Version 3.1

master
Nicholas Zana 3 years ago
parent 70d4873ef2
commit eabf7fb4f6
  1. 178
      Podfile.lock
  2. 202
      Pods/AppAuth/LICENSE
  3. 340
      Pods/AppAuth/README.md
  4. 91
      Pods/AppAuth/Source/AppAuth.h
  5. 43
      Pods/AppAuth/Source/AppAuthCore.h
  6. 272
      Pods/AppAuth/Source/OIDAuthState.h
  7. 570
      Pods/AppAuth/Source/OIDAuthState.m
  8. 39
      Pods/AppAuth/Source/OIDAuthStateChangeDelegate.h
  9. 62
      Pods/AppAuth/Source/OIDAuthStateErrorDelegate.h
  10. 250
      Pods/AppAuth/Source/OIDAuthorizationRequest.h
  11. 351
      Pods/AppAuth/Source/OIDAuthorizationRequest.m
  12. 128
      Pods/AppAuth/Source/OIDAuthorizationResponse.h
  13. 210
      Pods/AppAuth/Source/OIDAuthorizationResponse.m
  14. 170
      Pods/AppAuth/Source/OIDAuthorizationService.h
  15. 790
      Pods/AppAuth/Source/OIDAuthorizationService.m
  16. 51
      Pods/AppAuth/Source/OIDClientMetadataParameters.h
  17. 33
      Pods/AppAuth/Source/OIDClientMetadataParameters.m
  18. 51
      Pods/AppAuth/Source/OIDDefines.h
  19. 107
      Pods/AppAuth/Source/OIDEndSessionRequest.h
  20. 190
      Pods/AppAuth/Source/OIDEndSessionRequest.m
  21. 64
      Pods/AppAuth/Source/OIDEndSessionResponse.h
  22. 118
      Pods/AppAuth/Source/OIDEndSessionResponse.m
  23. 393
      Pods/AppAuth/Source/OIDError.h
  24. 45
      Pods/AppAuth/Source/OIDError.m
  25. 107
      Pods/AppAuth/Source/OIDErrorUtilities.h
  26. 172
      Pods/AppAuth/Source/OIDErrorUtilities.m
  27. 53
      Pods/AppAuth/Source/OIDExternalUserAgent.h
  28. 37
      Pods/AppAuth/Source/OIDExternalUserAgentRequest.h
  29. 65
      Pods/AppAuth/Source/OIDExternalUserAgentSession.h
  30. 126
      Pods/AppAuth/Source/OIDFieldMapping.h
  31. 132
      Pods/AppAuth/Source/OIDFieldMapping.m
  32. 40
      Pods/AppAuth/Source/OIDGrantTypes.h
  33. 27
      Pods/AppAuth/Source/OIDGrantTypes.m
  34. 91
      Pods/AppAuth/Source/OIDIDToken.h
  35. 149
      Pods/AppAuth/Source/OIDIDToken.m
  36. 141
      Pods/AppAuth/Source/OIDRegistrationRequest.h
  37. 248
      Pods/AppAuth/Source/OIDRegistrationRequest.m
  38. 126
      Pods/AppAuth/Source/OIDRegistrationResponse.h
  39. 164
      Pods/AppAuth/Source/OIDRegistrationResponse.m
  40. 31
      Pods/AppAuth/Source/OIDResponseTypes.h
  41. 25
      Pods/AppAuth/Source/OIDResponseTypes.m
  42. 48
      Pods/AppAuth/Source/OIDScopeUtilities.h
  43. 58
      Pods/AppAuth/Source/OIDScopeUtilities.m
  44. 46
      Pods/AppAuth/Source/OIDScopes.h
  45. 29
      Pods/AppAuth/Source/OIDScopes.m
  46. 118
      Pods/AppAuth/Source/OIDServiceConfiguration.h
  47. 223
      Pods/AppAuth/Source/OIDServiceConfiguration.m
  48. 358
      Pods/AppAuth/Source/OIDServiceDiscovery.h
  49. 362
      Pods/AppAuth/Source/OIDServiceDiscovery.m
  50. 162
      Pods/AppAuth/Source/OIDTokenRequest.h
  51. 307
      Pods/AppAuth/Source/OIDTokenRequest.m
  52. 110
      Pods/AppAuth/Source/OIDTokenResponse.h
  53. 163
      Pods/AppAuth/Source/OIDTokenResponse.m
  54. 67
      Pods/AppAuth/Source/OIDTokenUtilities.h
  55. 89
      Pods/AppAuth/Source/OIDTokenUtilities.m
  56. 93
      Pods/AppAuth/Source/OIDURLQueryComponent.h
  57. 219
      Pods/AppAuth/Source/OIDURLQueryComponent.m
  58. 40
      Pods/AppAuth/Source/OIDURLSessionProvider.h
  59. 39
      Pods/AppAuth/Source/OIDURLSessionProvider.m
  60. 57
      Pods/AppAuth/Source/iOS/OIDAuthState+IOS.h
  61. 46
      Pods/AppAuth/Source/iOS/OIDAuthState+IOS.m
  62. 44
      Pods/AppAuth/Source/iOS/OIDAuthorizationService+IOS.h
  63. 37
      Pods/AppAuth/Source/iOS/OIDAuthorizationService+IOS.m
  64. 46
      Pods/AppAuth/Source/iOS/OIDExternalUserAgentIOS.h
  65. 245
      Pods/AppAuth/Source/iOS/OIDExternalUserAgentIOS.m
  66. 106
      Pods/AppAuth/Source/iOS/OIDExternalUserAgentIOSCustomBrowser.h
  67. 161
      Pods/AppAuth/Source/iOS/OIDExternalUserAgentIOSCustomBrowser.m
  68. 251
      Pods/BoringSSL-GRPC/LICENSE
  69. 33
      Pods/BoringSSL-GRPC/README.md
  70. 271
      Pods/BoringSSL-GRPC/crypto/asn1/a_bitstr.c
  71. 271
      Pods/BoringSSL-GRPC/crypto/asn1/a_bitstr.c.grpc_back
  72. 110
      Pods/BoringSSL-GRPC/crypto/asn1/a_bool.c
  73. 110
      Pods/BoringSSL-GRPC/crypto/asn1/a_bool.c.grpc_back
  74. 297
      Pods/BoringSSL-GRPC/crypto/asn1/a_d2i_fp.c
  75. 297
      Pods/BoringSSL-GRPC/crypto/asn1/a_d2i_fp.c.grpc_back
  76. 111
      Pods/BoringSSL-GRPC/crypto/asn1/a_dup.c
  77. 111
      Pods/BoringSSL-GRPC/crypto/asn1/a_dup.c.grpc_back
  78. 195
      Pods/BoringSSL-GRPC/crypto/asn1/a_enum.c
  79. 195
      Pods/BoringSSL-GRPC/crypto/asn1/a_enum.c.grpc_back
  80. 261
      Pods/BoringSSL-GRPC/crypto/asn1/a_gentm.c
  81. 261
      Pods/BoringSSL-GRPC/crypto/asn1/a_gentm.c.grpc_back
  82. 150
      Pods/BoringSSL-GRPC/crypto/asn1/a_i2d_fp.c
  83. 150
      Pods/BoringSSL-GRPC/crypto/asn1/a_i2d_fp.c.grpc_back
  84. 479
      Pods/BoringSSL-GRPC/crypto/asn1/a_int.c
