-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
MBL-1158: Set up correct URLs for OAuth authorization endpoint #1935
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,52 @@ | ||
import AuthenticationServices | ||
import Foundation | ||
import KsApi | ||
|
||
public struct OAuth { | ||
public init() {} | ||
|
||
public static let redirectScheme = "ksrauth2" | ||
public static func authorizationURL() -> URL { | ||
let base = AppEnvironment.current.apiService.serverConfig.webBaseUrl | ||
// TODO: MBL-1159: This will take URL parameters, as defined in the ticket, for PKCE | ||
return base | ||
static let redirectScheme = "ksrauth2" | ||
|
||
static func authorizationURL(withCodeChallenge challenge: String) -> URL? { | ||
let serverConfig = AppEnvironment.current.apiService.serverConfig | ||
let baseURL = serverConfig.webBaseUrl | ||
|
||
let parameters = [ | ||
URLQueryItem(name: "redirect_uri", value: redirectScheme), | ||
URLQueryItem(name: "response_type", value: "code"), | ||
URLQueryItem(name: "scope", value: "email"), | ||
URLQueryItem(name: "client_id", value: serverConfig.apiClientAuth.clientId), | ||
URLQueryItem(name: "code_challenge_method", value: "S256"), | ||
URLQueryItem(name: "code_challenge", value: challenge) | ||
] | ||
|
||
var components = URLComponents(url: baseURL, resolvingAgainstBaseURL: false) | ||
components?.path = "/oauth/authorizations/new" | ||
components?.queryItems = parameters | ||
|
||
return components?.url | ||
} | ||
|
||
public static func createAuthorizationSession() -> ASWebAuthenticationSession? { | ||
do { | ||
let verifier = try PKCE.createCodeVerifier(byteLength: 32) | ||
let challenge = try PKCE.createCodeChallenge(fromVerifier: verifier) | ||
guard let url = authorizationURL(withCodeChallenge: challenge) else { | ||
return nil | ||
} | ||
|
||
let session = ASWebAuthenticationSession( | ||
url: url, | ||
callbackURLScheme: OAuth.redirectScheme | ||
) { _, _ in | ||
// TODO: MBL-1159: Exchange information in callback for credentials, then login. | ||
} | ||
|
||
return session | ||
|
||
} catch { | ||
// TODO: Is there a way we can log/monitor these errors? | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @scottkicks Do we have a method for log generic errors in iOS? In this case, I only expect this catch to happen if something really odd occurs, i.e. we fail to create a URL from a hardcoded string, or are unable to generate a hash. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added this to our iOS sync agenda. |
||
return nil | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moving this into the OAuth struct, I don't think we'll need any logic to live in
LoginToutViewController
.