This repository was archived by the owner on Feb 5, 2025. It is now read-only.
SDK-less Google-SignIn – Part 2 of n #717
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| extension OAuthTokenRequestBody { | ||
|
|
||
| static func googleSignInRequestBody( | ||
| clientId: String, | ||
| authCode: String, | ||
| pkce: ProofKeyForCodeExchange | ||
| ) -> Self { | ||
| .init( | ||
| clientId: clientId, | ||
| // "The client secret obtained from the API Console Credentials page." | ||
| // - https://developers.google.com/identity/protocols/oauth2/native-app#step-2:-send-a-request-to-googles-oauth-2.0-server | ||
| // | ||
| // There doesn't seem to be any secret for iOS app credentials. | ||
| // The process works with an empty string... | ||
| clientSecret: "", | ||
| code: authCode, | ||
| codeVerifier: pkce.codeVerifier, | ||
| // As defined in the OAuth 2.0 specification, this field's value must be set to authorization_code. | ||
| // – https://developers.google.com/identity/protocols/oauth2/native-app#exchange-authorization-code | ||
| grantType: "authorization_code", | ||
| redirectURI: URL.redirectURI(from: clientId) | ||
| ) | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /// Models the request to send for an OAuth token | ||
| /// | ||
| /// - Note: See documentation at https://developers.google.com/identity/protocols/oauth2/native-app#exchange-authorization-code | ||
| struct OAuthTokenRequestBody: Encodable { | ||
| let clientId: String | ||
| let clientSecret: String | ||
| let code: String | ||
| let codeVerifier: String | ||
| let grantType: String | ||
| let redirectURI: String | ||
|
|
||
| enum CodingKeys: String, CodingKey { | ||
| case clientId = "client_id" | ||
| case clientSecret = "client_secret" | ||
| case code | ||
| case codeVerifier = "code_verifier" | ||
| case grantType = "grant_type" | ||
| case redirectURI = "redirect_uri" | ||
| } | ||
|
|
||
| func asURLEncodedData() throws -> Data { | ||
| let params = [ | ||
| (CodingKeys.clientId.rawValue, clientId), | ||
| (CodingKeys.clientSecret.rawValue, clientSecret), | ||
| (CodingKeys.code.rawValue, code), | ||
| (CodingKeys.codeVerifier.rawValue, codeVerifier), | ||
| (CodingKeys.grantType.rawValue, grantType), | ||
| (CodingKeys.redirectURI.rawValue, redirectURI), | ||
| ] | ||
|
|
||
| let items = params.map { URLQueryItem(name: $0.0, value: $0.1) } | ||
|
|
||
| var components = URLComponents() | ||
| components.queryItems = items | ||
|
|
||
| // We can assume `query` to never be nil because we set `queryItems` in the line above. | ||
| return Data(components.query!.utf8) | ||
| } | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we are essentially implement OAuth 2, I think we can replace "Google Sign In" with a more generic term? Like, this function becomes
oauth2AuthenticationURL, what do you think?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm making assumption here, but I imagine the whole Google Sign In workflow can be used in "Sign In via Facebook", or even the WordPress OAuth2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I was thinking about this before going AFK and realized I may be using unclear boundaries here.
You might have noticed I made an
OAuthfolder and aGoogleSignInone. My intent was to separate the components that are GoogleSignIn specific from those that are part of the OAuth spec. One issue with how I executed this is that I haven't been cross checking between the OAuth and Google documentations so there might be stuff in the OAuth folder that's still Google specific, and vice versa.Thinking about it since, I came to the conclusion that I'd prefer to separate OAuth- from Google- specific code only once we'll need to add a new OAuth client (likely WordPress OAuth2). As such, I'm tempted to follow up this PR with one that moves all the
OAuth/code intoGoogleSignIn/, renaming some of the types if necessary.My rationale for the suggestion above is that I'm more interested in having a working version of the SDK-less authentication than a general purpose OAuth client, even though building a client first might make it easier to add further authentication implementation in the future.
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me. We probably don't need to "pre-abstract" stuff if there is no immediate plan to support another OAuth provider (service? server?). I trust you'll strike the right balance 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the confidence.