Heimdallr
Heimdallr is an OAuth 2.0 client specifically designed for easy usage. It currently supports the resource owner password credentials grant flow, refreshing an access token, as well as extension grants.
If you are an Android Developer, please take a look at the Android version of Heimdallr.
Example
Before requesting an access token, the client must be configured appropriately:
let tokenURL = URL(string: "https://example.com/oauth/v2/token")!
let heimdallr = Heimdallr(tokenURL: tokenURL)
On login, the resource owner's password credentials are used to request an access token:
heimdallr.requestAccessToken(username: "johndoe", password: "A3ddj3w") { result in
switch result {
case .success:
print("success")
case .failure(let error):
print("failure: \(error.localizedDescription)")
}
}
Heimdallr automatically persists the access token. Afterwards, any URLRequest
can be easily authenticated using the received access token:
var session: URLSession!
var request: URLRequest!
heimdallr.authenticateRequest(request) { result in
switch result {
case .success(let request):
let task = session.dataTask(with: request) { data, response, error in
// ...
}
task.resume()
case .failure(let error):
print("failure: \(error.localizedDescription)")
}
}
Installation
Installation is possible via Carthage or CocoaPods, see below for either method:
Carthage
Carthage is a simple, decentralized dependency manager for Cocoa.
- Add Heimdallr to your Cartfile:
github "trivago/Heimdallr.swift" ~> 3.6.1
-
Run
carthage update
to fetch and build Heimdallr and its dependencies.
CocoaPods
-
Add Heimdallr to your Podfile:
pod 'Heimdallr', '~> 3.6.1'
-
Run
pod install
to fetch and build Heimdallr and its dependencies.
Usage
OAuthClientCredentials
The client credentials, consisting of the client's identifier and optionally its secret, are used for authenticating with the token endpoint:
var identifier: String!
var secret: String!
let credentials = OAuthClientCredentials(id: identifier)
// OAuthClientCredentials(id: identifier, secret: secret)
Please note that native applications are considered to be public clients.
OAuthAccessTokenStore
An access token store is used to (persistently) store an access token received from the token endpoint. It must implement the following storage and retrieval methods:
protocol OAuthAccessTokenStore {
func storeAccessToken(accessToken: OAuthAccessToken?)
func retrieveAccessToken() -> OAuthAccessToken?
}
Heimdallr ships with an already built-in persistent keychain-based access token store. The service is configurable:
var service: String!
let accessTokenStore = OAuthAccessTokenKeychainStore(service: service)
HeimdallrHTTPClient
An HTTP client that can be used by Heimdallr for requesting access tokens. It must implement the following sendRequest
method:
protocol HeimdallrHTTPClient {
func sendRequest(request: URLRequest, completion: (data: Data!, response: URLResponse!, error: Error?) -> ())
}
For convenience, a default HTTP client named HeimdallrHTTPClientURLSession
and based on URLSession
is provided. It may be configured with an URLSession
:
var urlSession: URLSession!
let httpClient = HeimdallrHTTPClientURLSession(urlSession: session)
OAuthAccessTokenParser
You can provide your own parser to handle the access token response of the server. It can be useful for parsing additional parameters sent in the response that your application may need. The parser must implement the following parse
method:
protocol OAuthAccessTokenParser {
func parse(data: Data) -> Result<OAuthAccessToken, Error>
}
Heimdallr
Heimdallr must be initialized with the token endpoint URL and can optionally be configured with client credentials, an access token store and an HTTP client:
var tokenURL: URL!
let heimdallr = Heimdallr(tokenURL: tokenURL)
// Heimdallr(tokenURL: tokenURL, credentials: credentials)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser, httpClient: httpClient)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser, httpClient: httpClient, resourceRequestAuthenticator: resourceRequestAuthenticator)
Whether the client's access token store currently holds an access token can be checked using the hasAccessToken
property. It's not checked whether the stored access token, if any, has already expired.
The authorize
method takes the resource owner's password credentials as parameters and uses them to request an access token from the token endpoint:
var username: String!
var password: String!
heimdallr.requestAccessToken(username: username, password: password) { result in
// ...
}
The completion
closure may be invoked on any thread.
Once successfully authorized, any URLRequest
can be easily altered to include authentication via the received access token:
var request: URLRequest!
heimdallr.authenticateRequest(request) { result in
// ...
}
If the access token has already expired and a refresh token is available, Heimdallr will automatically refresh the access token. Refreshing requires network I/O. The completion
closure may be invoked on any thread.
HeimdallrResourceRequestAuthenticator
By default, Heimdallr authenticates a request by setting the HTTP header field Authorization
. This behavior can be changed by passing another resource request authenticator implementing HeimdallrResourceRequestAuthenticator
to the initializer.
About
Heimdallr was built by trivago
Credits
Contains code for query string escaping taken from Alamofire (MIT License)