Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configuring an iOS app to work with Sitecore Identity 9.1 +
//
// AppAuthExampleViewController.swift
//
// Copyright (c) 2017 The AppAuth Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
import AppAuth
import UIKit
typealias PostRegistrationCallback = (_ configuration: OIDServiceConfiguration?, _ registrationResponse: OIDRegistrationResponse?) -> Void
/**
The OIDC issuer from which the configuration will be discovered.
*/
let kIssuer: String = "https://sitecorecloud-209010-si.azurewebsites.net";
/**
The OAuth client ID.
For client configuration instructions, see the [README](https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md).
Set to nil to use dynamic registration with this example.
*/
let kClientID: String? = "AwesomeAppId";
/**
The OAuth redirect URI for the client @c kClientID.
For client configuration instructions, see the [README](https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md).
*/
let kRedirectURI: String = "awesome://sitecore.identity.app";
/**
NSCoding key for the authState property.
*/
let kAppAuthExampleAuthStateKey: String = "authState";
class AppAuthExampleViewController: UIViewController {
@IBOutlet private weak var authAutoButton: UIButton!
@IBOutlet private weak var authManual: UIButton!
@IBOutlet private weak var codeExchangeButton: UIButton!
@IBOutlet private weak var userinfoButton: UIButton!
@IBOutlet private weak var logTextView: UITextView!
@IBOutlet private weak var trashButton: UIBarButtonItem!
private var authState: OIDAuthState?
override func viewDidLoad() {
super.viewDidLoad()
self.validateOAuthConfiguration()
self.loadState()
self.updateUI()
}
}
extension AppAuthExampleViewController {
func validateOAuthConfiguration() {
// The example needs to be configured with your own client details.
// See: https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md
assert(kIssuer != "https://issuer.example.com",
"Update kIssuer with your own issuer.\n" +
"Instructions: https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md");
assert(kClientID != "YOUR_CLIENT_ID",
"Update kClientID with your own client ID.\n" +
"Instructions: https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md");
assert(kRedirectURI != "com.example.app:/oauth2redirect/example-provider",
"Update kRedirectURI with your own redirect URI.\n" +
"Instructions: https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md");
// verifies that the custom URI scheme has been updated in the Info.plist
guard let urlTypes: [AnyObject] = Bundle.main.object(forInfoDictionaryKey: "CFBundleURLTypes") as? [AnyObject], urlTypes.count > 0 else {
assertionFailure("No custom URI scheme has been configured for the project.")
return
}
guard let items = urlTypes[0] as? [String: AnyObject],
let urlSchemes = items["CFBundleURLSchemes"] as? [AnyObject], urlSchemes.count > 0 else {
assertionFailure("No custom URI scheme has been configured for the project.")
return
}
guard let urlScheme = urlSchemes[0] as? String else {
assertionFailure("No custom URI scheme has been configured for the project.")
return
}
assert(urlScheme != "awesome",
"Configure the URI scheme in Info.plist (URL Types -> Item 0 -> URL Schemes -> Item 0) " +
"with the scheme of your redirect URI. Full instructions: " +
"https://github.com/openid/AppAuth-iOS/blob/master/Examples/Example-iOS_Swift-Carthage/README.md")
}
}
//MARK: IBActions
extension AppAuthExampleViewController {
@IBAction func authWithAutoCodeExchange(_ sender: UIButton) {
guard let issuer = URL(string: kIssuer) else {
self.logMessage("Error creating URL for : \(kIssuer)")
return
}
self.logMessage("Fetching configuration for issuer: \(issuer)")
// discovers endpoints
OIDAuthorizationService.discoverConfiguration(forIssuer: issuer) { configuration, error in
guard let config = configuration else {
self.logMessage("Error retrieving discovery document: \(error?.localizedDescription ?? "DEFAULT_ERROR")")
self.setAuthState(nil)
return
}
self.logMessage("Got configuration: \(config)")
if let clientId = kClientID {
self.doAuthWithAutoCodeExchange(configuration: config, clientID: clientId, clientSecret: nil)
} else {
self.doClientRegistration(configuration: config) { configuration, response in
guard let configuration = configuration, let clientID = response?.clientID else {
self.logMessage("Error retrieving configuration OR clientID")
return
}
self.doAuthWithAutoCodeExchange(configuration: configuration,
clientID: clientID,
clientSecret: response?.clientSecret)
}
}
}
}
@IBAction func authNoCodeExchange(_ sender: UIButton) {
guard let issuer = URL(string: kIssuer) else {
self.logMessage("Error creating URL for : \(kIssuer)")
return
}
self.logMessage("Fetching configuration for issuer: \(issuer)")
OIDAuthorizationService.discoverConfiguration(forIssuer: issuer) { configuration, error in
if let error = error {
self.logMessage("Error retrieving discovery document: \(error.localizedDescription)")
return
}
guard let configuration = configuration else {
self.logMessage("Error retrieving discovery document. Error & Configuration both are NIL!")