  85. 479
      Pods/BoringSSL-GRPC/crypto/asn1/a_int.c.grpc_back
  86. 411
      Pods/BoringSSL-GRPC/crypto/asn1/a_mbstr.c
  87. 411
      Pods/BoringSSL-GRPC/crypto/asn1/a_mbstr.c.grpc_back
  88. 275
      Pods/BoringSSL-GRPC/crypto/asn1/a_object.c
  89. 275
      Pods/BoringSSL-GRPC/crypto/asn1/a_object.c.grpc_back
  90. 77
      Pods/BoringSSL-GRPC/crypto/asn1/a_octet.c
  91. 77
      Pods/BoringSSL-GRPC/crypto/asn1/a_octet.c.grpc_back
  92. 93
      Pods/BoringSSL-GRPC/crypto/asn1/a_print.c
  93. 93
      Pods/BoringSSL-GRPC/crypto/asn1/a_print.c.grpc_back
  94. 312
      Pods/BoringSSL-GRPC/crypto/asn1/a_strnid.c
  95. 312
      Pods/BoringSSL-GRPC/crypto/asn1/a_strnid.c.grpc_back
  96. 213
      Pods/BoringSSL-GRPC/crypto/asn1/a_time.c
  97. 213
      Pods/BoringSSL-GRPC/crypto/asn1/a_time.c.grpc_back
  98. 151
      Pods/BoringSSL-GRPC/crypto/asn1/a_type.c
  99. 151
      Pods/BoringSSL-GRPC/crypto/asn1/a_type.c.grpc_back
  100. 303
      Pods/BoringSSL-GRPC/crypto/asn1/a_utctm.c
  101. Some files were not shown because too many files have changed in this diff Show More

@ -0,0 +1,178 @@
PODS:
- AppAuth (1.2.0):
- AppAuth/Core (= 1.2.0)
- AppAuth/ExternalUserAgent (= 1.2.0)
- AppAuth/Core (1.2.0)
- AppAuth/ExternalUserAgent (1.2.0)
- BoringSSL-GRPC (0.0.3):
- BoringSSL-GRPC/Implementation (= 0.0.3)
- BoringSSL-GRPC/Interface (= 0.0.3)
- BoringSSL-GRPC/Implementation (0.0.3):
- BoringSSL-GRPC/Interface (= 0.0.3)
- BoringSSL-GRPC/Interface (0.0.3)
- Firebase/Auth (6.7.0):
- Firebase/CoreOnly
- FirebaseAuth (~> 6.2.3)
- Firebase/CoreOnly (6.7.0):
- FirebaseCore (= 6.2.1)
- Firebase/Database (6.7.0):
- Firebase/CoreOnly
- FirebaseDatabase (~> 6.1.0)
- Firebase/Firestore (6.7.0):
- Firebase/CoreOnly
- FirebaseFirestore (~> 1.4.4)
- FirebaseAuth (6.2.3):
- FirebaseAuthInterop (~> 1.0)
- FirebaseCore (~> 6.2)
- GoogleUtilities/AppDelegateSwizzler (~> 6.2)
- GoogleUtilities/Environment (~> 6.2)
- GTMSessionFetcher/Core (~> 1.1)
- FirebaseAuthInterop (1.0.0)
- FirebaseCore (6.2.1):
- FirebaseCoreDiagnostics (~> 1.0)
- FirebaseCoreDiagnosticsInterop (~> 1.0)
- GoogleUtilities/Environment (~> 6.2)
- GoogleUtilities/Logger (~> 6.2)
- FirebaseCoreDiagnostics (1.0.1):
- FirebaseCoreDiagnosticsInterop (~> 1.0)
- GoogleDataTransportCCTSupport (~> 1.0)
- GoogleUtilities/Environment (~> 6.2)
- GoogleUtilities/Logger (~> 6.2)
- FirebaseCoreDiagnosticsInterop (1.0.0)
- FirebaseDatabase (6.1.0):
- FirebaseAuthInterop (~> 1.0)
- FirebaseCore (~> 6.0)
- leveldb-library (~> 1.18)
- FirebaseFirestore (1.4.5):
- FirebaseAuthInterop (~> 1.0)
- FirebaseCore (~> 6.2)
- FirebaseFirestore/abseil-cpp (= 1.4.5)
- "gRPC-C++ (= 0.0.9)"
- leveldb-library (~> 1.20)
- nanopb (~> 0.3.901)
- Protobuf (~> 3.1)
- FirebaseFirestore/abseil-cpp (1.4.5):
- FirebaseAuthInterop (~> 1.0)
- FirebaseCore (~> 6.2)
- "gRPC-C++ (= 0.0.9)"
- leveldb-library (~> 1.20)
- nanopb (~> 0.3.901)
- Protobuf (~> 3.1)
- GoogleDataTransport (1.1.3)
- GoogleDataTransportCCTSupport (1.0.2):
- GoogleDataTransport (~> 1.1)
- nanopb
- GoogleSignIn (5.0.0):
- AppAuth (~> 1.1)
- GTMAppAuth (~> 1.0)
- GTMSessionFetcher/Core (~> 1.1)
- GoogleUtilities/AppDelegateSwizzler (6.2.5):
- GoogleUtilities/Environment
- GoogleUtilities/Logger
- GoogleUtilities/Network
- GoogleUtilities/Environment (6.2.5)
- GoogleUtilities/Logger (6.2.5):
- GoogleUtilities/Environment
- GoogleUtilities/Network (6.2.5):
- GoogleUtilities/Logger
- "GoogleUtilities/NSData+zlib"
- GoogleUtilities/Reachability
- "GoogleUtilities/NSData+zlib (6.2.5)"
- GoogleUtilities/Reachability (6.2.5):
- GoogleUtilities/Logger
- "gRPC-C++ (0.0.9)":
- "gRPC-C++/Implementation (= 0.0.9)"
- "gRPC-C++/Interface (= 0.0.9)"
- "gRPC-C++/Implementation (0.0.9)":
- "gRPC-C++/Interface (= 0.0.9)"
- gRPC-Core (= 1.21.0)
- nanopb (~> 0.3)
- "gRPC-C++/Interface (0.0.9)"
- gRPC-Core (1.21.0):
- gRPC-Core/Implementation (= 1.21.0)
- gRPC-Core/Interface (= 1.21.0)
- gRPC-Core/Implementation (1.21.0):
- BoringSSL-GRPC (= 0.0.3)
- gRPC-Core/Interface (= 1.21.0)
- nanopb (~> 0.3)
- gRPC-Core/Interface (1.21.0)
- GTMAppAuth (1.0.0):
- AppAuth/Core (~> 1.0)
- GTMSessionFetcher (~> 1.1)
- GTMSessionFetcher (1.2.2):
- GTMSessionFetcher/Full (= 1.2.2)
- GTMSessionFetcher/Core (1.2.2)
- GTMSessionFetcher/Full (1.2.2):
- GTMSessionFetcher/Core (= 1.2.2)
- Koyomi (1.2.7)
- leveldb-library (1.22)
- nanopb (0.3.901):
- nanopb/decode (= 0.3.901)
- nanopb/encode (= 0.3.901)
- nanopb/decode (0.3.901)
- nanopb/encode (0.3.901)
- Protobuf (3.9.0)
- RSBarcodes_Swift (5.0.0)
DEPENDENCIES:
- Firebase/Auth
- Firebase/Database
- Firebase/Firestore
- GoogleSignIn
- Koyomi
- RSBarcodes_Swift (~> 5.0.0)
SPEC REPOS:
https://github.com/cocoapods/specs.git:
- AppAuth
- BoringSSL-GRPC
- Firebase
- FirebaseAuth
- FirebaseAuthInterop
- FirebaseCore
- FirebaseCoreDiagnostics
- FirebaseCoreDiagnosticsInterop
- FirebaseDatabase
- FirebaseFirestore
- GoogleDataTransport
- GoogleDataTransportCCTSupport
- GoogleSignIn
- GoogleUtilities
- "gRPC-C++"
- gRPC-Core
- GTMAppAuth
- GTMSessionFetcher
- Koyomi
- leveldb-library
- nanopb
- Protobuf
- RSBarcodes_Swift
SPEC CHECKSUMS:
AppAuth: bce82c76043657c99d91e7882e8a9e1a93650cd4
BoringSSL-GRPC: db8764df3204ccea016e1c8dd15d9a9ad63ff318
Firebase: 291d7b0a7b393f252358083b5d224884126fa46d
FirebaseAuth: e7f86c2dfc57281cd01f7da5e4b40e01e4510a4a
FirebaseAuthInterop: 0ffa57668be100582bb7643d4fcb7615496c41fc
FirebaseCore: 32b48f41c84a56fbde73b35ed01a830b3b6dc048
FirebaseCoreDiagnostics: 4c04ae09d0ab027c30179828c6bb47764df1bd13
FirebaseCoreDiagnosticsInterop: 6829da2b8d1fc795ff1bd99df751d3788035d2cb
FirebaseDatabase: 518cd94286de2ee999e19383a2a6ae04c81ce993
FirebaseFirestore: c457c22c49ccf15a0fbe95bfcbcf69b984dec285
GoogleDataTransport: 91e682bd60a49d3f8f69f2e909a66efaed5a1e7a
GoogleDataTransportCCTSupport: 6b545f7149111180763dc18c6f372c963de4a310
GoogleSignIn: a62edd0516721d2a3db1259a5681b91f9b41c06a
GoogleUtilities: e7dc37039b19df7fe543479d3e4a02ac8d11bb69
"gRPC-C++": 9dfe7b44821e7b3e44aacad2af29d2c21f7cde83
gRPC-Core: c9aef9a261a1247e881b18059b84d597293c9947
GTMAppAuth: 4deac854479704f348309e7b66189e604cf5e01e
GTMSessionFetcher: 61bb0f61a4cb560030f1222021178008a5727a23
Koyomi: f03615b8d2bb5a5a4752c6404a9794ed7ef7b327
leveldb-library: 55d93ee664b4007aac644a782d11da33fba316f7
nanopb: 2901f78ea1b7b4015c860c2fdd1ea2fee1a18d48
Protobuf: 1097ca58584c8d9be81bfbf2c5ff5975648dd87a
RSBarcodes_Swift: b6bee284eef3ee27f67fabb0d7f07459ed68a3de
PODFILE CHECKSUM: 7f48972d5686adcf6cc1e417616b2bd185aef185
COCOAPODS: 1.7.5

202
Pods/AppAuth/LICENSE generated

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

@ -0,0 +1,340 @@
![AppAuth for iOS and macOS](https://rawgit.com/openid/AppAuth-iOS/master/appauth_lockup.svg)
[![Build Status](https://travis-ci.org/openid/AppAuth-iOS.svg?branch=master)](https://travis-ci.org/openid/AppAuth-iOS)
[![Carthage compatible](https://img.shields.io/badge/Carthage-compatible-4BC51D.svg?style=flat)](https://github.com/Carthage/Carthage)
AppAuth for iOS and macOS is a client SDK for communicating with
[OAuth 2.0](https://tools.ietf.org/html/rfc6749) and
[OpenID Connect](http://openid.net/specs/openid-connect-core-1_0.html) providers.
It strives to
directly map the requests and responses of those specifications, while following
the idiomatic style of the implementation language. In addition to mapping the
raw protocol flows, convenience methods are available to assist with common
tasks like performing an action with fresh tokens.
It follows the best practices set out in
[RFC 8252 - OAuth 2.0 for Native Apps](https://tools.ietf.org/html/rfc8252)
including using `SFAuthenticationSession` and `SFSafariViewController` on iOS
for the auth request. `UIWebView` and `WKWebView` are explicitly *not*
supported due to the security and usability reasons explained in
[Section 8.12 of RFC 8252](https://tools.ietf.org/html/rfc8252#section-8.12).
It also supports the [PKCE](https://tools.ietf.org/html/rfc7636) extension to
OAuth which was created to secure authorization codes in public clients when
custom URI scheme redirects are used. The library is friendly to other
extensions (standard or otherwise) with the ability to handle additional params
in all protocol requests and responses.
## Specification
### iOS
#### Supported Versions
AppAuth supports iOS 7 and above.
iOS 9+ uses the in-app browser tab pattern
(via `SFSafariViewController`), and falls back to the system browser (mobile
Safari) on earlier versions.
#### Authorization Server Requirements
Both Custom URI Schemes (all supported versions of iOS) and Universal Links
(iOS 9+) can be used with the library.
In general, AppAuth can work with any Authorization Server (AS) that supports
native apps as documented in [RFC 8252](https://tools.ietf.org/html/rfc8252),
either through custom URI scheme redirects, or universal links.
AS's that assume all clients are web-based or require clients to maintain
confidentiality of the client secrets may not work well.
### macOS
#### Supported Versions
AppAuth supports macOS (OS X) 10.9 and above.
#### Authorization Server Requirements
AppAuth for macOS supports both custom schemes, a loopback HTTP redirects
via a small embedded server.
In general, AppAuth can work with any Authorization Server (AS) that supports
native apps as documented in [RFC 8252](https://tools.ietf.org/html/rfc8252),
either through custom URI scheme, or loopback HTTP redirects.
AS's that assume all clients are web-based or require clients to maintain
confidentiality of the client secrets may not work well.
## Try
Want to try out AppAuth? Just run:
pod try AppAuth
Follow the instructions in [Examples/README.md](Examples/README.md) to configure
with your own OAuth client (you need to update 3 configuration points with your
client info to try the demo).
## Setup
AppAuth supports three options for dependency management.
