Merge branch 'master' into dependabot/github_actions/dot-github/actions/setup/ruby/setup-ruby-1.269.0

Author: NandanPrabhu

Auth0.xcodeproj/project.pbxproj

@@ -219,13 +219,13 @@ public func webAuth(clientId: String, domain: String, session: URLSession = .sha
 func plistValues(bundle: Bundle) -> (clientId: String, domain: String)? {
     guard let path = bundle.path(forResource: "Auth0", ofType: "plist"),
           let values = NSDictionary(contentsOfFile: path) as? [String: Any] else {
-            print("Missing Auth0.plist file with 'ClientId' and 'Domain' entries in main bundle!")
+            Auth0Log.error(.configuration, "Missing Auth0.plist file with 'ClientId' and 'Domain' entries in main bundle!")
             return nil
         }
 
     guard let clientId = values["ClientId"] as? String, let domain = values["Domain"] as? String else {
-            print("Auth0.plist file at \(path) is missing 'ClientId' and/or 'Domain' entries!")
-            print("File currently has the following entries: \(values)")
+            Auth0Log.error(.configuration, "Auth0.plist file at \(path) is missing 'ClientId' and/or 'Domain' entries!")
+            Auth0Log.debug(.configuration, "File currently has the following entries: \(String(describing: values))")
             return nil
         }
     return (clientId: clientId, domain: domain)

Auth0/Auth0.swift

@@ -0,0 +1,124 @@
+import Foundation
+import os.log
+
+// MARK: - Unified Logging System
+
+/// Represents different categories of logs within the SDK.
+enum LogCategory: String {
+    /// networkTracing category is used for  the network request and response traces
+    case networkTracing = "NetworkTracing"
+    /// configuration category is used for SDK configuration related logs
+    case configuration = "Configuration"
+}
+
+/// Log levels supported by the unified logging system.
+enum LogLevel {
+    /// Detailed information for debugging
+    case debug
+    /// General informational messages
+    case info
+    /// Warning messages for potentially problematic situations
+    case warning
+    /// Error messages for failures
+    case error
+    /// Critical system errors
+    case fault
+}
+
+/// Unified logging interface for the SDK.
+/// Provides a consistent, type-safe API for logging across all SDK components.
+enum Auth0Log {
+    
+    /// Shared logging service instance (can be replaced for testing).
+    static var loggingService: UnifiedLogging = OSUnifiedLoggingService()
+    
+    /// Centralized subsystem identifier for all Auth0 logs.
+    static var subsystem: String { OSUnifiedLoggingService.subsystem }
+    
+    /// Log a message with the specified category and level.
+    ///
+    /// Use this method for fine-grained control over logging. For common use cases,
+    /// prefer the convenience methods: `debug()`, `info()`, `warning()`, `error()`, `fault()`.
+    ///
+    /// - Parameters:
+    ///   - category: The log category for filtering and organization. See `LogCategory` for available categories.
+    ///   - level: The severity level of the log. Defaults to `.debug`. See `LogLevel` for available levels.
+    ///   - message: The message to log. Evaluated lazily via autoclosure for performance.
+    static func log(
+        _ category: LogCategory,
+        level: LogLevel = .debug,
+        message: String
+    ) {
+        loggingService.log(category, level: level, message: message)
+    }
+    
+    /// Log a debug message.
+    ///
+    /// Use for detailed information useful during development and debugging.
+    ///
+    /// - Parameters:
+    ///   - category: The log category for filtering
+    ///   - message: The message to log
+    static func debug(
+        _ category: LogCategory,
+        _ message: String
+    ) {
+        log(category, level: .debug, message: message)
+    }
+    
+    /// Log an informational message.
+    ///
+    /// Use for general informational messages about application state.
+    ///
+    /// - Parameters:
+    ///   - category: The log category for filtering
+    ///   - message: The message to log
+    static func info(
+        _ category: LogCategory,
+        _ message:  String
+    ) {
+        log(category, level: .info, message: message)
+    }
+    
+    /// Log a warning message.
+    ///
+    /// Use for potentially problematic situations that aren't errors.
+    ///
+    /// - Parameters:
+    ///   - category: The log category for filtering
+    ///   - message: The message to log
+    static func warning(
+        _ category: LogCategory,
+        _ message: String
+    ) {
+        log(category, level: .warning, message: message)
+    }
+    
+    /// Log an error message.
+    ///
+    /// Use for error conditions and failures that need attention.
+    ///
+    /// - Parameters:
+    ///   - category: The log category for filtering
+    ///   - message: The message to log
+    static func error(
+        _ category: LogCategory,
+        _ message: String
+    ) {
+        log(category, level: .error, message: message)
+    }
+    
+    /// Log a fault message for critical system errors.
+    ///
+    /// Use for serious errors that may cause data loss or application instability.
+    ///
+    /// - Parameters:
+    ///   - category: The log category for filtering
+    ///   - message: The message to log
+    static func fault(
+        _ category: LogCategory,
+        _ message: @autoclosure () -> String
+    ) {
+        log(category, level: .fault, message: message())
+    }
+}

