Documentation Fixes

Author: Colaski

README.md

@@ -1,22 +1,22 @@
 # SwAuth
 
-SwAuth is a OAuth 2.0 library for iOS 15.0+, macOS 12.0+, watchOS 8.0+, and tvOS 15.0+ written in Swift.
+SwAuth is an OAuth 2.0 HTTP request library for written in Swift iOS 15.0+, macOS 12.0+, watchOS 8.0+, and tvOS 15.0+.
 
 ## Features
 
 - [x] Usable and beautiful syntax with async/await! Say goodbye to completion handler hell!
-- [x] Authorization Code Grant (RFC 6749/6750), Proof Key for Code Exchange (PKCE) extension for Authorization Code Grant (RFC 7636), and the Device Authorization Grant (RFC 8628).
+- [x] Supports Authorization Code Grant (RFC 6749/6750), Proof Key for Code Exchange (PKCE) extension for Authorization Code Grant (RFC 7636), and the Device Authorization Grant (RFC 8628).
 - [x] Support for all Apple platforms.
 - [x] Retry errored requests.
-- [x] Built on [SwiftNIO](https://github.com/apple/swift-nio) with [AsyncHTTPClient](https://github.com/swift-server/async-http-client). (Suck it URLSession)
-- [x] [Complete. Meticulous. Thorough. documentation 😰.](https://swauth.netlify.app/documentation/Swauth)
-- [x] Device Authorization QR Code for tvOS/watchOS.
+- [x] Automatically refreshes tokens.
+- [x] Tokens stored on Keychain, cross-site request forgery mitigation with state by default.
+- [x] Easily deal with JSON responses with built-in [SwiftyJSON](https://github.com/SwiftyJSON/SwiftyJSON).
 - [x] Easily integrate with SwiftUI.
+- [x] [Complete, Meticulous, Thorough, documentation.](https://swauth.netlify.app/documentation/Swauth)
+- [x] Errors that are actually useful... well most of the time.
+- [x] Built on [SwiftNIO](https://github.com/apple/swift-nio) with [AsyncHTTPClient](https://github.com/swift-server/async-http-client).
+- [x] QR Code for the Device Authorization Flow (tvOS/watchOS).
 - [x] Sample/Example Apps.
-- [x] Automatically refresh tokens.
-- [x] Tokens securely stored on the Keychain.
-- [x] Easily deal with JSON responses.
-- [x] Useful errors (mostly).
 
 ## Requirments
 
@@ -25,7 +25,7 @@ SwAuth is a OAuth 2.0 library for iOS 15.0+, macOS 12.0+, watchOS 8.0+, and tvOS
 
 ## Installation/Integration
 
-Use the Swift Package Manager to add SwAuth to your project! Simply add the package to your dependencies in your `Package.swift`: 
+Use the Swift Package Manager to add SwAuth to your project! Simply add the package to dependencies in your `Package.swift`: 
 
 ```swift
 let package = Package(
@@ -36,11 +36,89 @@ let package = Package(
 )
 ```
 