### CocoaPods
With [CocoaPods](https://guides.cocoapods.org/using/getting-started.html),
add the following line to your `Podfile`:
pod 'AppAuth'
Then run `pod install`.
### Carthage
With [Carthage](https://github.com/Carthage/Carthage), add the following
line to your `Cartfile`:
github "openid/AppAuth-iOS" "master"
Then run `carthage bootstrap`.
### Static Library
You can also use AppAuth as a static library. This requires linking the library
and your project and including the headers. Suggested configuration:
1. Create an Xcode Workspace.
2. Add `AppAuth.xcodeproj` to your Workspace.
3. Include libAppAuth as a linked library for your target (in the "General ->
Linked Framework and Libraries" section of your target).
4. Add `AppAuth-iOS/Source` to your search paths of your target ("Build Settings ->
"Header Search Paths").
## Auth Flow
AppAuth supports both manual interaction with the Authorization Server
where you need to perform your own token exchanges, as well as convenience
methods that perform some of this logic for you. This example uses the
convenience method which returns either an `OIDAuthState` object, or an error.
`OIDAuthState` is a class that keeps track of the authorization and token
requests and responses, and provides a convenience method to call an API with
fresh tokens. This is the only object that you need to serialize to retain the
authorization state of the session.
### Configuration
You can configure AppAuth by specifying the endpoints directly:
```objc
NSURL *authorizationEndpoint =
[NSURL URLWithString:@"https://accounts.google.com/o/oauth2/v2/auth"];
NSURL *tokenEndpoint =
[NSURL URLWithString:@"https://www.googleapis.com/oauth2/v4/token"];
OIDServiceConfiguration *configuration =
[[OIDServiceConfiguration alloc]
initWithAuthorizationEndpoint:authorizationEndpoint
tokenEndpoint:tokenEndpoint];
// perform the auth request...
```
Or through discovery:
```objc
NSURL *issuer = [NSURL URLWithString:@"https://accounts.google.com"];
[OIDAuthorizationService discoverServiceConfigurationForIssuer:issuer
completion:^(OIDServiceConfiguration *_Nullable configuration,
NSError *_Nullable error) {
if (!configuration) {
NSLog(@"Error retrieving discovery document: %@",
[error localizedDescription]);
return;
}
// perform the auth request...
}];
```
### Authorizing – iOS
First you need to have a property in your AppDelegate to hold the session, in
order to continue the authorization flow from the redirect.
```objc
// property of the app's AppDelegate
@property(nonatomic, strong, nullable)
id<OIDExternalUserAgentSession> currentAuthorizationFlow;
```
And your main class, a property to store the auth state:
```objc
// property of the containing class
@property(nonatomic, strong, nullable) OIDAuthState *authState;
```
Then, initiate the authorization request. By using the
`authStateByPresentingAuthorizationRequest` convenience method, the token
exchange will be performed automatically, and everything will be protected with
PKCE (if the server supports it). AppAuth also allows you to perform these
requests manually. See the `authNoCodeExchange` method in the included Example
app for a demonstration.
```objc
// builds authentication request
OIDAuthorizationRequest *request =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:kClientID
scopes:@[OIDScopeOpenID,
OIDScopeProfile]
redirectURL:kRedirectURI
responseType:OIDResponseTypeCode
additionalParameters:nil];
// performs authentication request
AppDelegate *appDelegate =
(AppDelegate *)[UIApplication sharedApplication].delegate;
appDelegate.currentAuthorizationFlow =
[OIDAuthState authStateByPresentingAuthorizationRequest:request
presentingViewController:self
callback:^(OIDAuthState *_Nullable authState,
NSError *_Nullable error) {
if (authState) {
NSLog(@"Got authorization tokens. Access token: %@",
authState.lastTokenResponse.accessToken);
[self setAuthState:authState];
} else {
NSLog(@"Authorization error: %@", [error localizedDescription]);
[self setAuthState:nil];
}
}];
```
*Handling the Redirect*
The authorization response URL is returned to the app via the iOS openURL
app delegate method, so you need to pipe this through to the current
authorization session (created in the previous session).
```objc
- (BOOL)application:(UIApplication *)app
openURL:(NSURL *)url
options:(NSDictionary<NSString *, id> *)options {
// Sends the URL to the current authorization flow (if any) which will
// process it if it relates to an authorization response.
if ([_currentAuthorizationFlow resumeExternalUserAgentFlowWithURL:url]) {
_currentAuthorizationFlow = nil;
return YES;
}
// Your additional URL handling (if any) goes here.
return NO;
}
```
### Authorizing – MacOS
On macOS, the most popular way to get the authorization response redirect is to
start a local HTTP server on the loopback interface (limited to incoming
requests from the user's machine only). When the authorization is complete, the
user is redirected to that local server, and the authorization response can be
processed by the app. AppAuth takes care of managing the local HTTP server
lifecycle for you.
> #### :bulb: Alternative: Custom URI Schemes
> Custom URI schemes are also supported on macOS, but some browsers display
> an interstitial which reduces the usability. For an example on using custom
> URI schemes with macOS, See `Example-Mac`.
To receive the authorization response using a local HTTP server, first you need
to have an instance variable in your main class to retain the HTTP redirect
handler.
```objc
OIDRedirectHTTPHandler *_redirectHTTPHandler;
```
Then, as the port used by the local HTTP server varies, you need to start it
before building the authorization request in order to get the exact redirect
URI to use.
```objc
static NSString *const kSuccessURLString =
@"http://openid.github.io/AppAuth-iOS/redirect/";
NSURL *successURL = [NSURL URLWithString:kSuccessURLString];
// Starts a loopback HTTP redirect listener to receive the code. This needs to be started first,
// as the exact redirect URI (including port) must be passed in the authorization request.
_redirectHTTPHandler = [[OIDRedirectHTTPHandler alloc] initWithSuccessURL:successURL];
NSURL *redirectURI = [_redirectHTTPHandler startHTTPListener:nil];
```
Then, initiate the authorization request. By using the
`authStateByPresentingAuthorizationRequest` convenience method, the token
exchange will be performed automatically, and everything will be protected with
PKCE (if the server supports it). By assigning the return value to the
`OIDRedirectHTTPHandler`'s `currentAuthorizationFlow`, the authorization will
continue automatically once the user makes their choice.
```objc
// builds authentication request
OIDAuthorizationRequest *request =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:kClientID
clientSecret:kClientSecret
scopes:@[ OIDScopeOpenID ]
redirectURL:redirectURI
responseType:OIDResponseTypeCode
additionalParameters:nil];
// performs authentication request
__weak __typeof(self) weakSelf = self;
_redirectHTTPHandler.currentAuthorizationFlow =
[OIDAuthState authStateByPresentingAuthorizationRequest:request
callback:^(OIDAuthState *_Nullable authState,
NSError *_Nullable error) {
// Brings this app to the foreground.