Auth0/Auth0Log.swift

@@ -14,14 +14,21 @@ public protocol Logger {
 
 }
 
+private let networkTraceQueue = DispatchQueue(label: "com.auth0.networkTrace", qos: .utility)
+
 protocol LoggerOutput {
     func log(message: String)
     func newLine()
 }
 
 struct DefaultOutput: LoggerOutput {
-    func log(message: String) { print(message) }
-    func newLine() { print() }
+    func log(message: String) {
+        Auth0Log.debug(.networkTracing, message)
+    }
+    
+    func newLine() {
+        Auth0Log.debug(.networkTracing, "")
+    }
 }
 
 struct DefaultLogger: Logger {
@@ -33,31 +40,37 @@ struct DefaultLogger: Logger {
     }
 
     func trace(request: URLRequest, session: URLSession) {
-        guard let method = request.httpMethod, let url = request.url?.absoluteString else { return }
-        output.log(message: "\(method) \(url) HTTP/1.1")
-        session.configuration.httpAdditionalHeaders?.forEach { key, value in output.log(message: "\(key): \(value)") }
-        request.allHTTPHeaderFields?.forEach { key, value in output.log(message: "\(key): \(value)") }
-        if let data = request.httpBody, let string = String(data: data, encoding: .utf8) {
+        networkTraceQueue.async { [output] in
+            guard let method = request.httpMethod, let url = request.url?.absoluteString else { return }
+            output.log(message: "\(method) \(url) HTTP/1.1")
+            session.configuration.httpAdditionalHeaders?.forEach { key, value in output.log(message: "\(key): \(value)") }
+            request.allHTTPHeaderFields?.forEach { key, value in output.log(message: "\(key): \(value)") }
+            if let data = request.httpBody, let string = String(data: data, encoding: .utf8) {
+                output.newLine()
+                output.log(message: string)
+            }
             output.newLine()
-            output.log(message: string)
         }
-        output.newLine()
     }
 
     func trace(response: URLResponse, data: Data?) {
-        if let http = response as? HTTPURLResponse {
-            output.log(message: "HTTP/1.1 \(http.statusCode)")
-            http.allHeaderFields.forEach { key, value in output.log(message: "\(key): \(value)") }
-            if let data = data, let string = String(data: data, encoding: .utf8) {
+        networkTraceQueue.async { [output] in
+            if let http = response as? HTTPURLResponse {
+                output.log(message: "HTTP/1.1 \(http.statusCode)")
+                http.allHeaderFields.forEach { key, value in output.log(message: "\(key): \(value)") }
+                if let data = data, let string = SensitiveDataRedactor.redact(data) {
+                    output.newLine()
+                    output.log(message: "API Response: \(string)")
+                }
                 output.newLine()
-                output.log(message: string)
             }
-            output.newLine()
         }
     }
 
     func trace(url: URL, source: String?) {
-        output.log(message: "\(source ?? "URL"): \(url.absoluteString)")
+        networkTraceQueue.async { [output] in
+            output.log(message: "\(source ?? "URL"): \(url.absoluteString)")
+        }
     }
 
