kickstarter · amy-at-kickstarter · Feb 7, 2024 · Feb 6, 2024 · amy-at-kickstarter · Feb 6, 2024
diff --git a/Kickstarter-iOS/Features/LoginTout/Controller/LoginToutViewController.swift b/Kickstarter-iOS/Features/LoginTout/Controller/LoginToutViewController.swift
@@ -402,14 +402,7 @@ public final class LoginToutViewController: UIViewController, MFMailComposeViewC
   }
 
   fileprivate func pushLoginViewController() {
-    if featureLoginWithOAuthEnabled() {
-      let session = ASWebAuthenticationSession(
-        url: OAuth.authorizationURL(),
-        callbackURLScheme: OAuth.redirectScheme
-      ) { _, _ in
-        // TODO: MBL-1159: Get required information from the callback; call mutation to login.
-      }
-
+    if featureLoginWithOAuthEnabled(), let session = OAuth.createAuthorizationSession() {
       session.presentationContextProvider = self
       session.start()
     } else {

diff --git a/KsApi/PKCE.swift b/KsApi/PKCE.swift
@@ -61,7 +61,7 @@ public extension Data {
 /// See this documentation for more details: https://www.oauth.com/oauth2-servers/mobile-and-native-apps/authorization/
 public struct PKCE {
   /// Creates a random alphanumeric string of the specified length
-  static func createCodeVerifier(byteLength length: Int) throws -> String {
+  public static func createCodeVerifier(byteLength length: Int) throws -> String {
     do {
       var buffer = Data(count: length)
       try buffer.fillWithRandomSecureBytes()
@@ -72,7 +72,7 @@ public struct PKCE {
   }
 
   /// Creates a base-64 encoded SHA256 hash of the given string.
-  static func createCodeChallenge(fromVerifier verifier: String) throws -> String {
+  public static func createCodeChallenge(fromVerifier verifier: String) throws -> String {
     guard let stringData = verifier.data(using: .utf8) else {
       throw PKCEError.UnexpectedRuntimeError
     }

diff --git a/Library/OAuth.swift b/Library/OAuth.swift
@@ -1,12 +1,52 @@
+import AuthenticationServices
 import Foundation
+import KsApi
 
 public struct OAuth {
   public init() {}
 
-  public static let redirectScheme = "ksrauth2"
-  public static func authorizationURL() -> URL {
-    let base = AppEnvironment.current.apiService.serverConfig.webBaseUrl
-    // TODO: MBL-1159: This will take URL parameters, as defined in the ticket, for PKCE
-    return base
+  static let redirectScheme = "ksrauth2"
+
+  static func authorizationURL(withCodeChallenge challenge: String) -> URL? {
+    let serverConfig = AppEnvironment.current.apiService.serverConfig
+    let baseURL = serverConfig.webBaseUrl
+
+    let parameters = [
+      URLQueryItem(name: "redirect_uri", value: redirectScheme),
+      URLQueryItem(name: "response_type", value: "code"),
+      URLQueryItem(name: "scope", value: "email"),
+      URLQueryItem(name: "client_id", value: serverConfig.apiClientAuth.clientId),
+      URLQueryItem(name: "code_challenge_method", value: "S256"),
+      URLQueryItem(name: "code_challenge", value: challenge)
+    ]
+
+    var components = URLComponents(url: baseURL, resolvingAgainstBaseURL: false)
+    components?.path = "/oauth/authorizations/new"
+    components?.queryItems = parameters
+
+    return components?.url
+  }
+
+  public static func createAuthorizationSession() -> ASWebAuthenticationSession? {
+    do {
+      let verifier = try PKCE.createCodeVerifier(byteLength: 32)
+      let challenge = try PKCE.createCodeChallenge(fromVerifier: verifier)
+      guard let url = authorizationURL(withCodeChallenge: challenge) else {
+        return nil
+      }
+
+      let session = ASWebAuthenticationSession(
+        url: url,
+        callbackURLScheme: OAuth.redirectScheme
+      ) { _, _ in
+        // TODO: MBL-1159: Exchange information in callback for credentials, then login.
+      }
+
+      return session
+
+    } catch {
+      // TODO: Is there a way we can log/monitor these errors?
+      return nil
+    }
   }
 }