[[NSRunningApplication currentApplication]
activateWithOptions:(NSApplicationActivateAllWindows |
NSApplicationActivateIgnoringOtherApps)];
// Processes the authorization response.
if (authState) {
NSLog(@"Got authorization tokens. Access token: %@",
authState.lastTokenResponse.accessToken);
} else {
NSLog(@"Authorization error: %@", error.localizedDescription);
}
[weakSelf setAuthState:authState];
}];
```
### Making API Calls
AppAuth gives you the raw token information, if you need it. However we
recommend that users of the `OIDAuthState` convenience wrapper use the provided
`performActionWithFreshTokens:` method to perform their API calls to avoid
needing to worry about token freshness.
```objc
[_authState performActionWithFreshTokens:^(NSString *_Nonnull accessToken,
NSString *_Nonnull idToken,
NSError *_Nullable error) {
if (error) {
NSLog(@"Error fetching fresh tokens: %@", [error localizedDescription]);
return;
}
// perform your API request using the tokens
}];
```
## API Documentation
Browse the [API documentation](http://openid.github.io/AppAuth-iOS/docs/latest/annotated.html).
## Included Samples
Sample apps that explore core AppAuth features are available for iOS and macOS, follow the instructions in [Examples/README.md](Examples/README.md) to get started.

@ -0,0 +1,91 @@
/*! @file AppAuth.h
@brief AppAuth iOS SDK
@copyright
Copyright 2015 Google Inc. All Rights Reserved.
@copydetails
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import "OIDAuthState.h"
#import "OIDAuthStateChangeDelegate.h"
#import "OIDAuthStateErrorDelegate.h"
#import "OIDAuthorizationRequest.h"
#import "OIDAuthorizationResponse.h"
#import "OIDAuthorizationService.h"
#import "OIDError.h"
#import "OIDErrorUtilities.h"
#import "OIDExternalUserAgent.h"
#import "OIDExternalUserAgentRequest.h"
#import "OIDExternalUserAgentSession.h"
#import "OIDGrantTypes.h"
#import "OIDIDToken.h"
#import "OIDRegistrationRequest.h"
#import "OIDRegistrationResponse.h"
#import "OIDResponseTypes.h"
#import "OIDScopes.h"
#import "OIDScopeUtilities.h"
#import "OIDServiceConfiguration.h"
#import "OIDServiceDiscovery.h"
#import "OIDTokenRequest.h"
#import "OIDTokenResponse.h"
#import "OIDTokenUtilities.h"
#import "OIDURLSessionProvider.h"
#import "OIDEndSessionRequest.h"
#import "OIDEndSessionResponse.h"
#if TARGET_OS_TV
#elif TARGET_OS_WATCH
#elif TARGET_OS_IOS
#import "OIDAuthState+IOS.h"
#import "OIDAuthorizationService+IOS.h"
#import "OIDExternalUserAgentIOS.h"
#import "OIDExternalUserAgentIOSCustomBrowser.h"
#elif TARGET_OS_MAC
#import "OIDAuthState+Mac.h"
#import "OIDAuthorizationService+Mac.h"
#import "OIDExternalUserAgentMac.h"
#import "OIDRedirectHTTPHandler.h"
#else
#error "Platform Undefined"
#endif
/*! @mainpage AppAuth for iOS and macOS
@section introduction Introduction
AppAuth for iOS and macOS is a client SDK for communicating with [OAuth 2.0]
(https://tools.ietf.org/html/rfc6749) and [OpenID Connect]
(http://openid.net/specs/openid-connect-core-1_0.html) providers. It strives to
directly map the requests and responses of those specifications, while following
the idiomatic style of the implementation language. In addition to mapping the
raw protocol flows, convenience methods are available to assist with common
tasks like performing an action with fresh tokens.
It follows the best practices set out in
[RFC 8252 - OAuth 2.0 for Native Apps](https://tools.ietf.org/html/rfc8252)
including using `SFAuthenticationSession` and `SFSafariViewController` on iOS
for the auth request. `UIWebView` and `WKWebView` are explicitly *not*
supported due to the security and usability reasons explained in
[Section 8.12 of RFC 8252](https://tools.ietf.org/html/rfc8252#section-8.12).
It also supports the [PKCE](https://tools.ietf.org/html/rfc7636) extension to
OAuth which was created to secure authorization codes in public clients when
custom URI scheme redirects are used. The library is friendly to other
extensions (standard or otherwise) with the ability to handle additional params
in all protocol requests and responses.
<b>Homepage</b>: http://openid.github.io/AppAuth-iOS/ <br>
<b>API Documentation</b>: http://openid.github.io/AppAuth-iOS/docs/latest <br>
<b>Git Repository</b>: https://github.com/openid/AppAuth-iOS <br>
*/

@ -0,0 +1,43 @@
/*! @file AppAuthCore.h
@brief AppAuth iOS SDK
@copyright
Copyright 2015 Google Inc. All Rights Reserved.
@copydetails
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import "OIDAuthState.h"
#import "OIDAuthStateChangeDelegate.h"
#import "OIDAuthStateErrorDelegate.h"
#import "OIDAuthorizationRequest.h"
#import "OIDAuthorizationResponse.h"
#import "OIDAuthorizationService.h"
#import "OIDError.h"
#import "OIDErrorUtilities.h"
#import "OIDExternalUserAgent.h"
#import "OIDExternalUserAgentRequest.h"
#import "OIDExternalUserAgentSession.h"
#import "OIDGrantTypes.h"
#import "OIDIDToken.h"
#import "OIDRegistrationRequest.h"
#import "OIDRegistrationResponse.h"
#import "OIDResponseTypes.h"
#import "OIDScopes.h"
#import "OIDScopeUtilities.h"
#import "OIDServiceConfiguration.h"
#import "OIDServiceDiscovery.h"
#import "OIDTokenRequest.h"
#import "OIDTokenResponse.h"
#import "OIDTokenUtilities.h"
#import "OIDURLSessionProvider.h"

@ -0,0 +1,272 @@
/*! @file OIDAuthState.h
@brief AppAuth iOS SDK
@copyright
Copyright 2015 Google Inc. All Rights Reserved.
@copydetails
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import <Foundation/Foundation.h>
@class OIDAuthorizationRequest;
@class OIDAuthorizationResponse;
@class OIDAuthState;
@class OIDRegistrationResponse;
@class OIDTokenResponse;
@class OIDTokenRequest;
@protocol OIDAuthStateChangeDelegate;
@protocol OIDAuthStateErrorDelegate;
@protocol OIDExternalUserAgent;
@protocol OIDExternalUserAgentSession;
NS_ASSUME_NONNULL_BEGIN
/*! @brief Represents a block used to call an action with a fresh access token.
@param accessToken A valid access token if available.
@param idToken A valid ID token if available.
@param error The error if an error occurred.
*/
typedef void (^OIDAuthStateAction)(NSString *_Nullable accessToken,
NSString *_Nullable idToken,
NSError *_Nullable error);
/*! @brief The method called when the @c
OIDAuthState.authStateByPresentingAuthorizationRequest:presentingViewController:callback:
method has completed or failed.
@param authState The auth state, if the authorization request succeeded.
@param error The error if an error occurred.