return
}
self.logMessage("Got configuration: \(configuration)")
if let clientId = kClientID {
self.doAuthWithoutCodeExchange(configuration: configuration, clientID: clientId, clientSecret: nil)
} else {
self.doClientRegistration(configuration: configuration) { configuration, response in
guard let configuration = configuration, let response = response else {
return
}
self.doAuthWithoutCodeExchange(configuration: configuration,
clientID: response.clientID,
clientSecret: response.clientSecret)
}
}
}
}
@IBAction func codeExchange(_ sender: UIButton) {
guard let tokenExchangeRequest = self.authState?.lastAuthorizationResponse.tokenExchangeRequest() else {
self.logMessage("Error creating authorization code exchange request")
return
}
self.logMessage("Performing authorization code exchange with request \(tokenExchangeRequest)")
OIDAuthorizationService.perform(tokenExchangeRequest) { response, error in
if let tokenResponse = response {
self.logMessage("Received token response with accessToken: \(tokenResponse.accessToken ?? "DEFAULT_TOKEN")")
} else {
self.logMessage("Token exchange error: \(error?.localizedDescription ?? "DEFAULT_ERROR")")
}
self.authState?.update(with: response, error: error)
}
}
@IBAction func userinfo(_ sender: UIButton) {
guard let userinfoEndpoint = self.authState?.lastAuthorizationResponse.request.configuration.discoveryDocument?.userinfoEndpoint else {
self.logMessage("Userinfo endpoint not declared in discovery document")
return
}
self.logMessage("Performing userinfo request")
let currentAccessToken: String? = self.authState?.lastTokenResponse?.accessToken
self.authState?.performAction() { (accessToken, idTOken, error) in
if error != nil {
self.logMessage("Error fetching fresh tokens: \(error?.localizedDescription ?? "ERROR")")
return
}
guard let accessToken = accessToken else {
self.logMessage("Error getting accessToken")
return
}
if currentAccessToken != accessToken {
self.logMessage("Access token was refreshed automatically (\(currentAccessToken ?? "CURRENT_ACCESS_TOKEN") to \(accessToken))")
} else {
self.logMessage("Access token was fresh and not updated \(accessToken)")
}
var urlRequest = URLRequest(url: userinfoEndpoint)
urlRequest.allHTTPHeaderFields = ["Authorization":"Bearer \(accessToken)"]
let task = URLSession.shared.dataTask(with: urlRequest) { data, response, error in
DispatchQueue.main.async {
guard error == nil else {
self.logMessage("HTTP request failed \(error?.localizedDescription ?? "ERROR")")
return
}
guard let response = response as? HTTPURLResponse else {
self.logMessage("Non-HTTP response")
return
}
guard let data = data else {
self.logMessage("HTTP response data is empty")
return
}
var json: [AnyHashable: Any]?
