Tiny little library to perform OAuth 2.0 flows from Swift.
-
Support for
authorization_code
three-legged OAuth 2.0 flows-
Uses
WKWebView
when displaying a web-browser for the user to log in with -
Does not require registering custom URL schemes to handle the redirection by the server, instead intercepts it directly on the
WKWebView
. -
If the default
WKWebView
implementation is not satisfactory, allows complete customization of how the user is logged in to the authorization service: Just pass through thecreateWebViewController:
parameter toOAuth2.authorize()
, and have it return an adopter of theWebViewControllerType
protocol.
-
-
Support for
client_credential
two-legged OAuth 2.0 flows -
Support for
refresh_token
two-legged OAuth 2.0 flows
I have tested the library with Google, Facebook and SoundCloud logins.
NOTE: Since Twitter uses the more complex OAuth 1.0, you will need a different library if you want to support Twitter's flavour of OAuth.
You will need the OAuth authorization URL and token URL for the service you are trying to connect to.
You will also need the client ID and client secret for your application, usually found in the developer portal of the service. Google and Facebook call them app ID and app secret, other providers may use different terminology.
Lastly, if you use the authorization_code
OAuth 2.0 flow (the one that
requires a user to log in to the service with a web browser, and grant your
application permission), you will need a redirection URL.
This URL should not actually exist for a non-web application, so feel free to
use something like https://localhost/oauth
. It's a URL the authorization
service will attempt redirect to, in order to provide information which will be
used to issue an access token.
This library will intercept the redirect and handle everything for you so you just get back a nice packaged up Swift object that tells you whether authentication succeeded or failed.
Enough talk, how about an example?
This is an authorization_code
example.
let request = AuthorizationCodeRequest(
authorizationURL: "https://endpoint.com/auth"
tokenURL: "https://endpoint.com/token",
clientId: "YOUR-CLIENT-ID",
clientSecret: "YOUR-SECRET",
redirectURL: "https://localhost/oauth")!
OAuth2.authorize(request) { response in
switch response {
case .Success(let data):
let token = data.accessToken
// Do something with token, like call an API
if let refreshToken = data.refreshToken {
// Save refresh token if provided, `OAuth2.refresh()` can be used
// to avoid a full re-authentication by the user if the access
// token expires.
}
break
case .Failure(let error):
// Authorization failed, `error` is an ErrorType. It may be an
// `AuthorizationFailure`, in which case you can check which
// well-known OAuth error occurred programmatically.
// It may also be an `NSError`, if the `NSURLSession` data task
// failed.
break
}
}
As you can see, the library uses a request:completion:
style, never blocking
the caller. The completion block you supply may be called on a background
queue, so you should send any work touching UIKit to the main queue using
something like dispatch_async(dispatch_get_main_queue()) {}
.
A sample application is included in OAuth2Example
, ready for you to test
Google, Facebook and SoundCloud authentication. Just fill in the IDs and
secrets for your registered application first.
Apache 2.0