*/
typedef void (^OIDAuthStateAuthorizationCallback)(OIDAuthState *_Nullable authState,
NSError *_Nullable error);
/*! @brief A convenience class that retains the auth state between @c OIDAuthorizationResponse%s
and @c OIDTokenResponse%s.
*/
@interface OIDAuthState : NSObject <NSSecureCoding>
/*! @brief The most recent refresh token received from the server.
@discussion Rather than using this property directly, you should call
@c OIDAuthState.performActionWithFreshTokens:.
@remarks refresh_token
@see https://tools.ietf.org/html/rfc6749#section-5.1
*/
@property(nonatomic, readonly, nullable) NSString *refreshToken;
/*! @brief The scope of the current authorization grant.
@discussion This represents the latest scope returned by the server and may be a subset of the
scope that was initially granted.
@remarks scope
*/
@property(nonatomic, readonly, nullable) NSString *scope;
/*! @brief The most recent authorization response used to update the authorization state. For the
implicit flow, this will contain the latest access token.
*/
@property(nonatomic, readonly) OIDAuthorizationResponse *lastAuthorizationResponse;
/*! @brief The most recent token response used to update this authorization state. This will
contain the latest access token.
*/
@property(nonatomic, readonly, nullable) OIDTokenResponse *lastTokenResponse;
/*! @brief The most recent registration response used to update this authorization state. This will
contain the latest client credentials.
*/
@property(nonatomic, readonly, nullable) OIDRegistrationResponse *lastRegistrationResponse;
/*! @brief The authorization error that invalidated this @c OIDAuthState.
@discussion The authorization error encountered by @c OIDAuthState or set by the user via
@c OIDAuthState.updateWithAuthorizationError: that invalidated this @c OIDAuthState.
Authorization errors from @c OIDAuthState will always have a domain of
@c ::OIDOAuthAuthorizationErrorDomain or @c ::OIDOAuthTokenErrorDomain. Note: that after
unarchiving the @c OIDAuthState object, the \NSError_userInfo property of this error will
be nil.
*/
@property(nonatomic, readonly, nullable) NSError *authorizationError;
/*! @brief Returns YES if the authorization state is not known to be invalid.
@discussion Returns YES if no OAuth errors have been received, and the last call resulted in a
successful access token or id token. This does not mean that the access is fresh - just
that it was valid the last time it was used. Note that network and other transient errors
do not invalidate the authorized state. If NO, you should authenticate the user again,
using a fresh authorization request. Invalid @c OIDAuthState objects may still be useful in
that case, to hint at the previously authorized user and streamline the re-authentication
experience.
*/
@property(nonatomic, readonly) BOOL isAuthorized;
/*! @brief The @c OIDAuthStateChangeDelegate delegate.
@discussion Use the delegate to observe state changes (and update storage) as well as error
states.
*/
@property(nonatomic, weak, nullable) id<OIDAuthStateChangeDelegate> stateChangeDelegate;
/*! @brief The @c OIDAuthStateErrorDelegate delegate.
@discussion Use the delegate to observe state changes (and update storage) as well as error
states.
*/
@property(nonatomic, weak, nullable) id<OIDAuthStateErrorDelegate> errorDelegate;
/*! @brief Convenience method to create a @c OIDAuthState by presenting an authorization request
and performing the authorization code exchange in the case of code flow requests. For
the hybrid flow, the caller should validate the id_token and c_hash, then perform the token
request (@c OIDAuthorizationService.performTokenRequest:callback:)
and update the OIDAuthState with the results (@c
OIDAuthState.updateWithTokenResponse:error:).
@param authorizationRequest The authorization request to present.
@param externalUserAgent A external user agent that can present an external user-agent request.
@param callback The method called when the request has completed or failed.
@return A @c OIDExternalUserAgentSession instance which will terminate when it
receives a @c OIDExternalUserAgentSession.cancel message, or after processing a
@c OIDExternalUserAgentSession.resumeExternalUserAgentFlowWithURL: message.
*/
+ (id<OIDExternalUserAgentSession>)
authStateByPresentingAuthorizationRequest:(OIDAuthorizationRequest *)authorizationRequest
externalUserAgent:(id<OIDExternalUserAgent>)externalUserAgent
callback:(OIDAuthStateAuthorizationCallback)callback;
/*! @internal
@brief Unavailable. Please use @c initWithAuthorizationResponse:.
*/
- (instancetype)init NS_UNAVAILABLE;
/*! @brief Creates an auth state from an authorization response.
@param authorizationResponse The authorization response.
*/
- (instancetype)initWithAuthorizationResponse:(OIDAuthorizationResponse *)authorizationResponse;
/*! @brief Creates an auth state from an authorization and token response.
@param authorizationResponse The authorization response.
@param tokenResponse The token response.
*/
- (instancetype)initWithAuthorizationResponse:(OIDAuthorizationResponse *)authorizationResponse
tokenResponse:(nullable OIDTokenResponse *)tokenResponse;
/*! @brief Creates an auth state from an registration response.
@param registrationResponse The registration response.
*/
- (instancetype)initWithRegistrationResponse:(OIDRegistrationResponse *)registrationResponse;
/*! @brief Creates an auth state from an authorization, token and registration response.
@param authorizationResponse The authorization response.
@param tokenResponse The token response.
@param registrationResponse The registration response.
*/
- (instancetype)initWithAuthorizationResponse:
(nullable OIDAuthorizationResponse *)authorizationResponse
tokenResponse:(nullable OIDTokenResponse *)tokenResponse
registrationResponse:(nullable OIDRegistrationResponse *)registrationResponse
NS_DESIGNATED_INITIALIZER;
/*! @brief Updates the authorization state based on a new authorization response.
@param authorizationResponse The new authorization response to update the state with.
@param error Any error encountered when performing the authorization request. Errors in the
domain @c ::OIDOAuthAuthorizationErrorDomain are reflected in the auth state, other errors
are assumed to be transient, and ignored.
@discussion Typically called with the response from an incremental authorization request,
or if using the implicit flow. Will clear the @c #lastTokenResponse property.
*/
- (void)updateWithAuthorizationResponse:(nullable OIDAuthorizationResponse *)authorizationResponse
error:(nullable NSError *)error;
/*! @brief Updates the authorization state based on a new token response.
@param tokenResponse The new token response to update the state from.
@param error Any error encountered when performing the authorization request. Errors in the
domain @c ::OIDOAuthTokenErrorDomain are reflected in the auth state, other errors
are assumed to be transient, and ignored.
@discussion Typically called with the response from an authorization code exchange, or a token
refresh.
*/
- (void)updateWithTokenResponse:(nullable OIDTokenResponse *)tokenResponse
error:(nullable NSError *)error;
/*! @brief Updates the authorization state based on a new registration response.
@param registrationResponse The new registration response to update the state with.
@discussion Typically called with the response from a successful client registration
request. Will reset the auth state.
*/
- (void)updateWithRegistrationResponse:(nullable OIDRegistrationResponse *)registrationResponse;
/*! @brief Updates the authorization state based on an authorization error.
@param authorizationError The authorization error.
@discussion Call this method if you receive an authorization error during an API call to
invalidate the authentication state of this @c OIDAuthState. Don't call with errors
unrelated to authorization, such as transient network errors.
The OIDAuthStateErrorDelegate.authState:didEncounterAuthorizationError: method of
@c #errorDelegate will be called with the error.
You may optionally use the convenience method
OIDErrorUtilities.resourceServerAuthorizationErrorWithCode:errorResponse:underlyingError:
to create \NSError objects for use here.
The latest error received is stored in @c #authorizationError. Note: that after unarchiving
this object, the \NSError_userInfo property of this error will be nil.
*/
- (void)updateWithAuthorizationError:(NSError *)authorizationError;
/*! @brief Calls the block with a valid access token (refreshing it first, if needed), or if a
refresh was needed and failed, with the error that caused it to fail.
@param action The block to execute with a fresh token. This block will be executed on the main
thread.
*/
- (void)performActionWithFreshTokens:(OIDAuthStateAction)action;
/*! @brief Calls the block with a valid access token (refreshing it first, if needed), or if a
refresh was needed and failed, with the error that caused it to fail.
@param action The block to execute with a fresh token. This block will be executed on the main
thread.
@param additionalParameters Additional parameters for the token request if token is
refreshed.
*/
- (void)performActionWithFreshTokens:(OIDAuthStateAction)action
additionalRefreshParameters:
(nullable NSDictionary<NSString *, NSString *> *)additionalParameters;
/*! @brief Calls the block with a valid access token (refreshing it first, if needed), or if a
refresh was needed and failed, with the error that caused it to fail.
@param action The block to execute with a fresh token. This block will be executed on the main
thread.
@param additionalParameters Additional parameters for the token request if token is
refreshed.
@param dispatchQueue The dispatchQueue on which to dispatch the action block.
*/
- (void)performActionWithFreshTokens:(OIDAuthStateAction)action
additionalRefreshParameters:
(nullable NSDictionary<NSString *, NSString *> *)additionalParameters
dispatchQueue:(dispatch_queue_t)dispatchQueue;
/*! @brief Forces a token refresh the next time @c OIDAuthState.performActionWithFreshTokens: is
called, even if the current tokens are considered valid.
*/
- (void)setNeedsTokenRefresh;
/*! @brief Creates a token request suitable for refreshing an access token.
@return A @c OIDTokenRequest suitable for using a refresh token to obtain a new access token.
@discussion After performing the refresh, call @c OIDAuthState.updateWithTokenResponse:error:
to update the authorization state based on the response. Rather than doing the token refresh
yourself, you should use @c OIDAuthState.performActionWithFreshTokens:.
@see https://tools.ietf.org/html/rfc6749#section-1.5
*/
- (nullable OIDTokenRequest *)tokenRefreshRequest;
/*! @brief Creates a token request suitable for refreshing an access token.
@param additionalParameters Additional parameters for the token request.
@return A @c OIDTokenRequest suitable for using a refresh token to obtain a new access token.
@discussion After performing the refresh, call @c OIDAuthState.updateWithTokenResponse:error:
to update the authorization state based on the response. Rather than doing the token refresh
yourself, you should use @c OIDAuthState.performActionWithFreshTokens:.
@see https://tools.ietf.org/html/rfc6749#section-1.5
*/
- (nullable OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters:
(nullable NSDictionary<NSString *, NSString *> *)additionalParameters;
@end
NS_ASSUME_NONNULL_END

@ -0,0 +1,570 @@
/*! @file OIDAuthState.m
@brief AppAuth iOS SDK
@copyright
Copyright 2015 Google Inc. All Rights Reserved.
@copydetails
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import "OIDAuthState.h"
#import "OIDAuthStateChangeDelegate.h"
#import "OIDAuthStateErrorDelegate.h"
#import "OIDAuthorizationRequest.h"
#import "OIDAuthorizationResponse.h"
#import "OIDAuthorizationService.h"
#import "OIDDefines.h"
#import "OIDError.h"
#import "OIDErrorUtilities.h"
#import "OIDRegistrationResponse.h"
#import "OIDTokenRequest.h"
#import "OIDTokenResponse.h"
#import "OIDTokenUtilities.h"
/*! @brief Key used to encode the @c refreshToken property for @c NSSecureCoding.
*/
static NSString *const kRefreshTokenKey = @"refreshToken";
/*! @brief Key used to encode the @c needsTokenRefresh property for @c NSSecureCoding.
*/
static NSString *const kNeedsTokenRefreshKey = @"needsTokenRefresh";
/*! @brief Key used to encode the @c scope property for @c NSSecureCoding.
*/
static NSString *const kScopeKey = @"scope";
/*! @brief Key used to encode the @c lastAuthorizationResponse property for @c NSSecureCoding.
*/
static NSString *const kLastAuthorizationResponseKey = @"lastAuthorizationResponse";
/*! @brief Key used to encode the @c lastTokenResponse property for @c NSSecureCoding.
*/
static NSString *const kLastTokenResponseKey = @"lastTokenResponse";
/*! @brief Key used to encode the @c lastOAuthError property for @c NSSecureCoding.
*/
static NSString *const kAuthorizationErrorKey = @"authorizationError";
/*! @brief The exception thrown when a developer tries to create a refresh request from an
authorization request with no authorization code.
*/
static NSString *const kRefreshTokenRequestException =
@"Attempted to create a token refresh request from a token response with no refresh token.";
/*! @brief Number of seconds the access token is refreshed before it actually expires.
*/
static const NSUInteger kExpiryTimeTolerance = 60;
/*! @brief Object to hold OIDAuthState pending actions.
*/
@interface OIDAuthStatePendingAction : NSObject
@property(nonatomic, readonly, nullable) OIDAuthStateAction action;
@property(nonatomic, readonly, nullable) dispatch_queue_t dispatchQueue;
@end
@implementation OIDAuthStatePendingAction
- (id)initWithAction:(OIDAuthStateAction)action andDispatchQueue:(dispatch_queue_t)dispatchQueue {
self = [super init];
if (self) {
_action = action;
_dispatchQueue = dispatchQueue;
}
return self;
}
@end
@interface OIDAuthState ()
/*! @brief The access token generated by the authorization server.
@discussion Rather than using this property directly, you should call
@c OIDAuthState.withFreshTokenPerformAction:.
*/
@property(nonatomic, readonly, nullable) NSString *accessToken;
/*! @brief The approximate expiration date & time of the access token.
@discussion Rather than using this property directly, you should call
@c OIDAuthState.withFreshTokenPerformAction:.
*/
@property(nonatomic, readonly, nullable) NSDate *accessTokenExpirationDate;
/*! @brief ID Token value associated with the authenticated session.
@discussion Rather than using this property directly, you should call
OIDAuthState.withFreshTokenPerformAction:.
*/
@property(nonatomic, readonly, nullable) NSString *idToken;
/*! @brief Private method, called when the internal state changes.
*/
- (void)didChangeState;
@end
@implementation OIDAuthState {
/*! @brief Array of pending actions (use @c _pendingActionsSyncObject to synchronize access).
