NetIQ Mobile SDK for iOS  2.0
Access Manager iOS Framework for OAuth & OIDC
MFAuthService Class Reference

Performs various OAuth and OpenID Connect related calls via the user agent or . More...

#import <MFAuthService.h>

Inherits NSObject, and <SFSafariViewControllerDelegate>.

Instance Methods

(nullable instancetype) - NS_UNAVAILABLE
 
(nullable instancetype) - initWithServiceConfig:
 Initialize service with service's configuration. This is the preferred way to initialize. More...
 
(nullable instancetype) - initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:
 Initialize auth service with endpoints. More...
 
(nullable instancetype) - initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:browserLogoutEndpoint:
 Another Initializer with service endpoints. More...
 
(nullable instancetype) - initWithProvider:
 Initialize auth service with service's base Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints. More...
 
(nullable instancetype) - initWithIssuerUrl:logoutUrl:
 Initialize auth service with service's issuer Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints. More...
 
(BOOL) - isAuthorized
 Is already authorized. More...
 
(void) - setAuthState:
 Set auth state with tokens.
 
(void) - loadState
 load state with tokens from device keychain More...
 
(void) - saveState
 save state with tokens to device keychain More...
 
(nullable id< OIDAuthorizationFlowSession >) - signInWithClientId:clientSecret:scopes:redirectURL:presentingViewController:withBlock:
 SignIn user to authorization server and obtain the tokens. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices. More...
 
(nullable id< OIDAuthorizationFlowSession >) - signInWithClientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:presentingViewController:withBlock:
 SignIn user to authorization server and obtain the tokens. Perform an authorization flow using a generic flow shim. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices. More...
 
(void) - getUserInfoResponse:
 Get user info response data from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed. More...
 
(void) - getUserInfo:
 Get user info from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed. More...
 
(void) - performActionWithFreshToken:
 Performs the action specified in the callback with the access or id token. It will refresh the token, if needed. More...
 
(void) - performHTTPRequestWithFreshToken:withCompletionHandler:
 A convenience method that performs a basic http request and calls back with the response. It will refresh the token, if needed. More...
 
(nullable NSString *) - getAccessToken
 Get the access token.
 
(nullable NSString *) - getAccessTokenExpiryTimeString
 Get the access token expiration time string in local time.
 
(void) - logout:
 Logout user session at the authorization server. This deletes all the tokens from the device, Revokes Refresh token on authorization server, and Logs out the user session at the authorization server. Note, This will invalidate the session in system browser and/or SafariViewController thus, next time during signIn, the user will be prompted for credentials to authenticate. This will not, however, affect the already authorized apps.
 
(void) - revokeToken:
 Revoke the Refresh Token.
 

Class Methods

(void) + discoverServiceConfiguration:completion:
 Convenience method for creating an authorization service configuration from an OpenID Connect compliant issuer URL. More...
 
(void) + removeKeychainEntry
 Remove an existing Keychain entry with tokens. This can be used for e.g. when the orphaned tokens needs to be explicitly removed at the first run of the app.
 

Properties

OIDAuthStateauthState
 
OIDServiceConfigurationOIDConfig
 
MFServiceConfigurationconfig
 The service's configuration. More...
 

Detailed Description

Performs various OAuth and OpenID Connect related calls via the user agent or .

Method Documentation

◆ discoverServiceConfiguration:completion:()

+ (void) discoverServiceConfiguration: (nonnull NSURL *)  discoveryUrl
completion: (nonnull MFDiscoveryCallback)  completionCallback 

Convenience method for creating an authorization service configuration from an OpenID Connect compliant issuer URL.

Parameters
discoveryUrlThe service provider's OpenID Connect issuer.
completionCallbackA block which will be invoked when the authorization service configuration has been created, or when an error has occurred.
See also
https://openid.net/specs/openid-connect-discovery-1_0.html

◆ getUserInfo:()

- (void) getUserInfo: (nonnull MFUserInfoCallback)  completionHandler

Get user info from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed.

Parameters
completionHandlerblock to be executed after the completion of the operation. It will have the user data in a dictionary from the request or error.

◆ getUserInfoResponse:()

- (void) getUserInfoResponse: (nonnull MFResponseCallback)  completionHandler

Get user info response data from UserInfo endpoint. This uses access token as bearer on the call and will automatically refresh the token, if needed.

Parameters
completionHandlerblock to be executed after the completion of the operation. It will have the response data from the request or error.

◆ initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:()

- (nullable instancetype) initWithAuthzEndpoint: (nonnull NSURL *)  authorizationUrl
tokenEndpoint: (nonnull NSURL *)  tokenUrl
revocationEndpoint: (nullable NSURL *)  revocationUrl
userinfoEndpoint: (nullable NSURL *)  userinfoUrl 

Initialize auth service with endpoints.

Parameters
authorizationUrlOAuth authorization endpoint
tokenUrlOauth token endpoint
revocationUrlToken revocation endpoint
userinfoUrlUserInfo endpoint.

◆ initWithAuthzEndpoint:tokenEndpoint:revocationEndpoint:userinfoEndpoint:browserLogoutEndpoint:()

- (nullable instancetype) initWithAuthzEndpoint: (nonnull NSURL *)  authorizationUrl
tokenEndpoint: (nonnull NSURL *)  tokenUrl
revocationEndpoint: (nullable NSURL *)  revocationUrl
userinfoEndpoint: (nullable NSURL *)  userinfoUrl
browserLogoutEndpoint: (nullable NSURL *)  browserLogoutUrl 

Another Initializer with service endpoints.

