openid
diff --git a/‎.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata‎
Lines changed: 7 additions & 0 deletions b/‎.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎Package.swift‎
Lines changed: 7 additions & 2 deletions b/‎Package.swift‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎Source/AppAuth/iOS/OIDAuthorizationService+IOS.h‎
Lines changed: 26 additions & 0 deletions b/‎Source/AppAuth/iOS/OIDAuthorizationService+IOS.h‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎Source/AppAuth/iOS/OIDAuthorizationService+IOS.m‎
Lines changed: 23 additions & 0 deletions b/‎Source/AppAuth/iOS/OIDAuthorizationService+IOS.m‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎Source/AppAuth/iOS/OIDExternalUserAgentIOS.h‎
Lines changed: 22 additions & 9 deletions b/‎Source/AppAuth/iOS/OIDExternalUserAgentIOS.h‎
Lines changed: 22 additions & 9 deletions
diff --git a/‎Source/AppAuth/iOS/OIDExternalUserAgentIOS.m‎
Lines changed: 43 additions & 10 deletions b/‎Source/AppAuth/iOS/OIDExternalUserAgentIOS.m‎
Lines changed: 43 additions & 10 deletions
diff --git a/‎UnitTests/AppAuth/OIDExternUserAgentIOSTests.m‎
Lines changed: 131 additions & 0 deletions b/‎UnitTests/AppAuth/OIDExternUserAgentIOSTests.m‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎UnitTests/OIDAppAuthTests-Bridging-Header.h‎ renamed to ‎UnitTests/AppAuthCore/OIDAppAuthTests-Bridging-Header.h‎ b/‎UnitTests/OIDAppAuthTests-Bridging-Header.h‎ renamed to ‎UnitTests/AppAuthCore/OIDAppAuthTests-Bridging-Header.h‎
diff --git a/‎UnitTests/OIDAuthStateTests.h‎ renamed to ‎UnitTests/AppAuthCore/OIDAuthStateTests.h‎ b/‎UnitTests/OIDAuthStateTests.h‎ renamed to ‎UnitTests/AppAuthCore/OIDAuthStateTests.h‎
diff --git a/‎UnitTests/OIDAuthStateTests.m‎ renamed to ‎UnitTests/AppAuthCore/OIDAuthStateTests.m‎ b/‎UnitTests/OIDAuthStateTests.m‎ renamed to ‎UnitTests/AppAuthCore/OIDAuthStateTests.m‎
@@ -67,13 +67,18 @@ let package = Package(
         .testTarget(
             name: "AppAuthCoreTests",
             dependencies: ["AppAuthCore"],
-            path: "UnitTests",
+            path: "UnitTests/AppAuthCore",
             exclude: ["OIDSwiftTests.swift", "AppAuthTV"]
         ),
+        .testTarget(
+            name: "AppAuthTests",
+            dependencies: ["AppAuth", "AppAuthCore"],
+            path: "UnitTests/AppAuth"
+        ),
         .testTarget(
             name: "AppAuthCoreSwiftTests",
             dependencies: ["AppAuthCore"],
-            path: "UnitTests",
+            path: "UnitTests/AppAuthCore",
             sources: ["OIDSwiftTests.swift"]
         ),
         .testTarget(
 
@@ -60,6 +60,32 @@ NS_ASSUME_NONNULL_BEGIN
      prefersEphemeralSession:(BOOL)prefersEphemeralSession
                     callback:(OIDAuthorizationCallback)callback API_AVAILABLE(ios(13));
 
+/*! @brief Perform an authorization flow using the @c ASWebAuthenticationSession optionally using an
+        emphemeral browser session that shares no cookies or data with the normal browser session.
+    @param request The authorization request.
+    @param callback The method called when the request has completed or failed.
+    @return A @c OIDExternalUserAgentSession instance which will terminate when it
+        receives a @c OIDExternalUserAgentSession.cancel message, or after processing a
+        @c OIDExternalUserAgentSession.resumeExternalUserAgentFlowWithURL: message.
+ */
++ (id<OIDExternalUserAgentSession>)presentAuthorizationRequest:(OIDAuthorizationRequest *)request
+                                                      callback:(OIDAuthorizationCallback)callback;
+
+/*! @brief Perform an authorization flow using the @c ASWebAuthenticationSession optionally using an
+        emphemeral browser session that shares no cookies or data with the normal browser session.
+    @param request The authorization request.
+    @param prefersEphemeralSession Whether the caller prefers to use a private authentication
+        session. See @c ASWebAuthenticationSession.prefersEphemeralWebBrowserSession for more.
+    @param callback The method called when the request has completed or failed.
+    @return A @c OIDExternalUserAgentSession instance which will terminate when it
+        receives a @c OIDExternalUserAgentSession.cancel message, or after processing a
+        @c OIDExternalUserAgentSession.resumeExternalUserAgentFlowWithURL: message.
+ */
++ (id<OIDExternalUserAgentSession>)presentAuthorizationRequest:(OIDAuthorizationRequest *)request
+                                       prefersEphemeralSession:(BOOL)prefersEphemeralSession
+                                                      callback:(OIDAuthorizationCallback)callback
+    API_AVAILABLE(ios(13));
+
 @end
 