*/
NSMutableArray *_pendingActions;
/*! @brief Object for synchronizing access to @c pendingActions.
*/
id _pendingActionsSyncObject;
/*! @brief If YES, tokens will be refreshed on the next API call regardless of expiry.
*/
BOOL _needsTokenRefresh;
}
#pragma mark - Convenience initializers
+ (id<OIDExternalUserAgentSession>)
authStateByPresentingAuthorizationRequest:(OIDAuthorizationRequest *)authorizationRequest
externalUserAgent:(id<OIDExternalUserAgent>)externalUserAgent
callback:(OIDAuthStateAuthorizationCallback)callback {
// presents the authorization request
id<OIDExternalUserAgentSession> authFlowSession = [OIDAuthorizationService
presentAuthorizationRequest:authorizationRequest
externalUserAgent:externalUserAgent
callback:^(OIDAuthorizationResponse *_Nullable authorizationResponse,
NSError *_Nullable authorizationError) {
// inspects response and processes further if needed (e.g. authorization
// code exchange)
if (authorizationResponse) {
if ([authorizationRequest.responseType
isEqualToString:OIDResponseTypeCode]) {
// if the request is for the code flow (NB. not hybrid), assumes the
// code is intended for this client, and performs the authorization
// code exchange
OIDTokenRequest *tokenExchangeRequest =
[authorizationResponse tokenExchangeRequest];
[OIDAuthorizationService performTokenRequest:tokenExchangeRequest
originalAuthorizationResponse:authorizationResponse
callback:^(OIDTokenResponse *_Nullable tokenResponse,
NSError *_Nullable tokenError) {
OIDAuthState *authState;
if (tokenResponse) {
authState = [[OIDAuthState alloc]
initWithAuthorizationResponse:
authorizationResponse
tokenResponse:tokenResponse];
}
callback(authState, tokenError);
}];
} else {
// hybrid flow (code id_token). Two possible cases:
// 1. The code is not for this client, ie. will be sent to a
// webservice that performs the id token verification and token
// exchange
// 2. The code is for this client and, for security reasons, the
// application developer must verify the id_token signature and
// c_hash before calling the token endpoint
OIDAuthState *authState = [[OIDAuthState alloc]
initWithAuthorizationResponse:authorizationResponse];
callback(authState, authorizationError);
}
} else {
callback(nil, authorizationError);
}
}];
return authFlowSession;
}
#pragma mark - Initializers
- (nonnull instancetype)init
OID_UNAVAILABLE_USE_INITIALIZER(@selector(initWithAuthorizationResponse:tokenResponse:))
/*! @brief Creates an auth state from an authorization response.
@param authorizationResponse The authorization response.
*/
- (instancetype)initWithAuthorizationResponse:(OIDAuthorizationResponse *)authorizationResponse {
return [self initWithAuthorizationResponse:authorizationResponse tokenResponse:nil];
}
/*! @brief Designated initializer.
@param authorizationResponse The authorization response.
@discussion Creates an auth state from an authorization response and token response.
*/
- (instancetype)initWithAuthorizationResponse:(OIDAuthorizationResponse *)authorizationResponse
tokenResponse:(nullable OIDTokenResponse *)tokenResponse {
return [self initWithAuthorizationResponse:authorizationResponse
tokenResponse:tokenResponse
registrationResponse:nil];
}
/*! @brief Creates an auth state from an registration response.
@param registrationResponse The registration response.
*/
- (instancetype)initWithRegistrationResponse:(OIDRegistrationResponse *)registrationResponse {
return [self initWithAuthorizationResponse:nil
tokenResponse:nil
registrationResponse:registrationResponse];
}
- (instancetype)initWithAuthorizationResponse:
(nullable OIDAuthorizationResponse *)authorizationResponse
tokenResponse:(nullable OIDTokenResponse *)tokenResponse
registrationResponse:(nullable OIDRegistrationResponse *)registrationResponse {
self = [super init];
if (self) {
_pendingActionsSyncObject = [[NSObject alloc] init];
if (registrationResponse) {
[self updateWithRegistrationResponse:registrationResponse];
}
if (authorizationResponse) {
[self updateWithAuthorizationResponse:authorizationResponse error:nil];
}
if (tokenResponse) {
[self updateWithTokenResponse:tokenResponse error:nil];
}
}
return self;
}
#pragma mark - NSObject overrides
- (NSString *)description {
return [NSString stringWithFormat:@"<%@: %p, isAuthorized: %@, refreshToken: \"%@\", "
"scope: \"%@\", accessToken: \"%@\", "
"accessTokenExpirationDate: %@, idToken: \"%@\", "
"lastAuthorizationResponse: %@, lastTokenResponse: %@, "
"lastRegistrationResponse: %@, authorizationError: %@>",
NSStringFromClass([self class]),
(void *)self,
(self.isAuthorized) ? @"YES" : @"NO",
[OIDTokenUtilities redact:_refreshToken],
_scope,
[OIDTokenUtilities redact:self.accessToken],
self.accessTokenExpirationDate,
[OIDTokenUtilities redact:self.idToken],
_lastAuthorizationResponse,
_lastTokenResponse,
_lastRegistrationResponse,
_authorizationError];
}
#pragma mark - NSSecureCoding
+ (BOOL)supportsSecureCoding {
return YES;
}
- (instancetype)initWithCoder:(NSCoder *)aDecoder {
_lastAuthorizationResponse = [aDecoder decodeObjectOfClass:[OIDAuthorizationResponse class]
forKey:kLastAuthorizationResponseKey];
_lastTokenResponse = [aDecoder decodeObjectOfClass:[OIDTokenResponse class]
forKey:kLastTokenResponseKey];
self = [self initWithAuthorizationResponse:_lastAuthorizationResponse
tokenResponse:_lastTokenResponse];
if (self) {
_authorizationError =
[aDecoder decodeObjectOfClass:[NSError class] forKey:kAuthorizationErrorKey];
_scope = [aDecoder decodeObjectOfClass:[NSString class] forKey:kScopeKey];
_refreshToken = [aDecoder decodeObjectOfClass:[NSString class] forKey:kRefreshTokenKey];
_needsTokenRefresh = [aDecoder decodeBoolForKey:kNeedsTokenRefreshKey];
}
return self;
}
- (void)encodeWithCoder:(NSCoder *)aCoder {
[aCoder encodeObject:_lastAuthorizationResponse forKey:kLastAuthorizationResponseKey];
[aCoder encodeObject:_lastTokenResponse forKey:kLastTokenResponseKey];
if (_authorizationError) {
NSError *codingSafeAuthorizationError = [NSError errorWithDomain:_authorizationError.domain
code:_authorizationError.code
userInfo:nil];
[aCoder encodeObject:codingSafeAuthorizationError forKey:kAuthorizationErrorKey];
}
[aCoder encodeObject:_scope forKey:kScopeKey];
[aCoder encodeObject:_refreshToken forKey:kRefreshTokenKey];
[aCoder encodeBool:_needsTokenRefresh forKey:kNeedsTokenRefreshKey];
}
#pragma mark - Private convenience getters