Use openid profile email as the default scope value [SDK-2926] (#540)

auth0 · Nov 10, 2021 · 0706663 · 0706663
1 parent 2194045
commit 0706663
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 177 deletions.
diff --git a/Auth0/Auth0.swift b/Auth0/Auth0.swift
@@ -1,5 +1,10 @@
 import Foundation
 
+/**
+ Default scope value used across Auth0.swift
+ */
+public let defaultScope = "openid profile email"
+
 /**
  Auth0 Authentication API to authenticate your user using a Database, Social, Enterprise or Passwordless connections
 

diff --git a/Auth0/Auth0Authentication.swift b/Auth0/Auth0Authentication.swift
@@ -19,11 +19,11 @@ struct Auth0Authentication: Authentication {
         self.telemetry = telemetry
     }
 
-    func login(email username: String, code otp: String, audience: String?, scope: String?) -> Request<Credentials, AuthenticationError> {
+    func login(email username: String, code otp: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         return login(username: username, otp: otp, realm: "email", audience: audience, scope: scope)
     }
 
-    func login(phoneNumber username: String, code otp: String, audience: String?, scope: String?) -> Request<Credentials, AuthenticationError> {
+    func login(phoneNumber username: String, code otp: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         return login(username: username, otp: otp, realm: "sms", audience: audience, scope: scope)
     }
 
@@ -49,7 +49,7 @@ struct Auth0Authentication: Authentication {
                        telemetry: self.telemetry)
     }
 
-    func login(usernameOrEmail username: String, password: String, realm: String, audience: String?, scope: String?) -> Request<Credentials, AuthenticationError> {
+    func login(usernameOrEmail username: String, password: String, realm: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         let resourceOwner = URL(string: "/oauth/token", relativeTo: self.url)!
         var payload: [String: Any] = [
             "username": username,
@@ -69,7 +69,7 @@ struct Auth0Authentication: Authentication {
                        telemetry: self.telemetry)
     }
 
-    func loginDefaultDirectory(withUsername username: String, password: String, audience: String? = nil, scope: String? = nil) -> Request<Credentials, AuthenticationError> {
+    func loginDefaultDirectory(withUsername username: String, password: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         let resourceOwner = URL(string: "/oauth/token", relativeTo: self.url)!
         var payload: [String: Any] = [
             "username": username,
@@ -169,7 +169,7 @@ struct Auth0Authentication: Authentication {
                        telemetry: self.telemetry)
     }
 
-    func login(appleAuthorizationCode authorizationCode: String, fullName: PersonNameComponents?, profile: [String: Any]?, scope: String?, audience: String?) -> Request<Credentials, AuthenticationError> {
+    func login(appleAuthorizationCode authorizationCode: String, fullName: PersonNameComponents?, profile: [String: Any]?, audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         var parameters: [String: Any] = [:]
         var profile: [String: Any] = profile ?? [:]
 
@@ -192,7 +192,7 @@ struct Auth0Authentication: Authentication {
                                   parameters: parameters)
     }
 
-    func login(facebookSessionAccessToken sessionAccessToken: String, profile: [String: Any], scope: String?, audience: String?) -> Request<Credentials, AuthenticationError> {
+    func login(facebookSessionAccessToken sessionAccessToken: String, profile: [String: Any],  audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         var parameters: [String: String] = [:]
         if let jsonData = try? JSONSerialization.data(withJSONObject: profile, options: []),
             let json = String(data: jsonData, encoding: .utf8) {
@@ -367,7 +367,7 @@ struct Auth0Authentication: Authentication {
     }
 
     func tokenExchange(withAppleAuthorizationCode authCode: String, scope: String?, audience: String?, fullName: PersonNameComponents?) -> Request<Credentials, AuthenticationError> {
-        return self.login(appleAuthorizationCode: authCode, fullName: fullName, scope: scope, audience: audience)
+        return self.login(appleAuthorizationCode: authCode, fullName: fullName, audience: audience, scope: scope ?? defaultScope)
     }
 
     func renew(withRefreshToken refreshToken: String, scope: String? = nil) -> Request<Credentials, AuthenticationError> {
@@ -433,7 +433,7 @@ struct Auth0Authentication: Authentication {
 // MARK: - Private Methods
 
 private extension Auth0Authentication {
-    func login(username: String, otp: String, realm: String, audience: String?, scope: String?) -> Request<Credentials, AuthenticationError> {
+    func login(username: String, otp: String, realm: String, audience: String?, scope: String) -> Request<Credentials, AuthenticationError> {
         let url = URL(string: "/oauth/token", relativeTo: self.url)!
         var payload: [String: Any] = [
             "username": username,
@@ -442,26 +442,18 @@ private extension Auth0Authentication {
             "grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp",
             "client_id": self.clientId
         ]
-        if let audience = audience {
-            payload["audience"] = audience
-        }
-        if let scope = scope {
-            payload["scope"] = scope
-        }
+        payload["audience"] = audience
+        payload["scope"] = scope
         return Request(session: session, url: url, method: "POST", handle: authenticationObject, payload: payload, logger: self.logger, telemetry: self.telemetry)
     }
 
-    func tokenExchange(subjectToken: String, subjectTokenType: String, scope: String?, audience: String?, parameters: [String: Any]?) -> Request<Credentials, AuthenticationError> {
+    func tokenExchange(subjectToken: String, subjectTokenType: String, scope: String, audience: String?, parameters: [String: Any]?) -> Request<Credentials, AuthenticationError> {
         var parameters: [String: Any] = parameters ?? [:]
         parameters["grant_type"] = "urn:ietf:params:oauth:grant-type:token-exchange"
         parameters["subject_token"] = subjectToken
         parameters["subject_token_type"] = subjectTokenType
-        if let scope = scope {
-            parameters["scope"] = scope
-        }
-        if let audience = audience {
-            parameters["audience"] = audience
-        }
+        parameters["audience"] = audience
+        parameters["scope"] = scope
         return self.tokenExchange().parameters(parameters)
     }
 }
diff --git a/Auth0/Auth0WebAuth.swift b/Auth0/Auth0WebAuth.swift
@@ -188,10 +188,10 @@ final class Auth0WebAuth: WebAuth {
         var items: [URLQueryItem] = []
         var entries = defaults
 
+        entries["scope"] = defaultScope
         entries["client_id"] = self.clientId
+        entries["response_type"] = self.responseType
         entries["redirect_uri"] = redirectURL.absoluteString
-        entries["response_type"] = responseType
-        entries["scope"] = requiredScope // TODO: Change when setting the new default scope
         entries["state"] = state
         entries["nonce"] = nonce
         entries["organization"] = organization