OAuth2

open class OAuth2: OAuth2Base

Base class for specific OAuth2 flow implementations.

clientIdMandatory
Whether the flow type mandates client identification.
Declaration
Swift

open class var clientIdMandatory: Bool
onBeforeDynamicClientRegistration
If non-nil, will be called before performing dynamic client registration, giving you a chance to instantiate your own registrar.
Declaration
Swift

public final var onBeforeDynamicClientRegistration: ((URL) -> OAuth2DynReg?)?
authorizer
The authorizer to use for UI handling, depending on platform.
Declaration
Swift

open var authorizer: OAuth2AuthorizerUI!
init(settings:)
Designated initializer.

The following settings keys are currently supported:
- client_id (String)
- client_secret (String), usually only needed for code grant
- authorize_uri (URL-String)
- token_uri (URL-String), if omitted the authorize_uri will be used to obtain tokens
- redirect_uris (Array of URL-Strings)
- scope (String)
- client_name (String)
- registration_uri (URL-String)
- logo_uri (URL-String)
- keychain (Bool, true by default, applies to using the system keychain)
- keychain_access_mode (String, value for keychain kSecAttrAccessible attribute, kSecAttrAccessibleWhenUnlocked by default)
- keychain_access_group (String, value for keychain kSecAttrAccessGroup attribute, nil by default)
- keychain_account_for_client_credentials(String, clientCredentials by default)
- keychain_account_for_tokens(String, currentTokens by default)
- secret_in_body (Bool, false by default, forces the flow to use the request body for the client secret)
- token_assume_unexpired (Bool, true by default, whether to use access tokens that do not come with an expires_in parameter)
- verbose (bool, false by default, applies to client logging)
Declaration
Swift

override public init(settings: OAuth2JSON)

Authorization


                    
                    
                    authorize(params:callback:)

Use this method to obtain an access token. Take a look at authConfig on how to configure how authorization is presented to the user.

This method is running asynchronously and can only be run one at a time.

This method will first check if the client already has an unexpired access token (possibly from the keychain), if not and it’s able to use a refresh token it will try to use the refresh token. If this fails it will check whether the client has a client_id and show the authorize screen if you have authConfig set up sufficiently. If authConfig is not set up sufficiently this method will end up calling the callback with a failure. If client_id is not set but a registration_uri has been provided, a dynamic client registration will be attempted and if it success, an access token will be requested.

Declaration

Swift

public final func authorize(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))

Parameters

`params`	Optional key/value pairs to pass during authorization and token refresh
`callback`	The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or is cancelled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)


                    
                    
                    authorizeEmbedded(from:params:callback:)

Shortcut function to start embedded authorization from the given context (a UIViewController on iOS, an NSWindow on OS X).

This method sets authConfig.authorizeEmbedded = true and authConfig.authorizeContext = <# context #>, then calls authorize()

Declaration

Swift

open func authorizeEmbedded(from context: AnyObject, params: OAuth2StringDict? = nil, callback: @escaping ((_ authParameters: OAuth2JSON?, _ error: OAuth2Error?) -> Void))

Parameters

`from`	The context to start authorization from, depends on platform (UIViewController or NSWindow, see `authorizeContext`)
`params`	Optional key/value pairs to pass during authorization
`callback`	The callback to call when authorization finishes (parameters will be non-nil but may be an empty dict), fails or is cancelled (error will be non-nil, e.g. `.requestCancelled` if auth was aborted)

hasUnexpiredAccessToken()
If the instance has an accessToken, checks if its expiry time has not yet passed. If we don’t have an expiry date we assume the token is still valid.
Declaration
Swift

open func hasUnexpiredAccessToken() -> Bool
Return Value

A Bool indicating whether a probably valid access token exists


                    
                    
                    tryToObtainAccessTokenIfNeeded(params:callback:)

Attempts to receive a new access token by:

checking if there still is an unexpired token
attempting to use a refresh token

Indicates, in the callback, whether the client has been able to obtain an access token that is likely to still work (but there is no guarantee!) or not.

Declaration

Swift

open func tryToObtainAccessTokenIfNeeded(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?) -> Void))

Parameters

`params`	Optional key/value pairs to pass during authorization
`callback`	The callback to call once the client knows whether it has an access token or not; if `success` is true an access token is present


                    
                    
                    doAuthorize(params:)

Method to actually start authorization. The public authorize() method only proceeds to this method if there is no valid access token and if optional client registration succeeds.

Can be overridden in subclasses to perform an authorization dance different from directing the user to a website.

Declaration

Swift

open func doAuthorize(params: OAuth2StringDict? = nil) throws

Parameters


                                params

Optional key/value pairs to pass during authorization


                    
                    
                    authorizeURL(params:)

Most convenient method if you want the authorize URL to be created as defined in your settings dictionary.

Declaration

Swift

open func authorizeURL(params: OAuth2StringDict? = nil) throws -> URL

Parameters


                                params

Optional, additional URL params to supply to the request

Return Value

NSURL to be used to start the OAuth dance


                    
                    
                    authorizeURL(withRedirect:scope:params:)

Convenience method to be overridden by and used from subclasses.

Declaration

Swift

open func authorizeURL(withRedirect redirect: String?, scope: String?, params: OAuth2StringDict?) throws -> URL

Parameters

`redirect`	The redirect URI string to supply. If it is nil, the first value of the settings’ `redirect_uris` entries is used. Must be present in the end!
`scope`	The scope to request
`params`	Any additional parameters as dictionary with string keys and values that will be added to the query part

Return Value

NSURL to be used to start the OAuth dance

Refresh Token


                    
                    
                    tokenRequestForTokenRefresh(params:)

Generate the request to be used for token refresh when we have a refresh token.

This will set grant_type to refresh_token, add the refresh token, and take care of the remaining parameters.

Declaration

Swift

open func tokenRequestForTokenRefresh(params: OAuth2StringDict? = nil) throws -> OAuth2AuthRequest

Parameters


                                params

Additional parameters to pass during token refresh

Return Value

An OAuth2AuthRequest instance that is configured for token refresh


                    
                    
                    doRefreshToken(params:callback:)

If there is a refresh token, use it to receive a fresh access token.

If the request returns an error, the refresh token is thrown away.

Declaration

Swift

open func doRefreshToken(params: OAuth2StringDict? = nil, callback: @escaping ((OAuth2JSON?, OAuth2Error?) -> Void))

Parameters

`params`	Optional key/value pairs to pass during token refresh
`callback`	The callback to call after the refresh token exchange has finished