Performs various OAuth and OpenID Connect related calls via the user agent or .
More...
#import <MFAuthService.h>
Inherits NSObject, and <SFSafariViewControllerDelegate>.
|
(nullable instancetype) | - NS_UNAVAILABLE |
|
(nullable instancetype) | - initWithServiceConfig: |
| Initialize service with service's configuration. This is the preferred way to initialize. More...
|
|
(nullable instancetype) | - initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint: |
| Initialize auth service with endpoints. More...
|
|
(nullable instancetype) | - initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:browserLogoutEndpoint: |
| Another Initializer with service endpoints. More...
|
|
(nullable instancetype) | - initWithProvider: |
| Initialize auth service with service's base Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints. More...
|
|
(nullable instancetype) | - initWithIssuerUrl:logoutUrl: |
| Initialize auth service with service's issuer Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints. More...
|
|
(BOOL) | - isAuthorized |
| Is already authorized. More...
|
|
(void) | - setAuthState: |
| Set auth state with tokens.
|
|
(void) | - loadState |
| load state with tokens from device keychain More...
|
|
(void) | - saveState |
| save state with tokens to device keychain More...
|
|
(nullable id< OIDAuthorizationFlowSession >) | - signInWithClientId:clientSecret:scopes:redirectURL:presentingViewController:withBlock: |
| SignIn user to authorization server and obtain the tokens. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices. More...
|
|
(nullable id< OIDAuthorizationFlowSession >) | - signInWithClientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:presentingViewController:withBlock: |
| SignIn user to authorization server and obtain the tokens. Perform an authorization flow using a generic flow shim. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices. More...
|
|
(void) | - getUserInfoResponse: |
| Get user info response data from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed. More...
|
|
(void) | - getUserInfo: |
| Get user info from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed. More...
|
|
(void) | - performActionWithFreshToken: |
| Performs the action specified in the callback with the access or id token. It will refresh the token, if needed. More...
|
|
(void) | - performHTTPRequestWithFreshToken:withCompletionHandler: |
| A convenience method that performs a basic http request and calls back with the response. It will refresh the token, if needed. More...
|
|
(nullable NSString *) | - getAccessToken |
| Get the access token.
|
|
(nullable NSString *) | - getAccessTokenExpiryTimeString |
| Get the access token expiration time string in local time.
|
|
(void) | - logout: |
| Logout user session at the authorization server. This deletes all the tokens from the device, Revokes Refresh token on authorization server, and Logs out the user session at the authorization server. Note, This will invalidate the session in system browser and/or SafariViewController thus, next time during signIn, the user will be prompted for credentials to authenticate. This will not, however, affect the already authorized apps.
|
|
(void) | - revokeToken: |
| Revoke the Refresh Token.
|
|
|
(void) | + discoverServiceConfiguration:completion: |
| Convenience method for creating an authorization service configuration from an OpenID Connect compliant issuer URL. More...
|
|
(void) | + removeKeychainEntry |
| Remove an existing Keychain entry with tokens. This can be used for e.g. when the orphaned tokens needs to be explicitly removed at the first run of the app.
|
|
Performs various OAuth and OpenID Connect related calls via the user agent or .
◆ discoverServiceConfiguration:completion:()
+ (void) discoverServiceConfiguration: |
|
(nonnull NSURL *) |
discoveryUrl |
completion: |
|
(nonnull MFDiscoveryCallback) |
completionCallback |
|
|
| |
Convenience method for creating an authorization service configuration from an OpenID Connect compliant issuer URL.
- Parameters
-
discoveryUrl | The service provider's OpenID Connect issuer. |
completionCallback | A block which will be invoked when the authorization service configuration has been created, or when an error has occurred. |
- See also
- https://openid.net/specs/openid-connect-discovery-1_0.html
◆ getUserInfo:()
- (void) getUserInfo: |
|
(nonnull MFUserInfoCallback) |
completionHandler |
|
Get user info from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed.
- Parameters
-
completionHandler | block to be executed after the completion of the operation. It will have the user data in a dictionary from the request or error. |
◆ getUserInfoResponse:()
- (void) getUserInfoResponse: |
|
(nonnull MFResponseCallback) |
completionHandler |
|
Get user info response data from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed.
- Parameters
-
completionHandler | block to be executed after the completion of the operation. It will have the response data from the request or error. |
◆ initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:()
- (nullable instancetype) initWithAuthzEndpoint: |
|
(nonnull NSURL *) |
authorizationUrl |
tokenEndpoint: |
|
(nonnull NSURL *) |
tokenUrl |
revocationEndpoint: |
|
(nullable NSURL *) |
revocationUrl |
userinfoEndpoint: |
|
(nullable NSURL *) |
userinfoUrl |
|
|
| |
Initialize auth service with endpoints.
- Parameters
-
authorizationUrl | OAuth authorization endpoint |
tokenUrl | Oauth token endpoint |
revocationUrl | Token revocation endpoint |
userinfoUrl | UserInfo endpoint. |
◆ initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:browserLogoutEndpoint:()
- (nullable instancetype) initWithAuthzEndpoint: |
|
(nonnull NSURL *) |
authorizationUrl |
tokenEndpoint: |
|
(nonnull NSURL *) |
tokenUrl |
revocationEndpoint: |
|
(nullable NSURL *) |
revocationUrl |
userinfoEndpoint: |
|
(nullable NSURL *) |
userinfoUrl |
browserLogoutEndpoint: |
|
(nullable NSURL *) |
browserLogoutUrl |
|
|
| |
Another Initializer with service endpoints.
- Parameters
-
authorizationUrl | OAuth authorization endpoint |
tokenUrl | Oauth token endpoint |
revocationUrl | Token revocation endpoint |
userinfoUrl | UserInfo endpoint. |
browserLogoutUrl | Url to logout user session from the device system browser or SFSafariViewController |
◆ initWithIssuerUrl:logoutUrl:()
- (nullable instancetype) initWithIssuerUrl: |
|
(nonnull NSURL *) |
issuerUrl |
logoutUrl: |
|
(nullable NSURL *) |
logoutUrl |
|
|
| |
Initialize auth service with service's issuer Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints.
- Parameters
-
issuerUrl | Authorization server's Issuer Url |
logoutUrl | Url to logout the user session at the authorization server |
◆ initWithProvider:()
- (nullable instancetype) initWithProvider: |
|
(nonnull NSURL *) |
providerBaseUrl |
|
Initialize auth service with service's base Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints.
- Parameters
-
◆ initWithServiceConfig:()
Initialize service with service's configuration. This is the preferred way to initialize.
- Parameters
-
serviceConfig | Service Configuration to initialize with. |
◆ isAuthorized()
Is already authorized.
- Returns
- YES if already authorized.
◆ loadState()
load state with tokens from device keychain
Loads the AuthState
from Keychain
.
◆ performActionWithFreshToken:()
- (void) performActionWithFreshToken: |
|
(nonnull MFAuthStateAction) |
action |
|
Performs the action specified in the callback with the access or id token. It will refresh the token, if needed.
- Parameters
-
action | Callback block which is executed after the operation with a response or error. |
◆ performHTTPRequestWithFreshToken:withCompletionHandler:()
- (void) performHTTPRequestWithFreshToken: |
|
(nonnull NSURL *) |
requestUrl |
withCompletionHandler: |
|
(nonnull MFResponseCallback) |
handler |
|
|
| |
A convenience method that performs a basic http request and calls back with the response. It will refresh the token, if needed.
- Parameters
-
requestUrl | Url to perform the http Get request. |
handler | Callback block which is executed with the fresh (if expired) tokens. |
◆ saveState()
save state with tokens to device keychain
Saves the AuthState
to Keychain
.
◆ signInWithClientId:clientSecret:scopes:redirectURL:presentingViewController:withBlock:()
- (nullable id<OIDAuthorizationFlowSession>) signInWithClientId: |
|
(nonnull NSString *) |
clientId |
clientSecret: |
|
(nullable NSString *) |
clientSecret |
scopes: |
|
(nullable NSArray< NSString * > *) |
scopes |
redirectURL: |
|
(nullable NSURL *) |
redirectURL |
presentingViewController: |
|
(nonnull UIViewController *) |
presentingVC |
withBlock: |
|
(nonnull MFSignInCompletionCallback) |
callbackBlock |
|
|
| |
SignIn user to authorization server and obtain the tokens. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices.
- Parameters
-
clientId | The oauth clientId. |
clientSecret | oauth client secret. |
scopes | oauth / openid connect scopes. |
redirectURL | redirect url as configured in oauth client application. |
presentingVC | presenting view controller of your app. |
callbackBlock | block called after sigin. This will have success flag or error. |
- Returns
- A
OIDAuthorizationFlowSession
instance which will terminate when it receives a OIDAuthorizationFlowSession.cancel
message, or after processing a OIDAuthorizationFlowSession.resumeAuthorizationFlowWithURL:
message. Part of the oauth authorization flow will be done after app reentry after user authentication using OIDAuthorizationFlowSession
.
◆ signInWithClientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:presentingViewController:withBlock:()
- (nullable id<OIDAuthorizationFlowSession>) signInWithClientId: |
|
(nonnull NSString *) |
clientId |
clientSecret: |
|
(nullable NSString *) |
clientSecret |
scopes: |
|
(nullable NSArray< NSString * > *) |
scopes |
redirectURL: |
|
(nullable NSURL *) |
redirectURL |
responseType: |
|
(nullable NSString *) |
responseType |
additionalParameters: |
|
(nullable NSMutableDictionary< NSString *, NSString * > *) |
additionalParameters |
presentingViewController: |
|
(nonnull UIViewController *) |
presentingVC |
withBlock: |
|
(nonnull MFSignInCompletionCallback) |
callbackBlock |
|
|
| |
SignIn user to authorization server and obtain the tokens. Perform an authorization flow using a generic flow shim. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices.
- Parameters
-
clientId | The oauth clientId. |
clientSecret | Oauth client secret. |
scopes | Oauth / Openid connect scopes. |
redirectURL | Redirect url as configured in oauth client application. |
responseType | This identifies the oauth grant types |
additionalParameters | Additional parameters that can be put on authorization request. |
presentingVC | Presenting view controller of your app. |
callbackBlock | Block called after sigin. This will have success flag or error. |
- Returns
- A
OIDAuthorizationFlowSession
instance which will terminate when it receives a OIDAuthorizationFlowSession.cancel
message, or after processing a OIDAuthorizationFlowSession.resumeAuthorizationFlowWithURL:
message.
◆ config
The service's configuration.
The documentation for this class was generated from the following files:
- /Users/atmahajan/MobileAccess-SDK/ios/sdk/MFAuthLib/MFAuthLib/MFAuthService.h
- /Users/atmahajan/MobileAccess-SDK/ios/sdk/MFAuthLib/MFAuthLib/MFAuthService.m