with error). Otherwise callsonBeforeDynamicClientRegistration()
– if it is non-nil – and uses the returnedOAuth2DynReg
instance – if it is non-nil. If both are nil, instantiates a blankOAuth2DynReg
instead, then attempts client registration.Declaration
Swift
public func registerClientIfNeeded(callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))
Parameters
callback
The callback to call on the main thread; if both json and error is nil no registration was attempted; error is nil on success