 NS_ASSUME_NONNULL_END
 
@@ -57,6 +57,29 @@ @implementation OIDAuthorizationService (IOS)
   return [self presentAuthorizationRequest:request externalUserAgent:externalUserAgent callback:callback];
 }
 
++ (id<OIDExternalUserAgentSession>)presentAuthorizationRequest:(OIDAuthorizationRequest *)request
+                                                      callback:(OIDAuthorizationCallback)callback {
+  return [self presentAuthorizationRequest:request
+                   prefersEphemeralSession:NO
+                                  callback:callback];
+}
+
++ (id<OIDExternalUserAgentSession>)presentAuthorizationRequest:(OIDAuthorizationRequest *)request
+                                       prefersEphemeralSession:(BOOL)prefersEphemeralSession
+                                                      callback:(OIDAuthorizationCallback)callback {
+  id<OIDExternalUserAgent> externalUserAgent;
+#if TARGET_OS_MACCATALYST
+  externalUserAgent = [[OIDExternalUserAgentCatalyst alloc]
+      initWithPrefersEphemeralSession:prefersEphemeralSession];
+#else // TARGET_OS_MACCATALYST
+  externalUserAgent = [[OIDExternalUserAgentIOS alloc]
+      initWithPrefersEphemeralSession:prefersEphemeralSession];
+#endif // TARGET_OS_MACCATALYST
+  return [self presentAuthorizationRequest:request
+                         externalUserAgent:externalUserAgent
+                                  callback:callback];
+}
+
 @end
 
 NS_ASSUME_NONNULL_END
 
@@ -34,21 +34,25 @@ NS_ASSUME_NONNULL_BEGIN
 API_UNAVAILABLE(macCatalyst)
 @interface OIDExternalUserAgentIOS : NSObject<OIDExternalUserAgent>
 
-- (nullable instancetype)init API_AVAILABLE(ios(11))
-    __deprecated_msg("This method will not work on iOS 13, use "
-                     "initWithPresentingViewController:presentingViewController");
+/*! @brief Create an external user-agent.
+    @discussion The specific authentication UI used depends on the iOS version and accessibility
+        options. iOS 8 uses the system browser, iOS 9-10 use @c SFSafariViewController, iOS 11 uses
+        @c SFAuthenticationSession (unless Guided Access is on which does not work) or uses
+        @c SFSafariViewController, and iOS 12+ uses @c ASWebAuthenticationSession (unless Guided
+        Access is on).
+ */
+- (nullable instancetype)init API_AVAILABLE(ios(11));
 
-/*! @brief The designated initializer.
+/*! @brief Create an external user-agent with the presenting view controller.
     @param presentingViewController The view controller from which to present the authentication UI.
     @discussion The specific authentication UI used depends on the iOS version and accessibility
         options. iOS 8 uses the system browser, iOS 9-10 use @c SFSafariViewController, iOS 11 uses
-        @c SFAuthenticationSession
-        (unless Guided Access is on which does not work) or uses @c SFSafariViewController, and iOS
-        12+ uses @c ASWebAuthenticationSession (unless Guided Access is on).
+        @c SFAuthenticationSession (unless Guided Access is on which does not work) or uses
+        @c SFSafariViewController, and iOS 12+ uses @c ASWebAuthenticationSession (unless Guided
+        Access is on).
  */
 - (nullable instancetype)initWithPresentingViewController:
-    (UIViewController *)presentingViewController
-    NS_DESIGNATED_INITIALIZER;
+    (UIViewController *)presentingViewController;
 
