Skip to content
OCLC Mobile Authentication iOS App Example
Objective-C
Find file
Latest commit c00d31d @campbelg campbelg Update README.md

README.md

OCLC Mobile Authentication iOS App Example

This sample iOS Application demonstrates how to authenticate an OCLC user to obtain an access token.

A use case would be to allow a library patron to view their checked out items, place holds or renew materials on an iPhone or iPad.

A tutorial explaining this application's code in detail is available here.

Installation

$ git clone https://github.com/OCLC-Developer-Network/oclc-auth-ios.git

Open the library using XCode 5.

Usage

Set the authentication parameters in the authentication.plist file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>authenticatingServerBaseUrl</key>
        <string>https://authn.sd00.worldcat.org/oauth2</string>
        <key>wskey</key>
        <string></string>
        <key>authenticatingInstitutionId</key>
        <string></string>
        <key>contextInstitutionId</key>
        <string></string>
        <key>redirectUrl</key>
        <string></string>
        <key>scopes</key>
        <string></string>
        <key>responseType</key>
        <string>token</string>
    </dict>
</plist>
  • wskey - the public key that identifies the client
  • authenticatingInstitution - the institution that is responsible for authenticating the user.
  • contextInstitution – the institution’s whose data the client is requesting access to.
  • redirectUrl – the url the authorization server should redirect the user to after login. For mobile flow, this should be a non-http reference unique to your application, such as oclcApp://user_agent_flow.
  • scopes – the service(s) that the client is requesting access to. Multiple scopes are separated by a space. Note that adding "refresh_token" to the list of scopes causes a refresh token to be issued.
  • responseType - should be "token"

To request or manage web service keys, use OCLC Service Configuration.

To learn more about authentication and access tokens, see this article on Mobile Flow from the OCLC Developer Network.

Example 1 - Get an access token

  1. The sample app will assemble this request and send it to the OCLC server.
    https://authn.sd00.worldcat.org/oauth2/authorizeCode?
    client_id={a valid wskey}
    &authenticatingInstitutionId=128807
    &contextInstitutionId=128807
    &redirect_uri=oclcApp%3A%2F%2Fuser_agent_flow
    &response_type=token
    &scope=WMS_NCIP
    
  2. The client will be prompted to sign in with a userid and password.
  3. A service authorization page will list the scopes requested and ask the user if they will allow it.
  4. The client will receive an access token.
    {
        "access_token" = "tk_U13DrzOHW8eep3jvwIpNX2rDcfuhvetNbrFm";
        "context_institution_id" = 128807;
        "expires_at" = "2014-01-05%2011:57:26Z";
        "expires_in" = 1199;
        principalID = "{your principalID}";
        principalIDNS = "{your principalIDNS}";
        "token_type" = bearer;
    }
    
  5. This access token can now be used to make requests against the scoped OCLC services until it expires, typically in 20 minutes.

Example 2 - Get a refresh token

Currently a refresh token can only get an authentication token by making an HMAC request. However, you cannot make an HMAC request from a mobile device because that would require storing the key and the secret in the device, which is unsafe and insecure. So for now, it is not recommended to use refresh tokens for mobile devices to access OCLC services.

  1. Add "refresh_token" to the list of scopes (each scope is separated with a single space) in the authenticationList.plist file. The app will then make a request similar to this:

    https://authn.sd00.worldcat.org/oauth2/authorizeCode?
    client_id={a valid wskey}
    &authenticatingInstitutionId=128807
    &contextInstitutionId=128807
    &redirect_uri=oclcApp%3A%2F%2Fuser_agent_flow
    &response_type=token
    &scope=WMS_NCIP%20refresh_token
    

  2. The client will be prompted to sign in with a userid and password.
  3. A service authorization page will list the scopes requested and ask the user if they will allow it.
  4. The client will receive an access token.

    {
        "access_token" = "tk_nd4GoLXjFcAabig2AJzOMpzhPkI2LFZtbLD6";
        "context_institution_id" = 128807;
        "expires_at" = "2014-01-05%2012:07:09Z";
        "expires_in" = 1199;
        principalID = "{your principalID}";
        principalIDNS = "{your principalIDNS}";
        "refresh_token" = "rt_nucaPASHXXZ3L2F6vNYucr2xudlKfnc8v8si";
        "refresh_token_expires_at" = "2014-01-12%2011:47:09Z";
        "refresh_token_expires_in" = 604799;
        "token_type" = bearer;
    }
    

  5. The refresh token can then be used to request an access token, as described in the OCLC Developer Network documentation.
Something went wrong with that request. Please try again.