 }

Auth0/Logger.swift

@@ -0,0 +1,67 @@
+import Foundation
+import os.log
+
+// Avoid naming conflict with Auth0Logger protocol
+typealias OSLogger = os.Logger
+
+/// Protocol for unified logging operations.
+protocol UnifiedLogging {
+    /// Log a message with the specified parameters.
+    /// - Parameters:
+    ///   - category: The log category for filtering (e.g., `.networkTracing`, `.configuration`)
+    ///   - level: The severity level (`.debug`, `.info`, `.warning`, `.error`, `.fault`)
+    ///   - message: The message to log (lazy-evaluated via autoclosure)
+    func log(
+        _ category: LogCategory,
+        level: LogLevel,
+        message: @autoclosure () -> String
+    )
+}
+
+/// Production OSLog-based logging implementation.
+struct OSUnifiedLoggingService: UnifiedLogging {
+    
+    /// Internal marker class used to identify the SDK bundle.
+    private final class BundleMarker {}
+    
+    /// Centralized subsystem identifier for all Auth0 logs.
+    static let subsystem = Bundle(for: BundleMarker.self).bundleIdentifier ?? "com.auth0.Auth0"
+    
+    /// Cached loggers for each category to avoid repeated allocations.
+    private static let loggers: [LogCategory: OSLogger] = {
+        var loggers: [LogCategory: OSLogger] = [:]
+        loggers[.networkTracing] = OSLogger(subsystem: subsystem, category: LogCategory.networkTracing.rawValue)
+        loggers[.configuration] = OSLogger(subsystem: subsystem, category: LogCategory.configuration.rawValue)
+        return loggers
+    }()
+    
+    /// Logs a message with privacy redaction.
+    ///
+    /// All messages use `.private` privacy level, which means:
+    /// - **Debug/Info**: Never persisted to disk. Only visible during active debugging in Xcode Console.
+    /// - **Warning/Error/Fault**: Persisted to system logs but entire message is redacted as `<private>`
+    ///   when exported or viewed without debugger attached. Only visible unredacted during active debugging.
+
+    func log(
+        _ category: LogCategory,
+        level: LogLevel,
+        message: @autoclosure () -> String
+    ) {
+        guard let logger = Self.loggers[category] else { return }
+        
+        let messageString = message()
+        
+        switch level {
+        case .debug:
+            logger.debug("\(messageString, privacy: .private)")
+        case .info:
+            logger.info("\(messageString, privacy: .private)")
+        case .warning:
+            logger.warning("\(messageString, privacy: .private)")
+        case .error:
+            logger.error("\(messageString, privacy: .private)")
+        case .fault:
+            logger.fault("\(messageString, privacy: .private)")
+        }
+    }
+}

Auth0/OSUnifiedLoggingService.swift

@@ -121,9 +121,7 @@ public struct Request<T, E: Auth0APIError>: Requestable {
                 } else {
                     handle(.failure(error), callback)
                 }
-                print(error)
             } catch {
-                print(error)
                 handle(.failure(E(cause: error)), callback)
             }
         })

Auth0/Request.swift

@@ -0,0 +1,39 @@
+import Foundation
+
+/// Utility for redacting sensitive data from JSON responses.
+struct SensitiveDataRedactor {
+    
+    /// List of sensitive keys that should be redacted.
+    private static let sensitiveKeys: Set<String> = ["access_token", "id_token", "refresh_token"]
+    
+    /// Redacts sensitive fields from a JSON string in the response body.
+    ///
+    /// This is an additional safety check - even when debugger is connected, we don't log
+    /// access tokens, id tokens, and refresh tokens on Xcode console and live Console.app.
+    ///
+    /// Note: These logs are only for debugging purposes and never persisted in production.
+    ///
+    /// - Parameter data: The response data to redact.
+    /// - Returns: A JSON string with sensitive fields replaced by `<REDACTED>` if valid JSON, otherwise returns the data decoded as a UTF-8 string, or `nil` if decoding fails.
+    static func redact(_ data: Data) -> String? {
+        do {
+            // Attempt to parse as JSON
+            var jsonObject = try JSONSerialization.jsonObject(with: data, options: []) as? [String: Any]
+            
+            // Redact any sensitive keys present
+            sensitiveKeys.forEach { key in
+                if jsonObject?[key] != nil {
+                    jsonObject?[key] = "<REDACTED>"
+                }
+            }
+            
+            // Convert back to pretty-printed JSON string
+            let redactedData = try JSONSerialization.data(withJSONObject: jsonObject ?? [:], options: [.prettyPrinted])
+            return String(data: redactedData, encoding: .utf8) ?? "<REDACTED>"
+            
+        } catch {
+            // If not JSON, return try converting data to  string
+            return String(data: data, encoding: .utf8)
+        }
+    }
+}