-
Notifications
You must be signed in to change notification settings - Fork 259
Add support for Multi-Resource Refresh Token (MRRT) #912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Changes from 30 commits
Commits
Show all changes
47 commits
Select commit
Hold shift + click to select a range
4938e22
Add support for MRRT to the Credentials Manager
Widcket 57d5547
Rename internal key params
Widcket 51181ef
Use a separate `APICredentials` model and methods
Widcket 21fe14a
Update the ID and refresh tokens of the stored app credentials
Widcket 477142b
Remove `exchangeFailed` error
Widcket 8cfc3ee
Allow to force renew API credentials by requesting different scopes
Widcket bde5ca9
Make `scope` optional
Widcket 778ad02
Remove empty file
Widcket f99182a
Update network stubs in API client tests
Widcket 19d6778
Merge branch 'poc/mrrt' into feat/mrrt
Widcket a89b042
Add API docs
Widcket dac40f0
Make `store(apiCredentials:forAudience:)` internal
Widcket e5c7b68
Update API docs
Widcket 7a57905
Add `apiExchangeFailed` case to `CredentialsManagerError`
Widcket 21640c1
Fix typos in API docs
Widcket 535d960
Update EXAMPLE.md
Widcket 21f986f
Use correct arg in test response
Widcket 81b9b03
Remove unnecessary matcher
Widcket e5cb516
Add assert to test
Widcket 08427ad
Use correct assert in test
Widcket 733d2c6
Remove unnecessary matcher
Widcket d3053c2
Store `APICredentials` expiry as seconds since epoch
Widcket 5190507
Update API docs
Widcket 717d675
Encapsulate encoding/decoding logic inside `APICredentials`
Widcket e36ece5
Merge branch 'master' into feat/mrrt
Widcket e8b06bd
Remove duplicated test case
Widcket 398a0af
Merge branch 'feat/mrrt' of github.com:auth0/Auth0.swift into feat/mrrt
Widcket d120b67
Add `@preconcurrency` to test import
Widcket f0831da
Capture the credentials manager instance in async/await tests
Widcket 2918945
Increase timeout for `SFSafariViewController` tests
Widcket 0c50ef2
Merge branch 'master' into feat/mrrt
Widcket 2363b23
Merge branch 'master' into feat/mrrt
Widcket 7eac85f
Merge branch 'master' into feat/mrrt
Widcket 97fb086
Update broken API docs URLs
Widcket 774a4c6
Merge branch 'master' into feat/mrrt
Widcket 6ce73bd
Merge branch 'master' into feat/mrrt
Widcket 704e7c1
Update docs page URL for revoke endpoint
Widcket 8fc2547
Merge branch 'feat/mrrt' of github.com:auth0/Auth0.swift into feat/mrrt
Widcket be17ba0
Merge branch 'master' into feat/mrrt
Widcket 1024f25
Merge branch 'master' into feat/mrrt
Widcket dae1756
Merge branch 'master' into feat/mrrt
Widcket 6aa3f62
Merge branch 'master' into feat/mrrt
Widcket a9bc1b9
Fix merge mishap
Widcket f7d233c
Make `scope` non-optional and use synthetic Codable conformance
Widcket 9d52b5c
Merge branch 'master' into feat/mrrt
Widcket 5e1be0f
Address TODOs from previously merged PRs
Widcket 954499b
Merge branch 'master' into feat/mrrt
Widcket File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| import Foundation | ||
|
|
||
| private struct _A0APICredentials { | ||
| let accessToken: String | ||
| let tokenType: String | ||
| let expiresIn: Date | ||
| let scope: String? | ||
| } | ||
|
|
||
| /// User's credentials obtained from Auth0 for a specific API as the result of exchanging a refresh token. | ||
| public struct APICredentials: CustomStringConvertible { | ||
|
|
||
| /// Token that can be used to make authenticated requests to the API. | ||
| /// | ||
| /// ## See Also | ||
| /// | ||
| /// - [Access Tokens](https://auth0.com/docs/secure/tokens/access-tokens) | ||
| public let accessToken: String | ||
|
|
||
| /// Indicates how the access token should be used. For example, as a bearer token. | ||
| public let tokenType: String | ||
|
|
||
| /// When the access token expires. | ||
| public let expiresIn: Date | ||
|
|
||
| /// The scopes that have been granted by Auth0. | ||
| /// | ||
| /// ## See Also | ||
| /// | ||
| /// - [Scopes](https://auth0.com/docs/get-started/apis/scopes) | ||
| public let scope: String? | ||
|
|
||
| /// Custom description that redacts the access token with `<REDACTED>`. | ||
| public var description: String { | ||
| let redacted = "<REDACTED>" | ||
| let values = _A0APICredentials(accessToken: redacted, | ||
| tokenType: self.tokenType, | ||
| expiresIn: self.expiresIn, | ||
| scope: self.scope) | ||
| return String(describing: values).replacingOccurrences(of: "_A0APICredentials", with: "APICredentials") | ||
| } | ||
|
|
||
| // MARK: - Initializer | ||
|
|
||
| /// Default initializer. | ||
| public init(accessToken: String, | ||
| tokenType: String, | ||
| expiresIn: Date, | ||
| scope: String? = nil) { | ||
| self.accessToken = accessToken | ||
| self.tokenType = tokenType | ||
| self.expiresIn = expiresIn | ||
| self.scope = scope | ||
| } | ||
| } | ||
|
|
||
| // MARK: - Codable | ||
|
|
||
| extension APICredentials: Codable { | ||
|
|
||
| enum CodingKeys: String, CodingKey { | ||
| case accessToken = "access_token" | ||
| case tokenType = "token_type" | ||
| case expiresIn = "expires_in" | ||
| case scope | ||
| } | ||
|
|
||
| private static let jsonEncoder: JSONEncoder = { | ||
| let encoder = JSONEncoder() | ||
| encoder.dateEncodingStrategy = .secondsSince1970 | ||
| return encoder | ||
| }() | ||
|
|
||
| private static let jsonDecoder: JSONDecoder = { | ||
| let decoder = JSONDecoder() | ||
| decoder.dateDecodingStrategy = .secondsSince1970 | ||
| return decoder | ||
| }() | ||
|
|
||
| internal func encode() throws -> Data { | ||
| return try Self.jsonEncoder.encode(self) | ||
| } | ||
|
|
||
| internal init(from data: Data) throws { | ||
| self = try Self.jsonDecoder.decode(Self.self, from: data) | ||
| } | ||
|
|
||
| /// `Encodable` initializer. | ||
| public func encode(to encoder: Encoder) throws { | ||
| var container = encoder.container(keyedBy: CodingKeys.self) | ||
|
|
||
| try container.encode(accessToken, forKey: .accessToken) | ||
| try container.encode(tokenType, forKey: .tokenType) | ||
| try container.encode(expiresIn, forKey: .expiresIn) | ||
| try container.encodeIfPresent(scope, forKey: .scope) | ||
| } | ||
|
|
||
| /// `Decodable` initializer. | ||
| public init(from decoder: Decoder) throws { | ||
| let values = try decoder.container(keyedBy: CodingKeys.self) | ||
|
|
||
| accessToken = try values.decode(String.self, forKey: .accessToken) | ||
| tokenType = try values.decode(String.self, forKey: .tokenType) | ||
| expiresIn = try values.decode(Date.self, forKey: .expiresIn) | ||
| scope = try values.decodeIfPresent(String.self, forKey: .scope) | ||
| } | ||
|
|
||
| } | ||
|
|
||
| // MARK: - Internal Initializer | ||
|
|
||
| extension APICredentials { | ||
|
|
||
| init(from credentials: Credentials) { | ||
| self.accessToken = credentials.accessToken | ||
| self.tokenType = credentials.tokenType | ||
| self.expiresIn = credentials.expiresIn | ||
| self.scope = credentials.scope | ||
| } | ||
|
|
||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're enforcing the
openidscope only when exchanging for API-specific credentials.