Easy to use OAuth 2 library for iOS, written in Swift.
Clone or download
Latest commit b6b8ea3 Oct 20, 2017

README.md

Heimdallr

Heimdallr is an OAuth 2.0 client specifically designed for easy usage. It currently supports the resource owner password credentials grant flow, refreshing an access token, as well as extension grants.

If you are an Android Developer, please take a look at the Android version of Heimdallr.

Build Status

Example

Before requesting an access token, the client must be configured appropriately:

let tokenURL = URL(string: "https://example.com/oauth/v2/token")!
let heimdallr = Heimdallr(tokenURL: tokenURL)

On login, the resource owner's password credentials are used to request an access token:

heimdallr.requestAccessToken(username: "johndoe", password: "A3ddj3w") { result in
    switch result {
    case .success:
        print("success")
    case .failure(let error):
        print("failure: \(error.localizedDescription)")
    }
}

Heimdallr automatically persists the access token. Afterwards, any URLRequest can be easily authenticated using the received access token:

var session: URLSession!
var request: URLRequest!

heimdallr.authenticateRequest(request) { result in
    switch result {
    case .success(let request):
        let task = session.dataTask(with: request) { data, response, error in
            // ...
        }
        
        task.resume()
    case .failure(let error):
        print("failure: \(error.localizedDescription)")
    }
}

Installation

Installation is possible via Carthage or CocoaPods, see below for either method:

Carthage

Carthage is a simple, decentralized dependency manager for Cocoa.

  1. Add Heimdallr to your Cartfile:
github "trivago/Heimdallr.swift" ~> 3.6.1
  1. Run carthage update to fetch and build Heimdallr and its dependencies.

  2. Make sure your application's target links against Heimdallr.framework and copies all relevant frameworks into its application bundle (iOS); or embeds the binaries of all relevant frameworks (Mac).

CocoaPods

  1. Add Heimdallr to your Podfile:

    pod 'Heimdallr', '~> 3.6.1'
  2. Run pod install to fetch and build Heimdallr and its dependencies.

Usage

OAuthClientCredentials

The client credentials, consisting of the client's identifier and optionally its secret, are used for authenticating with the token endpoint:

var identifier: String!
var secret: String!

let credentials = OAuthClientCredentials(id: identifier)
               // OAuthClientCredentials(id: identifier, secret: secret)

Please note that native applications are considered to be public clients.

OAuthAccessTokenStore

An access token store is used to (persistently) store an access token received from the token endpoint. It must implement the following storage and retrieval methods:

protocol OAuthAccessTokenStore {
    func storeAccessToken(accessToken: OAuthAccessToken?)
    func retrieveAccessToken() -> OAuthAccessToken?
}

Heimdallr ships with an already built-in persistent keychain-based access token store. The service is configurable:

var service: String!

let accessTokenStore = OAuthAccessTokenKeychainStore(service: service)

HeimdallrHTTPClient

An HTTP client that can be used by Heimdallr for requesting access tokens. It must implement the following sendRequest method:

protocol HeimdallrHTTPClient {
    func sendRequest(request: URLRequest, completion: (data: Data!, response: URLResponse!, error: Error?) -> ())
}

For convenience, a default HTTP client named HeimdallrHTTPClientURLSession and based on URLSession is provided. It may be configured with an URLSession:

var urlSession: URLSession!

let httpClient = HeimdallrHTTPClientURLSession(urlSession: session)

OAuthAccessTokenParser

You can provide your own parser to handle the access token response of the server. It can be useful for parsing additional parameters sent in the response that your application may need. The parser must implement the following parse method:

protocol OAuthAccessTokenParser {
    func parse(data: Data) -> Result<OAuthAccessToken, Error>
}

Heimdallr

Heimdallr must be initialized with the token endpoint URL and can optionally be configured with client credentials, an access token store and an HTTP client:

var tokenURL: URL!

let heimdallr = Heimdallr(tokenURL: tokenURL)
             // Heimdallr(tokenURL: tokenURL, credentials: credentials)
             // Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore)
             // Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser)
             // Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser, httpClient: httpClient)
             // Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser, httpClient: httpClient, resourceRequestAuthenticator: resourceRequestAuthenticator)

Whether the client's access token store currently holds an access token can be checked using the hasAccessToken property. It's not checked whether the stored access token, if any, has already expired.

The authorize method takes the resource owner's password credentials as parameters and uses them to request an access token from the token endpoint:

var username: String!
var password: String!

heimdallr.requestAccessToken(username: username, password: password) { result in
    // ...
}

The completion closure may be invoked on any thread.

Once successfully authorized, any URLRequest can be easily altered to include authentication via the received access token:

var request: URLRequest!

heimdallr.authenticateRequest(request) { result in
    // ...
}

If the access token has already expired and a refresh token is available, Heimdallr will automatically refresh the access token. Refreshing requires network I/O. The completion closure may be invoked on any thread.

HeimdallrResourceRequestAuthenticator

By default, Heimdallr authenticates a request by setting the HTTP header field Authorization. This behavior can be changed by passing another resource request authenticator implementing HeimdallrResourceRequestAuthenticator to the initializer.

About

Heimdallr was built by trivago 🏭

Credits

Contains code for query string escaping taken from Alamofire (MIT License)