 /*! @brief Create an external user-agent which optionally uses a private authentication session.
     @param presentingViewController The view controller from which to present the browser.
@@ -62,6 +66,15 @@ API_UNAVAILABLE(macCatalyst)
                                   prefersEphemeralSession:(BOOL)prefersEphemeralSession
     API_AVAILABLE(ios(13));
 
+/*! @brief Create an external user-agent which optionally uses a private authentication session.
+    @param prefersEphemeralSession Whether the caller prefers to use a private authentication
+        session. See @c ASWebAuthenticationSession.prefersEphemeralWebBrowserSession for more.
+    @discussion Authentication is performed with @c ASWebAuthenticationSession (unless Guided Access
+        is on), setting the ephemerality based on the argument.
+ */
+- (nullable instancetype)initWithPrefersEphemeralSession:(BOOL)prefersEphemeralSession
+    API_AVAILABLE(ios(13));
+
 @end
 
 NS_ASSUME_NONNULL_END
 
@@ -56,21 +56,22 @@ @implementation OIDExternalUserAgentIOS {
 }
 
 - (nullable instancetype)init {
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wnonnull"
-  return [self initWithPresentingViewController:nil];
-#pragma clang diagnostic pop
+  self = [super init];
+  return self;
+}
+
+- (nullable instancetype)initWithPrefersEphemeralSession:(BOOL)prefersEphemeralSession {
+  self = [self init];
+  if (self) {
+    _prefersEphemeralSession = prefersEphemeralSession;
+  }
+  return self;
 }
 
 - (nullable instancetype)initWithPresentingViewController:
     (UIViewController *)presentingViewController {
-  self = [super init];
+  self = [self init];
   if (self) {
-#if __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
-    NSAssert(presentingViewController != nil,
-             @"presentingViewController cannot be nil on iOS 13");
-#endif // __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
-    
     _presentingViewController = presentingViewController;
   }
   return self;
@@ -93,6 +94,38 @@ - (BOOL)presentExternalUserAgentRequest:(id<OIDExternalUserAgentRequest>)request
     return NO;
   }
 
+  if (!_presentingViewController) {
+    // Find presentingViewController
+    if (@available(iOS 13.0, *)) {
+      NSSet<UIWindowScene *> *scenes =
+          (NSSet<UIWindowScene *> *)[UIApplication sharedApplication].connectedScenes;
+
+      NSMutableArray<UIWindow *> *windows = [NSMutableArray array];
+
+      for (UIWindowScene *scene in scenes) {
+        [windows addObjectsFromArray:scene.windows];
+      }
+
+      for (UIWindow *window in windows) {
+        if (window.isKeyWindow) { // False if calling before window appears
+          UIWindow *keyWindow = window;
+          _presentingViewController = keyWindow.rootViewController;
+          break;
+        }
+      }
+    } else {
+      // ≤ iOS 12.X
+      NSArray<UIWindow *> *windows = UIApplication.sharedApplication.windows;
+      NSPredicate *keyWindowPredicate = [NSPredicate predicateWithFormat:@"keyWindow == YES"];
+      UIWindow *keyWindow = [windows filteredArrayUsingPredicate:keyWindowPredicate].firstObject;
+      _presentingViewController = keyWindow.rootViewController;
+    }
+    if (!_presentingViewController) {
+      // Unable to find a presentingViewController; perhaps because no window is key and visible
+      return NO;
+    }
+  }
+
   _externalUserAgentFlowInProgress = YES;
   _session = session;
   BOOL openedUserAgent = NO;
 
@@ -0,0 +1,131 @@
+//
+//  OIDExternalUserAgentIOSTests.m
+//  
+//
+//  Created by Matt Mathias on 1/11/23.
+//
+
+#import <XCTest/XCTest.h>
+
+#if SWIFT_PACKAGE
+@import AppAuth;
+@import AppAuthCore;
+#else
+#import "Source/AppAuth/iOS/OIDExternalUserAgentIOS.h"
+#import "Source/AppAuthCore/OIDAuthorizationRequest.h"
+#import "Source/AppAuthCore/OIDAuthorizationService.h"
+#endif
+
+/*! @brief Test value for the @c clientID property.
+ */
+static NSString *const kTestClientID = @"ClientID";
+
+/*! @brief Test value for the @c clientID property.
+ */
+static NSString *const kTestClientSecret = @"ClientSecret";
+
+/*! @brief Test key for the @c additionalParameters property.
+ */
+static NSString *const kTestAdditionalParameterKey = @"A";
+
+/*! @brief Test value for the @c additionalParameters property.
+ */
+static NSString *const kTestAdditionalParameterValue = @"1";
+
+/*! @brief Test value for the @c scope property.
+ */
+static NSString *const kTestScope = @"Scope";
+
+/*! @brief Test value for the @c scope property.
+ */
+static NSString *const kTestScopeA = @"ScopeA";
+
+/*! @brief Test value for the @c redirectURL property.
+ */
+static NSString *const kTestRedirectURL = @"http://www.google.com/";
+
+/*! @brief Test value for the @c state property.
+ */
+static NSString *const kTestState = @"State";
+
+/*! @brief Test value for the @c responseType property.
+ */
+static NSString *const kTestResponseType = @"code";
+
+/*! @brief Test value for the @c nonce property.
+ */
+static NSString *const kTestNonce = @"Nonce";
+
+/*! @brief Test value for the @c codeVerifier property.
+ */
+static NSString *const kTestCodeVerifier = @"code verifier";
+
+/*! @brief Test value for the @c authorizationEndpoint property.
+ */
+static NSString *const kInitializerTestAuthEndpoint = @"https://www.example.com/auth";
+
+/*! @brief Test value for the @c tokenEndpoint property.
+ */
+static NSString *const kInitializerTestTokenEndpoint = @"https://www.example.com/token";
+
+/*! @brief Test value for the @c tokenEndpoint property.
+ */
+static NSString *const kInitializerTestRegistrationEndpoint =
+    @"https://www.example.com/registration";
+
+@interface OIDExternalUserAgentIOSTests : XCTestCase
+
+@end
+
+@implementation OIDExternalUserAgentIOSTests
+
+- (void)testThatPresentExternalUserAgentRequestReturnsNoWhenMissingPresentingViewController {
+  OIDExternalUserAgentIOS *userAgent = [[OIDExternalUserAgentIOS alloc] init];
+  OIDAuthorizationRequest *authRequest = [[self class] authorizationRequestTestInstance];
+  [OIDAuthorizationService presentAuthorizationRequest:authRequest externalUserAgent:userAgent callback:^(OIDAuthorizationResponse * _Nullable authorizationResponse, NSError * _Nullable error) {
+    XCTAssertNotNil(error);
+    XCTAssertEqual(error.code, OIDErrorCodeSafariOpenError);
+    XCTAssertEqualObjects(error.localizedDescription, @"Unable to open Safari.");
+  }];
+}
+
++ (OIDAuthorizationRequest *)authorizationRequestTestInstance {
+  NSDictionary *additionalParameters =
+      @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue };
+  OIDServiceConfiguration *configuration = [[self class] serviceConfigurationTestInstance];
+  OIDAuthorizationRequest *request =
+      [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
+                      clientId:kTestClientID
+                  clientSecret:kTestClientSecret
+                         scope:[OIDScopeUtilities scopesWithArray:@[ kTestScope, kTestScopeA ]]
+                   redirectURL:[NSURL URLWithString:kTestRedirectURL]
+                  responseType:kTestResponseType
+                         state:kTestState
+                         nonce:kTestNonce
+                  codeVerifier:kTestCodeVerifier
+                 codeChallenge:[[self class] codeChallenge]
+           codeChallengeMethod:[[self class] codeChallengeMethod]
+          additionalParameters:additionalParameters];
+  return request;
+}
+
++ (OIDServiceConfiguration *)serviceConfigurationTestInstance {
+  NSURL *authEndpoint = [NSURL URLWithString:kInitializerTestAuthEndpoint];
+  NSURL *tokenEndpoint = [NSURL URLWithString:kInitializerTestTokenEndpoint];
+  NSURL *registrationEndpoint = [NSURL URLWithString:kInitializerTestRegistrationEndpoint];
+  OIDServiceConfiguration *configuration =
+      [[OIDServiceConfiguration alloc] initWithAuthorizationEndpoint:authEndpoint
+                                                       tokenEndpoint:tokenEndpoint
+                                                registrationEndpoint:registrationEndpoint];
+  return configuration;
+}
+
++ (NSString *)codeChallenge {
+  return [OIDAuthorizationRequest codeChallengeS256ForVerifier:kTestCodeVerifier];
+}
+
++ (NSString *)codeChallengeMethod {
+  return OIDOAuthorizationRequestCodeChallengeMethodS256;
+}
+
+@end