Skip to content

sonderformat-llc/fusionauth-swift-sdk

Repository files navigation

Latest Release Tag Dependabot Open PRs

An SDK for using FusionAuth in iOS Apps.

Table of Contents

Overview

This SDK allows you to use OAuth 2.0 and OpenId Connect functionality in an iOS app with FusionAuth as the authorization server. It also provides a Token Manager to store, refresh, and retrieve tokens.

It's a highly standardized and simplified starting point for developers to easily integrate FusionAuth into their own custom mobile apps by taking care of all the dependencies.

Following OAuth 2.0 and OpenID Connect functionality are covered:

  • OAuth 2.0 Authorization Code Grant
  • OAuth 2.0 Refresh Token Grant
  • OpenID Connect UserInfo
  • OpenID Connect End Session

AppAuth-iOS is used for the OAuth 2.0 Authorization Code Grant flow and OpenID Connect functionality.

The SDK is written in Swift and compatible with Object-C.

Getting Started

To use the FusionAuth iOS SDK, add this repository as a dependency.

By default the SDK uses the FusionAuth.plist file in the main bundle to read the configuration. The file should contain the following keys:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>additionalScopes</key>
    <array>
        <string>profile</string>
        <string>email</string>
    </array>
    <key>fusionAuthUrl</key>
    <string>http://localhost:9011</string>
    <key>clientId</key>
    <string>e9fdb985-9173-4e01-9d73-ac2d60d1dc8e</string>
</dict>
</plist>

Then, initialize the AuthorizationManager in the init func of your app:

@main
struct QuickstartApp: App {
    init() {
        AuthorizationManager.instance.initialize()
    }
}

By default, the SDK uses the MemoryStorage for storing tokens. You can use one of the other available mechanisms KeyChainStorageor UserDefaultsStorageby e.g. adding thestoragekey with the valuekeychainoruserdefaults`.

As a alternative, you can also use the initialize function to provide the configuration:

@main
struct QuickstartApp: App {
    init() {
        AuthorizationManager.instance.initialize(configuration: AuthorizationConfiguration(
            clientId: "e9fdb985-9173-4e01-9d73-ac2d60d1dc8e",
            fusionAuthUrl: "http://localhost:9011",
            additionalScopes: ["email", "profile"]))
    }
}

Finally, instruct the app to handle the callback from the browser:

@main
struct QuickstartApp: App {
    init() {
        AuthorizationManager.instance.initialize()
    }

    var body: some Scene {
        WindowGroup {
            ContentView()
                .onOpenURL { url in
                    OAuthAuthorization.resume(with: url)
                }
        }
    }
}

Usage

To start the OAuth 2.0 Authorization Code Grant, you can use the oauth() function on the AuthorizationManager to retrieve the OAuthAuthorizationService:

do {
    try await AuthorizationManager
        .oauth()
        .authorize(options: OAuthAuthorizeOptions())
} catch let error as NSError {
    print("Error: \(error.localizedDescription)")
}

The authorize method will open the Safari browser and redirect to the FusionAuth login page. After successful login, the user will be redirected back to the app with the authorization code. The SDK will exchange the authorization code for an access token and refresh token.

This will retrieve the authorization response, validates the state if it was provided, and exchanges the authorization code for an access token. The result of the exchange will be stored in the TokenManager.

After the user is authorized, you can use getUserInfo() to retrieve the User Info:

do {
    self.userInfo = try await AuthorizationManager
        .oauth()
        .userInfo()
} catch let error as NSError {
    print("JSON decode failed: \(error.localizedDescription)")
}

To call your API with an access token, you can use the AuthorizationManager to retrieve a valid access token:

let accessToken = AuthorizationManager.oauth().freshAccessToken()

This will retrieve a fresh access token from the TokenManager and return it. If the access token is expired, the TokenManager will refresh it automatically.

Finally, you can use the AuthorizationManager to sign out the user and remove the tokens from the TokenManager:

do {
    try await AuthorizationManager
        .oauth()
        .logout(options: OAuthLogoutOptions())
} catch let error as NSError {
    print("Error: \(error.localizedDescription)")
}

If the user is signed out, the auth state will be cleared.

Example App

See the FusionAuth iOS SDK Example for a functional example of an iOS client that uses the SDK.

Quickstart

See the FusionAuth iOS Quickstart for a full tutorial on using FusionAuth and iOS.

Documentation

See the latest Full library documentation for the complete documentation of the SDK.

Upgrade Policy

This library may periodically receive updates with bug fixes, security patches, tests, code samples, or documentation changes.

These releases may also update dependencies, language engines, and operating systems, as we'll follow the deprecation and sunsetting policies of the underlying technologies that the libraries use.

This means that after a dependency (e.g. language, framework, or operating system) is deprecated by its maintainer, this library will also be deprecated by us, and may eventually be updated to use a newer version.

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages