项目标题与描述
AppAuth-iOS 是一个客户端 SDK,用于与 OAuth 2.0 和 OpenID Connect 提供者通信。它遵循 RFC 8252 - OAuth 2.0 for Native Apps 中的最佳实践,包括在 iOS 上使用 SFAuthenticationSession 和 SFSafariViewController 进行授权请求。
功能特性
- 支持以下标准:
- OAuth 2.0
- Proof Key for Code Exchange by OAuth Public Clients (PKCE)
- OAuth 2.0 for Native Apps
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0
- 提供对授权流程的完整控制
- 支持自动和手动代码交换
- 支持令牌刷新
- 提供用户信息 API 调用
- 支持 tvOS 和 macOS 平台
- 支持多种认证方式,包括自定义浏览器
安装指南
使用 CocoaPods 安装
在 Podfile 中添加以下内容:
pod 'AppAuth'
然后运行:
pod install
使用 Carthage 安装
在 Cartfile 中添加:
github "openid/AppAuth-iOS"
然后运行:
carthage bootstrap
系统要求
- iOS 12.0 或更高版本
- macOS 10.12 或更高版本
- tvOS 10.0 或更高版本
使用说明
基本使用示例
以下是一个基本的授权流程示例:
// 配置授权请求
OIDServiceConfiguration *configuration =
[[OIDServiceConfiguration alloc]
initWithAuthorizationEndpoint:authorizationEndpoint
tokenEndpoint:tokenEndpoint];
OIDAuthorizationRequest *request =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:kClientID
clientSecret:kClientSecret
scopes:@[OIDScopeOpenID, OIDScopeProfile]
redirectURL:kRedirectURI
responseType:OIDResponseTypeCode
additionalParameters:nil];
// 执行授权请求
id<OIDExternalUserAgentSession> session =
[OIDAuthState authStateByPresentingAuthorizationRequest:request
presentingViewController:self
callback:^(OIDAuthState *_Nullable authState,
NSError *_Nullable error) {
if (authState) {
NSLog(@"Got authorization tokens. Access token: %@",
authState.lastTokenResponse.accessToken);
} else {
NSLog(@"Authorization error: %@", [error localizedDescription]);
}
}];
典型使用场景
- 初始化配置:
completion:^(OIDServiceConfiguration *_Nullable configuration, NSError *_Nullable error) {
if (!configuration) {
NSLog(@"Error retrieving discovery document: %@", [error localizedDescription]);
return;
}
// 使用配置进行授权请求
}];
- 令牌刷新:
[authState performActionWithFreshTokens:^(NSString *_Nullable accessToken,
NSString *_Nullable idToken,
NSError *_Nullable error) {
if (error) {
NSLog(@"Error fetching fresh tokens: %@", [error localizedDescription]);
return;
}
// 使用新的访问令牌
}];
核心代码
授权请求处理
// OIDAuthorizationRequest.h
@interface OIDAuthorizationRequest : NSObject <NSCopying, NSSecureCoding>
@property(nonatomic, readonly) OIDServiceConfiguration *configuration;
@property(nonatomic, readonly) NSString *clientID;
@property(nonatomic, readonly, nullable) NSString *clientSecret;
@property(nonatomic, readonly, nullable) NSArray<NSString *> *scopes;
@property(nonatomic, readonly) NSURL *redirectURL;
@property(nonatomic, readonly) NSString *responseType;
@property(nonatomic, readonly, nullable) NSString *state;
@property(nonatomic, readonly, nullable) NSString *nonce;
@property(nonatomic, readonly, nullable) NSDictionary<NSString *, NSString *> *additionalParameters;
- (NSURL *)authorizationRequestURL;
@end
令牌响应处理
// OIDTokenResponse.h
@interface OIDTokenResponse : NSObject <NSCopying, NSSecureCoding>
@property(nonatomic, readonly) OIDTokenRequest *request;
@property(nonatomic, readonly, nullable) NSString *accessToken;
@property(nonatomic, readonly, nullable) NSString *tokenType;
@property(nonatomic, readonly, nullable) NSDate *expiresIn;
@property(nonatomic, readonly, nullable) NSString *idToken;
@property(nonatomic, readonly, nullable) NSString *refreshToken;
@property(nonatomic, readonly, nullable) NSDictionary<NSString *, NSString *> *additionalParameters;
@end
授权状态管理
// OIDAuthState.h
@interface OIDAuthState : NSObject <NSCopying, NSSecureCoding>
@property(nonatomic, readonly, nullable) OIDAuthorizationResponse *lastAuthorizationResponse;
@property(nonatomic, readonly, nullable) OIDTokenResponse *lastTokenResponse;
@property(nonatomic, readonly, nullable) NSString *refreshToken;
@property(nonatomic, readonly, nullable) NSError *authorizationError;
@property(nonatomic, readonly) BOOL isAuthorized;
- (void)performActionWithFreshTokens:(OIDAuthStateAction)action;
@end
更多精彩内容 请关注我的个人公众号 公众号(办公AI智能小助手)
公众号二维码
扫一扫
1376
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
