Heimdallr is an OAuth 2.0 client specifically designed for easy usage. It currently supports the resource owner password credentials grant flow, refreshing an access token, as well as extension grants.
If you are an Android Developer, please take a look at the Android version of Heimdallr.
Before requesting an access token, the client must be configured appropriately:
let tokenURL = URL(string: "https://example.com/oauth/v2/token")!
let heimdallr = Heimdallr(tokenURL: tokenURL)On login, the resource owner's password credentials are used to request an access token:
heimdallr.requestAccessToken(username: "johndoe", password: "A3ddj3w") { result in
switch result {
case .success:
print("success")
case .failure(let error):
print("failure: \(error.localizedDescription)")
}
}Heimdallr automatically persists the access token. Afterwards, any URLRequest can be easily authenticated using the received access token:
var session: URLSession!
var request: URLRequest!
heimdallr.authenticateRequest(request) { result in
switch result {
case .success(let request):
let task = session.dataTask(with: request) { data, response, error in
// ...
}
task.resume()
case .failure(let error):
print("failure: \(error.localizedDescription)")
}
}Installation is possible via Carthage or CocoaPods, see below for either method:
Carthage is a simple, decentralized dependency manager for Cocoa.
- Add Heimdallr to your Cartfile:
github "trivago/Heimdallr.swift" ~> 3.6.1
-
Run
carthage updateto fetch and build Heimdallr and its dependencies.
-
Add Heimdallr to your Podfile:
pod 'Heimdallr', '~> 3.6.1'
-
Run
pod installto fetch and build Heimdallr and its dependencies.
The client credentials, consisting of the client's identifier and optionally its secret, are used for authenticating with the token endpoint:
var identifier: String!
var secret: String!
let credentials = OAuthClientCredentials(id: identifier)
// OAuthClientCredentials(id: identifier, secret: secret)Please note that native applications are considered to be public clients.
An access token store is used to (persistently) store an access token received from the token endpoint. It must implement the following storage and retrieval methods:
protocol OAuthAccessTokenStore {
func storeAccessToken(accessToken: OAuthAccessToken?)
func retrieveAccessToken() -> OAuthAccessToken?
}Heimdallr ships with an already built-in persistent keychain-based access token store. The service is configurable:
var service: String!
let accessTokenStore = OAuthAccessTokenKeychainStore(service: service)An HTTP client that can be used by Heimdallr for requesting access tokens. It must implement the following sendRequest method:
protocol HeimdallrHTTPClient {
func sendRequest(request: URLRequest, completion: (data: Data!, response: URLResponse!, error: Error?) -> ())
}For convenience, a default HTTP client named HeimdallrHTTPClientURLSession and based on URLSession is provided. It may be configured with an URLSession:
var urlSession: URLSession!
let httpClient = HeimdallrHTTPClientURLSession(urlSession: session)You can provide your own parser to handle the access token response of the server. It can be useful for parsing additional parameters sent in the response that your application may need. The parser must implement the following parse method:
protocol OAuthAccessTokenParser {
func parse(data: Data) -> Result<OAuthAccessToken, Error>
}Heimdallr must be initialized with the token endpoint URL and can optionally be configured with client credentials, an access token store and an HTTP client:
var tokenURL: URL!
let heimdallr = Heimdallr(tokenURL: tokenURL)
// Heimdallr(tokenURL: tokenURL, credentials: credentials)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser, httpClient: httpClient)
// Heimdallr(tokenURL: tokenURL, credentials: credentials, accessTokenStore: accessTokenStore, accessTokenParser: accessTokenParser, httpClient: httpClient, resourceRequestAuthenticator: resourceRequestAuthenticator)Whether the client's access token store currently holds an access token can be checked using the hasAccessToken property. It's not checked whether the stored access token, if any, has already expired.
The authorize method takes the resource owner's password credentials as parameters and uses them to request an access token from the token endpoint:
var username: String!
var password: String!
heimdallr.requestAccessToken(username: username, password: password) { result in
// ...
}The completion closure may be invoked on any thread.
Once successfully authorized, any URLRequest can be easily altered to include authentication via the received access token:
var request: URLRequest!
heimdallr.authenticateRequest(request) { result in
// ...
}If the access token has already expired and a refresh token is available, Heimdallr will automatically refresh the access token. Refreshing requires network I/O. The completion closure may be invoked on any thread.
By default, Heimdallr authenticates a request by setting the HTTP header field Authorization. This behavior can be changed by passing another resource request authenticator implementing HeimdallrResourceRequestAuthenticator to the initializer.
Heimdallr was built by trivago 🏭
Contains code for query string escaping taken from Alamofire (MIT License)