Parameters
authorizationUrlOAuth authorization endpoint
tokenUrlOauth token endpoint
revocationUrlToken revocation endpoint
userinfoUrlUserInfo endpoint.
browserLogoutUrlUrl to logout user session from the device system browser or SFSafariViewController

◆ initWithIssuerUrl:logoutUrl:()

- (nullable instancetype) initWithIssuerUrl: (nonnull NSURL *)  issuerUrl
logoutUrl: (nullable NSURL *)  logoutUrl 

Initialize auth service with service's issuer Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints.

Parameters
issuerUrlAuthorization server's Issuer Url
logoutUrlUrl to logout the user session at the authorization server

◆ initWithProvider:()

- (nullable instancetype) initWithProvider: (nonnull NSURL *)  providerBaseUrl

Initialize auth service with service's base Url. This initializer assumes NAM authorization Identity Provider and builds appropriate endpoints.

Parameters
providerBaseUrlNAM IDP base Url e.g. https://www.idp.com

◆ initWithServiceConfig:()

- (nullable instancetype) initWithServiceConfig: (nonnull MFServiceConfiguration *)  NS_DESIGNATED_INITIALIZER

Initialize service with service's configuration. This is the preferred way to initialize.

Parameters
serviceConfigService Configuration to initialize with.

◆ isAuthorized()

- (BOOL) isAuthorized

Is already authorized.

Returns
YES if already authorized.

◆ loadState()

- (void) loadState

load state with tokens from device keychain

Loads the AuthState from Keychain.

◆ performActionWithFreshToken:()

- (void) performActionWithFreshToken: (nonnull MFAuthStateAction)  action

Performs the action specified in the callback with the access or id token. It will refresh the token, if needed.

Parameters
actionCallback block which is executed after the operation with a response or error.

◆ performHTTPRequestWithFreshToken:withCompletionHandler:()

- (void) performHTTPRequestWithFreshToken: (nonnull NSURL *)  requestUrl
withCompletionHandler: (nonnull MFResponseCallback)  handler 

A convenience method that performs a basic http request and calls back with the response. It will refresh the token, if needed.

Parameters
requestUrlUrl to perform the http Get request.
handlerCallback block which is executed with the fresh (if expired) tokens.

◆ saveState()

- (void) saveState

save state with tokens to device keychain

Saves the AuthState to Keychain.

◆ signInWithClientId:clientSecret:scopes:redirectURL:presentingViewController:withBlock:()

- (nullable id<OIDAuthorizationFlowSession>) signInWithClientId: (nonnull NSString *)  clientId
clientSecret: (nullable NSString *)  clientSecret
scopes: (nullable NSArray< NSString * > *)  scopes
redirectURL: (nullable NSURL *)  redirectURL
presentingViewController: (nonnull UIViewController *)  presentingVC
withBlock: (nonnull MFSignInCompletionCallback)  callbackBlock 

SignIn user to authorization server and obtain the tokens. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices.

Parameters
clientIdThe oauth clientId.
clientSecretoauth client secret.
scopesoauth / openid connect scopes.
redirectURLredirect url as configured in oauth client application.
presentingVCpresenting view controller of your app.
callbackBlockblock called after sigin. This will have success flag or error.
Returns
A OIDAuthorizationFlowSession instance which will terminate when it receives a OIDAuthorizationFlowSession.cancel message, or after processing a OIDAuthorizationFlowSession.resumeAuthorizationFlowWithURL: message. Part of the oauth authorization flow will be done after app reentry after user authentication using OIDAuthorizationFlowSession.

◆ signInWithClientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:presentingViewController:withBlock:()

- (nullable id<OIDAuthorizationFlowSession>) signInWithClientId: (nonnull NSString *)  clientId
clientSecret: (nullable NSString *)  clientSecret
scopes: (nullable NSArray< NSString * > *)  scopes
redirectURL: (nullable NSURL *)  redirectURL
responseType: (nullable NSString *)  responseType
additionalParameters: (nullable NSMutableDictionary< NSString *, NSString * > *)  additionalParameters
presentingViewController: (nonnull UIViewController *)  presentingVC
withBlock: (nonnull MFSignInCompletionCallback)  callbackBlock 

SignIn user to authorization server and obtain the tokens. Perform an authorization flow using a generic flow shim. This will perform OAuth authorization code flow utilizing PKCE the Safari ViewController based on security best practices.

Parameters
clientIdThe oauth clientId.
clientSecretOauth client secret.
scopesOauth / Openid connect scopes.
redirectURLRedirect url as configured in oauth client application.
responseTypeThis identifies the oauth grant types
additionalParametersAdditional parameters that can be put on authorization request.
presentingVCPresenting view controller of your app.
callbackBlockBlock called after sigin. This will have success flag or error.
Returns
A OIDAuthorizationFlowSession instance which will terminate when it receives a OIDAuthorizationFlowSession.cancel message, or after processing a OIDAuthorizationFlowSession.resumeAuthorizationFlowWithURL: message.

Property Documentation

◆ config

- (MFServiceConfiguration*) config
readnonatomicassign

The service's configuration.

Remarks
Each authorization service is initialized with a configuration. This configuration specifies how to connect to a particular OAuth provider. Clients should use separate authorization service instances for each provider they wish to integrate with. Configurations may be created manually, or via an OpenID Connect Discovery Document.

The documentation for this class was generated from the following files: