Skip to content

[User model] JWT token handling #1187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 16, 2022
Merged

[User model] JWT token handling #1187

merged 2 commits into from
Dec 16, 2022

Conversation

@emawby
Copy link
Contributor

@emawby emawby commented Dec 14, 2022
edited
Loading

Description

One Line Summary

Using the JWT token for a user and adding the onJwtExpired method to User.

Details

  • Adding onJwtExpiredHandler to the User namespace
  • Adding the JWT token header to user requests that require it in the prepareForExecution method.
  • Note that firing the expired handler is not currently setup since we are not handling errors yet.

Motivation

Enable JWT authorization for users

Scope

User module

Testing

Unit testing

N/A

Manual testing

Running on dev app

Affected code checklist

  • Notifications
    • Display
    • Open
    • Push Processing
    • Confirm Deliveries
  • Outcomes
  • Sessions
  • In-App Messaging
  • REST API requests
  • Public API changes

Checklist

Overview

  • I have filled out all REQUIRED sections above
  • PR does one thing
    • If it is hard to explain how any codes changes are related to each other then it most likely needs to be more than one PR
  • Any Public API changes are explained in the PR details and conform to existing APIs

Testing

  • I have included test coverage for these changes, or explained why they are not needed
  • All automated tests pass, or I explained why that is not possible
  • I have personally tested this on my device, or explained why that is not possible

Final pass

  • Code is as readable as possible.
    • Simplify with less code, followed by splitting up code into well named functions and variables, followed by adding comments to the code.
  • I have reviewed this PR myself, ensuring it meets each checklist item
    • WIP (Work In Progress) is ok, but explain what is still in progress and what you would like feedback on. Start the PR title with "WIP" to indicate this.

This change is Reviewable

@emawby
add onJwtExpired method
a4d4e8f 
This method takes a closure from the developer. The closure will be called when the Jwt token expires. The closure takes the externalId that is associated with the expired token as well as a completion block. The completion block should be called the app developer with the new jwt token for that user.
@emawby emawby added the WIP Work In Progress label Dec 14, 2022
Base automatically changed from user_model/distribution_fixes to major_release_5.0.0 December 14, 2022 18:05
@emawby emawby requested a review from nan-li December 14, 2022 18:05
@emawby emawby changed the title WiP [User model] JWT token handling [User model] JWT token handling Dec 14, 2022
@emawby emawby force-pushed the user_model/jwt_token_handling branch from 6379734 to e4d4512 Compare December 14, 2022 19:32
fhboswell
fhboswell requested changes Dec 14, 2022
View reviewed changes
iOS_SDK/OneSignalSDK/OneSignalUser/Source/OSIdentityModel.swift
var aliases: [String: String] = [:]

// TODO: We need to make this token secure
public var jwtBearerToken: String?
Copy link
Contributor

@fhboswell fhboswell Dec 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keychain?

Copy link
Member

@jkasten2 jkasten2 Dec 14, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keychain normally isn't used for JWT. JWTs are designed to be short lived (normally 1 hour), so I don't think we need to do anything extra to secure it.

iOS_SDK/OneSignalSDK/OneSignalUser/Source/OSUserRequests.swift
internal extension OneSignalRequest {
func addJWTHeader(identityModel: OSIdentityModel) {
guard let token = identityModel.jwtBearerToken else {
return
Copy link
Contributor

@fhboswell fhboswell Dec 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May be good to have some message logged here

iOS_SDK/OneSignalSDK/OneSignalUser/Source/OneSignalUserManagerImpl.swift
}


private func fireJwtExpired() {
Copy link
Contributor

@fhboswell fhboswell Dec 14, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JWT jwt and Jwt are used I suggest removing Jwt and sticking with the other two

Copy link
Member

@jkasten2 jkasten2 Dec 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fhboswell there is jwt and Jwt being used as we are using camelcase. We could use JWT, but probably a bit easier to read as camelcase.

Copy link
Contributor

@fhboswell fhboswell Dec 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jkasten2
Jwt if fine if it is preferred however I think we should be consistent. We use JWT in OSUserRequest as part of this PR.

func addJWTHeader(identityModel: OSIdentityModel) {

Copy link
Member

@jkasten2 jkasten2 Dec 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see, yes we should address that in another PR @emawby @nan-li

jkasten2
jkasten2 approved these changes Dec 14, 2022
View reviewed changes
iOS_SDK/OneSignalSDK/OneSignalUser/Source/OneSignalUserManagerImpl.swift
}


private func fireJwtExpired() {
Copy link
Member

@jkasten2 jkasten2 Dec 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fhboswell there is jwt and Jwt being used as we are using camelcase. We could use JWT, but probably a bit easier to read as camelcase.

iOS_SDK/OneSignalSDK/OneSignalUser/Source/OSIdentityModel.swift
var aliases: [String: String] = [:]

// TODO: We need to make this token secure
public var jwtBearerToken: String?
Copy link
Member

@jkasten2 jkasten2 Dec 14, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keychain normally isn't used for JWT. JWTs are designed to be short lived (normally 1 hour), so I don't think we need to do anything extra to secure it.

@emawby emawby merged commit dd3d890 into major_release_5.0.0 Dec 16, 2022
@emawby emawby deleted the user_model/jwt_token_handling branch December 16, 2022 17:51
nan-li pushed a commit that referenced this pull request Oct 30, 2023
@emawby @nan-li
Merge pull request #1187 from OneSignal/user_model/jwt_token_handling
81733a0 
[User model] JWT token handling
nan-li pushed a commit that referenced this pull request Oct 30, 2023
@emawby @nan-li
Merge pull request #1187 from OneSignal/user_model/jwt_token_handling
204b68b 
[User model] JWT token handling
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkasten2 jkasten2 jkasten2 approved these changes

@fhboswell fhboswell fhboswell requested changes

@nan-li nan-li Awaiting requested review from nan-li

@jennantilla jennantilla Awaiting requested review from jennantilla

Assignees

No one assigned

Labels

WIP Work In Progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@emawby @jkasten2 @fhboswell