OAuth2Base

The grant type represented by the class, e.g. “authorization_code” for code grants.

The response type expected from an authorize call, e.g. “code” for code grants.

Settings related to the client-server relationship.

Client-side authorization options.

The client id.

The client secret, usually only needed for code grant.

The name of the client, as used during dynamic client registration. Use “client_name” during initialization to set.

The URL to authorize against.

The URL string where we can exchange a code for a token; if nil authURL will be used.

The scope currently in use.

The redirect URL string to use.

Context for the current auth dance.

The receiver’s access token.

The receiver’s id token.

The access token’s expiry date.

The receiver’s long-time refresh token.

Custom or overridden HTML headers to be used during authorization.

Custom authorization parameters.

This closure is internally used with authorize(params:callback:) and only exposed for subclassing reason, do not mess with it!

Returns true if the receiver is currently authorizing.

Closure called after the regular authorization callback, on the main thread. You can use this callback when you’re performing authorization manually and/or for cleanup operations.

For internal use, don’t mess with it, it’s public only for subclassing and compilation reasons. Executed right before afterAuthorizeOrFail.

Designated initializer.

The following settings keys are currently supported:

• client_id (String)
• client_secret (String), usually only needed for code grant
• authorize_uri (URL-String)
• token_uri (URL-String), if omitted the authorize_uri will be used to obtain tokens
• refresh_uri (URL-String), if omitted the token_uri will be used to obtain tokens
• redirect_uris (Array of URL-Strings)

• scope (String)

• client_name (String)

• registration_uri (URL-String)

• logo_uri (URL-String)

• keychain (Bool, true by default, applies to using the system keychain)

• keychain_access_mode (String, value for keychain kSecAttrAccessible attribute, kSecAttrAccessibleWhenUnlocked by default)

• keychain_access_group (String, value for keychain kSecAttrAccessGroup attribute, nil by default)

• keychain_account_for_client_credentials(String, “clientCredentials” by default)

• keychain_account_for_tokens(String, “currentTokens” by default)

• secret_in_body (Bool, false by default, forces the flow to use the request body for the client secret)

• token_assume_unexpired (Bool, true by default, whether to use access tokens that do not come with an “expires_in” parameter)

• use_pkce (Bool, false by default)

• verbose (Bool, false by default, applies to client logging)

Overrides base implementation to return the authorize URL.

Return an OAuth2Request, a NSMutableURLRequest subclass, that has already been signed and can be used against your OAuth2 endpoint.

This method by default ignores locally cached data and specifies a timeout interval of 20 seconds. This should be ideal for small JSON data requests, but you probably don’t want to disable cache for binary data like avatars.

Subclasses override this method to extract information from the supplied redirect URL.

Internally used on success, calls the callbacks on the main thread.

This method is only made public in case you want to create a subclass and call didAuthorize(parameters:) at an override point. If you call this method yourself on your OAuth2 instance you might screw things up badly.

Internally used on error, calls the callbacks on the main thread with the appropriate error message.

This method is only made public in case you want to create a subclass and need to call didFail(error:) at an override point. If you call this method yourself on your OAuth2 instance you might screw things up royally.

Allows to abort authorization currently in progress.

Handles access token error response.

Parse response data returned while exchanging the code for a token.

This method expects token data to be JSON, decodes JSON and fills the receiver’s properties accordingly. If the response contains an “error” key, will parse the error and throw it.

Parse response data returned while exchanging the code for a token.

This method extracts token data and fills the receiver’s properties accordingly. If the response contains an “error” key, will parse the error and throw it. The method is final to ensure correct order of error parsing and not parsing the response if an error happens. This is not possible in overrides. Instead, override the various assureXy(dict:) methods, especially assureAccessTokenParamsAreValid().

This method does nothing, but allows subclasses to fix parameter names before passing the access token response to OAuth2ClientConfigs updateFromResponse().

Parse response data returned while using a refresh token.

This method extracts token data, expected to be JSON, and fills the receiver’s properties accordingly. If the response contains an “error” key, will parse the error and throw it.

Parse response data returned while using a refresh token.

This method extracts token data and fills the receiver’s properties accordingly. If the response contains an “error” key, will parse the error and throw it. The method is final to ensure correct order of error parsing and not parsing the response if an error happens. This is not possible in overrides. Instead, override the various assureXy(dict:) methods, especially assureRefreshTokenParamsAreValid().

This method does nothing, but allows subclasses to fix parameter names before passing the refresh token response to OAuth2ClientConfigs updateFromResponse().

This method checks state, throws OAuth2Error.missingState or OAuth2Error.invalidState. Resets state if it matches.

Throws unless “token_type” is “bearer” (case-insensitive).

Called when parsing the access token response. Does nothing by default, implicit grant flows check state.

Called when parsing the refresh token response. Does nothing by default.