do {
json = try JSONSerialization.jsonObject(with: data, options: []) as? [String: Any]
} catch {
self.logMessage("JSON Serialization Error")
}
if response.statusCode != 200 {
// server replied with an error
let responseText: String? = String(data: data, encoding: String.Encoding.utf8)
if response.statusCode == 401 {
// "401 Unauthorized" generally indicates there is an issue with the authorization
// grant. Puts OIDAuthState into an error state.
let oauthError = OIDErrorUtilities.resourceServerAuthorizationError(withCode: 0,
errorResponse: json,
underlyingError: error)
self.authState?.update(withAuthorizationError: oauthError)
self.logMessage("Authorization Error (\(oauthError)). Response: \(responseText ?? "RESPONSE_TEXT")")
} else {
self.logMessage("HTTP: \(response.statusCode), Response: \(responseText ?? "RESPONSE_TEXT")")
}
return
}
if let json = json {
self.logMessage("Success: \(json)")
}
}
}
task.resume()
}
}
@IBAction func trashClicked(_ sender: UIBarButtonItem) {
let alert = UIAlertController(title: nil,
message: nil,
preferredStyle: UIAlertControllerStyle.actionSheet)
let clearAuthAction = UIAlertAction(title: "Clear OAuthState", style: .destructive) { (_: UIAlertAction) in
self.setAuthState(nil)
self.updateUI()
}
alert.addAction(clearAuthAction)
let clearLogs = UIAlertAction(title: "Clear Logs", style: .default) { (_: UIAlertAction) in
DispatchQueue.main.async {
self.logTextView.text = ""
}
}
let cancelAction = UIAlertAction(title: "Cancel", style: .cancel, handler: nil)
alert.addAction(clearLogs)
alert.addAction(cancelAction)
self.present(alert, animated: true, completion: nil)
}
}
//MARK: AppAuth Methods
extension AppAuthExampleViewController {
func doClientRegistration(configuration: OIDServiceConfiguration, callback: @escaping PostRegistrationCallback) {
guard let redirectURI = URL(string: kRedirectURI) else {
self.logMessage("Error creating URL for : \(kRedirectURI)")
return
}
let request: OIDRegistrationRequest = OIDRegistrationRequest(configuration: configuration,
redirectURIs: [redirectURI],
responseTypes: nil,
grantTypes: nil,
subjectType: nil,
tokenEndpointAuthMethod: "client_secret_post",
additionalParameters: nil)
// performs registration request
self.logMessage("Initiating registration request")
OIDAuthorizationService.perform(request) { response, error in
if let regResponse = response {
self.setAuthState(OIDAuthState(registrationResponse: regResponse))
self.logMessage("Got registration response: \(regResponse)")
callback(configuration, regResponse)
} else {
self.logMessage("Registration error: \(error?.localizedDescription ?? "DEFAULT_ERROR")")
self.setAuthState(nil)
}
}
}
func doAuthWithAutoCodeExchange(configuration: OIDServiceConfiguration, clientID: String, clientSecret: String?) {
guard let redirectURI = URL(string: kRedirectURI) else {
self.logMessage("Error creating URL for : \(kRedirectURI)")
return
}
guard let appDelegate = UIApplication.shared.delegate as? AppDelegate else {
self.logMessage("Error accessing AppDelegate")
return
}
// builds authentication request
let request = OIDAuthorizationRequest(configuration: configuration,
clientId: clientID,
clientSecret: clientSecret,
scopes: [OIDScopeOpenID, "sitecore.profile"],
redirectURL: redirectURI,
responseType: OIDResponseTypeCode,
additionalParameters: nil)
// performs authentication request
logMessage("Initiating authorization request with scope: \(request.scope ?? "DEFAULT_SCOPE")")
appDelegate.currentAuthorizationFlow = OIDAuthState.authState(byPresenting: request, presenting: self) { authState, error in
if let authState = authState {
self.setAuthState(authState)