-## Usage
+## Basic Usage
 
 1. Import SwAuth in files you wish to use it's amazing features:
 ```swift
 import SwAuth
 ```
 
-2. Read the docs 🤣 [https://swauth.netlify.app/documentation/Swauth](https://swauth.netlify.app/documentation/Swauth)
+2. Create an instance of keychain:
+
+```swift
+let keychain = Keychain(service: "com.your.bundleID",
+                        accessGroup: "appIdentifierPrefix.com.your.bundleID").label("Your App Name")
+```
+
+3. Create an instance of the proper authorization flow for your Web API.
+
+```swift
+let keychain = Keychain(service: "com.your.bundleID",
+                        accessGroup: "appIdentifierPrefix.com.your.bundleID").label("Your App Name")
+
+let spotify = AuthorizationCodeFlow(clientID: "YourClientID",
+                                    authorizationEndpoint: URL(string: "https://accounts.spotify.com/authorize")!,
+                                    tokenEndpoint: URL(string: "https://accounts.spotify.com/api/token")!,
+                                    redirectURI: "someapp://callback",
+                                    keychain: keychain,
+                                    scopes: "user-follow-modify")
+```
+
+4. Start an ASWebAuthenticationSession like in the [example app](https://github.com/Colaski/SwAuth/blob/main/SwAuthTestApp/SwAuthTestApp/ProviderView.swift#L94) with the instance's authorization URL:
+
+```swift
+spotify.authorizationURL
+```
+
+5. Pass the callback URL from the ASWebAuthenticationSession into the provided handler method:
+
+```swift
+do {
+    try await spotify.authorizationResponseHandler(for: callbackURL)
+} catch {
+    print(error.localizedDescription)
+}
+```
+
+6. Make an authorized request:
+
+```swift
+do {
+    // https://developer.spotify.com/documentation/web-api/reference/#/operations/follow-artists-users
+    var request = HTTPRequest(endpoint: URL(sting: "https://api.spotify.com/v1/me/following")!)
+    request.httpMethod = .PUT
+    request.endpointQueryItems = ["type": "artist"]
+    request.httpBody = ["ids": ["5K4W6rqBFWDnAN6FQUkS6x"]]
+    request.bodyEncoding = .JSON
+
+    // Send an authenticated HTTP request, this one will follow the artist Kanye on Spotify.
+    let json = try await spotify.authenticatedRequest(for: request, numberOfRetries: 2).json()
+    
+    // Prints the JSON output
+    print(json)
+} catch {
+    print(error.localizedDescription)
+}
+```
+
+For more information, read my beautiful documentation: [https://swauth.netlify.app/documentation/Swauth](https://swauth.netlify.app/documentation/Swauth)
+
+## Contributing
+
+Contributions are welcome!
+
+Make sure swift is installed and then
+```bash
+git clone https://github.com/Colaski/SwAuth.git
+cd SwAuth
+swift build
+```
+
+Make your changes and submit and a PR for review!
+
+Nice to have list:
+
+- [ ] Include ready to go implementations of Web API's with endpoints like in the [exmaple app](https://github.com/Colaski/SwAuth/blob/main/SwAuthTestApp/SwAuthTestApp/Spotify.swift)
+    - Perhaps Spotify, Google, Azure/Microsoft, Github etc.
+    
+- [ ] OAuth1 support

Sources/SwAuth/AuthorizationCodeFlow.swift

@@ -29,7 +29,7 @@ import enum NIOHTTP1.HTTPMethod
 /**
  The OAuth 2.0 Authorization Code Grant according to RFC 6749/6750.
 
- - Warning: The OAuth 2.0 Authorization Code Flow is not secure for client side applications, it should only be
+ - Warning: The OAuth 2.0 Authorization Code Flow is not secure for native applications, it should only be
  used when ABSOLUTELY NECESSARY. If you are connecting to your own HTTP server, please implement RFC 7636
  and utilize the ``PKCEAuthorizationFlow``. Unfortunately, if you do not have control over the server,
  this may be your only option.
@@ -129,7 +129,7 @@ open class AuthorizationCodeFlow: Swauthable {
     /// See ``tokenRequestParams`` for the provided parameters.
     open var additionalTokenRequestParams: [String: String]?
 
-    /// **Ignore if the web API does not provide a refresh token.**
+    /// **Ignore if the Web API does not provide a refresh token.**
     /// Any additional HTTP body parameters for the token refresh request. The key/value pairs for
     /// "refresh\_token" and "grant\_type" are handled internally when a
     /// ``Swauthable/authenticatedRequest(for:numberOfRetries:)``
@@ -142,7 +142,7 @@ open class AuthorizationCodeFlow: Swauthable {
     /// Some servers may use a different key for their authorization header's token type than the one
     /// provided by the token request response.
     ///
-    /// For example, ``Github`` uses "token", however their token response type is "bearer".
+    /// For example, Github uses "token", however their token response type is "bearer".
     open var authHeaderTokenType: String?
 
     /// Some servers may allow or want the client id and client secret to be parameters in a HTTP request's

Sources/SwAuth/DeviceAuthorizationFlow.swift

@@ -117,7 +117,7 @@ open class DeviceAuthorizationFlow: Swauthable {
     /// Some APIs may use a different key for their authorization header's token type than the one
     /// provided by the token request response.
     ///
-    /// For example, ``Github`` uses "token", however their token response type is "bearer".
+    /// For example, Github uses "token", however their token response type is "bearer".
     open var authHeaderTokenType: String?
 
     /// The  ``DeviceFlowAuthResponse-swift.struct``from a call to the

Sources/SwAuth/Globals.swift

@@ -39,7 +39,7 @@ fileprivate let httpClient = HTTPClient(
 internal func http(request: HTTPRequest) async throws -> HTTPRequest.Response {
     let httpRequest = try Request(from: request)
     var deadline: NIODeadline? {
-        return request.terminateAfter != nil ? .now() + request.terminateAfter! : nil
+        return request.timeoutAfter != nil ? .now() + request.timeoutAfter! : nil
     }
 
     return try await withCheckedThrowingContinuation { continuation in

Sources/SwAuth/HTTPRequest.swift

@@ -34,8 +34,8 @@ HTTP load request.
  */
 public struct HTTPRequest {
     // MARK: - Properties
-    /// The server endpoint to which the HTTP request will be sent. Is initialized.
-    public var endpoint: URL
+    /// The server endpoint URL to which the HTTP request will be sent. Is initialized.
+    public let endpoint: URL
     /// Query items to add to the endpoint URL.
     public var endpointQueryItems: [String: String]?
 
@@ -58,14 +58,16 @@ public struct HTTPRequest {
     /// Any additional HTTP header values besides "Authentication" and "Content-Type".
     public var additionalHTTPHeaders: [String: String]?
 
-    /// Set the amount of time allowed for the request to complete before it terminates.
+    /// Set the amount of time allowed for the request to complete before it times out.
     ///
     /// By default, all requests are set to automatically timeout after 5 seconds of attempting to connect. Setting this property
     /// will void that default behavior. If the request has not been completed after the amount of time set by this property, it
     /// will terminate.
     ///
-    /// example: `.seconds(10)`
-    public var terminateAfter: TimeAmount?
+    /// Suppports nanoseconds, microseconds, milliseconds, seconds, minutes, hours.
+    ///
+    /// examples: `.seconds(10)`
+    public var timeoutAfter: TimeAmount?
 
     // MARK: - Method
     /// Returns the httpBody as Data and with the proper encoding specified by
@@ -97,7 +99,7 @@ public struct HTTPRequest {
     /// See Also:
     /// - ``init(endpoint:withBody:bodyEncoding:)``
     ///
-    /// - Parameter endpoint: The server endpoint to which the HTTP request will be sent.
+    /// - Parameter endpoint: The server endpoint URL to which the HTTP request will be sent.
     public init(endpoint: URL) {
         self.endpoint = endpoint
     }
@@ -106,7 +108,7 @@ public struct HTTPRequest {
     /// Calls ``init(endpoint:)``, and also initializes ``httpBody`` and ``bodyEncoding``.
     ///
     /// - Parameters:
-    ///    - endpoint: The server endpoint to which the HTTP request will be sent.
+    ///    - endpoint: The server endpoint URL to which the HTTP request will be sent.
     ///    - withBody: The body of the HTTP request.
     ///    - bodyEncoding: The ``RequestBodyEncoding``  type of the request body.
     public init(endpoint: URL,

Sources/SwAuth/PKCEAuthorizationFlow.swift

@@ -139,7 +139,7 @@ open class PKCEAuthorizationFlow: Swauthable {
     /// See ``tokenRequestParams`` for the provided parameters.
     open var additionalTokenRequestParams: [String: String]?
 
-    /// **Ignore if the web API does not provide a refresh token.**
+    /// **Ignore if the Web API does not provide a refresh token.**
     /// Any additional HTTP body parameters for the token refresh request. The key/value pairs for
     /// "refresh\_token" and "grant\_type" are handled internally when a
     /// ``Swauthable/authenticatedRequest(for:numberOfRetries:)``
@@ -149,7 +149,7 @@ open class PKCEAuthorizationFlow: Swauthable {
     /// Some servers may use a different key for their authorization header's token type than the one
     /// provided by the token request response.
     ///
-    /// For example, ``Github`` uses "token", however their token response type is "bearer".
+    /// For example, Github uses "token", however their token response type is "bearer".
     open var authHeaderTokenType: String?
 
     // MARK: - Methods

Sources/SwAuth/SwAuth Documentation.docc/AuthorizationCodeFlow.md

@@ -2,7 +2,7 @@
 
 ## Getting Started
 
-To use the Authorization Code Flow, first create an instance of Keychain and then create an instance of AuthorizationCodeFlow by filling in the information of the WebAPI you wish to utilize. Spotify will be used as an example.
+To use the Authorization Code Flow, first create an instance of Keychain and then create an instance of AuthorizationCodeFlow by filling in the information of the Web API you wish to utilize. Spotify will be used as an example.
 
 ```swift
 let keychain = Keychain(service: "com.your.bundleID",
@@ -22,7 +22,7 @@ I can now get the authorization URL my user will follow like so:
 let authURL = spotify.authorizationURL
 ```
 
-SwiftUI users, I recommend using [BetterSafariView](https://github.com/stleamist/BetterSafariView) for following the authorization URL.
+SwiftUI users, I recommend using [BetterSafariView's](https://github.com/stleamist/BetterSafariView) ASWebAuthenticationSession for following the authorization URL.
 
 Assuming the user authorizes your application, pass the callback URL into ``authorizationResponseHandler(for:)`` (but of course take into account proper error handling):
 

Sources/SwAuth/SwAuth Documentation.docc/Choosing the right Authorization Flow.md

@@ -0,0 +1,19 @@
+# Choosing the Right Authorization Flow.
+
+SwAuth provides 3 different OAuth 2.0 authorization flows to use: ``AuthorizationCodeFlow``, ``PKCEAuthorizationFlow``, and ``DeviceAuthorizationFlow``. Choosing which one to use and in what context can be difficult.
+
+## AuthorizationCodeFlow
+
+The ``AuthorizationCodeFlow`` is the most widely supported OAuth 2.0 flow since it is the basic OAuth 2.0 specification. It is used for devices that are not input-constrained (like on iOS, iPadOS, and macOS). However, it should be avoided if at all possible. As the warning I wrote in it's respective documentation states, "The OAuth 2.0 Authorization Code Flow is not secure for native applications, it should only be used when ABSOLUTELY NECESSARY." The reason for this is that in a native app the client secret is included in the source, which you are compiling and distributing. Strings can be pretty easily extracted from compiled binaries, giving someone access to your client secret. Knowing the client secret would allow an attacker to exchange an intercepted authorization code for a token, giving the attacker access to your user's account 😳.
+
+Thus, if you are using SwAuth to send authorized requests to your server please implement [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636). I'm sure there is a library or framework that implements it for whatever language you are using server-side ([here's one for Node.js](https://github.com/panva/node-oidc-provider)). If it is not your server, contact the owner and ask about implementing PKCE. If all else fails you may be forced to use the ``AuthorizationCodeFlow``, in which case I'd recommend using some sort of obfuscation and encryption technique for the client secret (at a minimum don't just have a client secret as a plain string). Obfuscation isn't very secure but it's better than nothing.
+
+## PKCEAuthorizationFlow
+
+Much like the AuthorizationCodeFlow, the ``PKCEAuthorizationFlow`` is used for devices that are not input-constrained (like iOS, iPadOS, and macOS). Unlike the AuthorizationCodeFlow, the PKCE Authorization Code Flow is safe for use in native applications (the spec was created for such purpose). No need to provide the client secret, with PKCE (Proof Key for Code Exchange) an attacker in possesion of an intercepted Authorization Code can't exchange it for a token unless they have the on-device-cryptographically-generated code verifer. 
+
+The downside is that the Proof Key for Code Exchange extension to the OAuth 2.0 Authorization Code Grant needs to be supported by the Web API you are trying to send requests to. If you own the server, great! implement [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636) and/or find a server-side framework or library that implements it ([again, here's one for Node.js](https://github.com/panva/node-oidc-provider)). Otherwise, ask the owner to implement it.
+
+## DeviceAuthorizationFlow
+
+The ``DeviceAuthorizationFlow`` is used for use on devices that are input-constrained (like watchOS and tvOS). If the Web API you are trying to send requests to does not support the  Device Authorization Grant ask the owner. If you own the server implement it or use a server-side library/framework that supports it.

Sources/SwAuth/SwAuth Documentation.docc/Choosing which Authorization Flow to Use and When.md

@@ -2,7 +2,7 @@
 
 ## Getting Started
 
-To use the Device Authorization Grant Flow, first create an instance of Keychain and then create an instance of DeviceAuthorizationFlow by filling in the information of the WebAPI you wish to utilize. Google's TV API will be used as an example.
+To use the Device Authorization Grant Flow, first create an instance of Keychain and then create an instance of DeviceAuthorizationFlow by filling in the information of the Web API you wish to utilize. Google's TV authentication will be used as an example.
 
 ```swift
 let keychain = Keychain(service: "com.your.bundleID",