self.logMessage("Got authorization tokens. Access token: \(authState.lastTokenResponse?.accessToken ?? "DEFAULT_TOKEN")")
} else {
self.logMessage("Authorization error: \(error?.localizedDescription ?? "DEFAULT_ERROR")")
self.setAuthState(nil)
}
}
}
func doAuthWithoutCodeExchange(configuration: OIDServiceConfiguration, clientID: String, clientSecret: String?) {
guard let redirectURI = URL(string: kRedirectURI) else {
self.logMessage("Error creating URL for : \(kRedirectURI)")
return
}
guard let appDelegate = UIApplication.shared.delegate as? AppDelegate else {
self.logMessage("Error accessing AppDelegate")
return
}
// builds authentication request
let request = OIDAuthorizationRequest(configuration: configuration,
clientId: clientID,
clientSecret: clientSecret,
scopes: [OIDScopeOpenID, OIDScopeProfile],
redirectURL: redirectURI,
responseType: OIDResponseTypeCode,
additionalParameters: nil)
// performs authentication request
logMessage("Initiating authorization request with scope: \(request.scope ?? "DEFAULT_SCOPE")")
appDelegate.currentAuthorizationFlow = OIDAuthorizationService.present(request, presenting: self) { (response, error) in
if let response = response {
let authState = OIDAuthState(authorizationResponse: response)
self.setAuthState(authState)
self.logMessage("Authorization response with code: \(response.authorizationCode ?? "DEFAULT_CODE")")
// could just call [self tokenExchange:nil] directly, but will let the user initiate it.
} else {
self.logMessage("Authorization error: \(error?.localizedDescription ?? "DEFAULT_ERROR")")
}
}
}
}
//MARK: OIDAuthState Delegate
extension AppAuthExampleViewController: OIDAuthStateChangeDelegate, OIDAuthStateErrorDelegate {
func didChange(_ state: OIDAuthState) {
self.stateChanged()
}
func authState(_ state: OIDAuthState, didEncounterAuthorizationError error: Error) {
self.logMessage("Received authorization error: \(error)")
}
}
//MARK: Helper Methods
extension AppAuthExampleViewController {
func saveState() {
var data: Data? = nil
if let authState = self.authState {
data = NSKeyedArchiver.archivedData(withRootObject: authState)
}
UserDefaults.standard.set(data, forKey: kAppAuthExampleAuthStateKey)
UserDefaults.standard.synchronize()
}
func loadState() {
guard let data = UserDefaults.standard.object(forKey: kAppAuthExampleAuthStateKey) as? Data else {
return
}
if let authState = NSKeyedUnarchiver.unarchiveObject(with: data) as? OIDAuthState {
self.setAuthState(authState)
}
}
func setAuthState(_ authState: OIDAuthState?) {
if (self.authState == authState) {
return;
}
self.authState = authState;
self.authState?.stateChangeDelegate = self;
self.stateChanged()
}
func updateUI() {
self.codeExchangeButton.isEnabled = self.authState?.lastAuthorizationResponse.authorizationCode != nil && !((self.authState?.lastTokenResponse) != nil)
if let authState = self.authState {
self.authAutoButton.setTitle("1. Re-Auth", for: .normal)
self.authManual.setTitle("1(A) Re-Auth", for: .normal)
self.userinfoButton.isEnabled = authState.isAuthorized ? true : false
} else {
self.authAutoButton.setTitle("1. Auto", for: .normal)
self.authManual.setTitle("1(A) Manual", for: .normal)
self.userinfoButton.isEnabled = false
}
}
func stateChanged() {
self.saveState()
self.updateUI()
}
func logMessage(_ message: String?) {
guard let message = message else {
return
}
print(message);
let dateFormatter = DateFormatter()
dateFormatter.dateFormat = "hh:mm:ss";
let dateString = dateFormatter.string(from: Date())
// appends to output log
DispatchQueue.main.async {
let logText = "\(self.logTextView.text ?? "")\n\(dateString): \(message)"
self.logTextView.text = logText
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.