项目标题与描述
AppAuth-iOS 是一个客户端 SDK,用于与 OAuth 2.0 和 OpenID Connect 提供者通信。它遵循 RFC 8252 - OAuth 2.0 for Native Apps 中的最佳实践,包括在 iOS 上使用 SFAuthenticationSession 和 SFSafariViewController 进行授权请求。
功能特性
- 支持以下标准:
-
- OAuth 2.0
-
- Proof Key for Code Exchange by OAuth Public Clients (PKCE)
-
- OAuth 2.0 for Native Apps
-
- OpenID Connect Core 1.0
-
- OpenID Connect Discovery 1.0
-
- OpenID Connect Dynamic Client Registration 1.0
-
- 提供对授权流程的完整控制
-
- 支持自动和手动代码交换
-
- 支持令牌刷新
-
- 提供用户信息 API 调用
-
- 支持 tvOS 和 macOS 平台
-
- 支持多种认证方式,包括自定义浏览器
安装指南
使用 CocoaPods 安装
在 Podfile 中添加以下内容:
pod 'AppAuth'
然后运行:
pod install
使用 Carthage 安装
在 Cartfile 中添加:
github "openid/AppAuth-iOS"
然后运行:
carthage bootstrap
系统要求
- iOS 12.0 或更高版本
-
- macOS 10.12 或更高版本
-
- tvOS 10.0 或更高版本
使用说明
基本使用示例
以下是一个基本的授权流程示例:
// 配置授权请求
OIDServiceConfiguration *configuration = [[OIDServiceConfiguration alloc] initWithAuthorizationEndpoint:authorizationEndpointtokenEndpoint:tokenEndpoint];OIDAuthorizationRequest *request =[[OIDAuthorizationRequest alloc] initWithConfiguration:configurationclientId:kClientIDclientSecret:kClientSecretscopes:@[OIDScopeOpenID, OIDScopeProfile]redirectURL:kRedirectURIresponseType:OIDResponseTypeCodeadditionalParameters:nil];// 执行授权请求
id<OIDExternalUserAgentSession> session =[OIDAuthState authStateByPresentingAuthorizationRequest:requestpresentingViewController:selfcallback:^(OIDAuthState *_Nullable authState, NSError *_Nullable error) {if (authState) {NSLog(@"Got authorization tokens. Access token: %@", authState.lastTokenResponse.accessToken);} else {NSLog(@"Authorization error: %@", [error localizedDescription]);}
}];
典型使用场景
- 初始化配置:
-
completion:^(OIDServiceConfiguration *_Nullable configuration, NSError *_Nullable error) {if (!configuration) {NSLog(@"Error retrieving discovery document: %@", [error localizedDescription]);return;}// 使用配置进行授权请求
}];
2. **令牌刷新**:
3. ```objective-c
4. [authState performActionWithFreshTokens:^(NSString *_Nullable accessToken,
5. NSString *_Nullable idToken,
6. NSError *_Nullable error) {
7. if (error) {
8. NSLog(@"Error fetching fresh tokens: %@", [error localizedDescription]);
9. return;
10. }
11. // 使用新的访问令牌
12. }];
13. ```
## 核心代码### 授权请求处理```objective-c
// OIDAuthorizationRequest.h
@interface OIDAuthorizationRequest : NSObject <NSCopying, NSSecureCoding>@property(nonatomic, readonly) OIDServiceConfiguration *configuration;
@property(nonatomic, readonly) NSString *clientID;
@property(nonatomic, readonly, nullable) NSString *clientSecret;
@property(nonatomic, readonly, nullable) NSArray<NSString *> *scopes;
@property(nonatomic, readonly) NSURL *redirectURL;
@property(nonatomic, readonly) NSString *responseType;
@property(nonatomic, readonly, nullable) NSString *state;
@property(nonatomic, readonly, nullable) NSString *nonce;
@property(nonatomic, readonly, nullable) NSDictionary<NSString *, NSString *> *additionalParameters;- (NSURL *)authorizationRequestURL;
@end
令牌响应处理
// OIDTokenResponse.h
@interface OIDTokenResponse : NSObject <NSCopying, NSSecureCoding>@property(nonatomic, readonly) OIDTokenRequest *request;
@property(nonatomic, readonly, nullable) NSString *accessToken;
@property(nonatomic, readonly, nullable) NSString *tokenType;
@property(nonatomic, readonly, nullable) NSDate *expiresIn;
@property(nonatomic, readonly, nullable) NSString *idToken;
@property(nonatomic, readonly, nullable) NSString *refreshToken;
@property(nonatomic, readonly, nullable) NSDictionary<NSString *, NSString *> *additionalParameters;@end
授权状态管理
// OIDAuthState.h
@interface OIDAuthState : NSObject <NSCopying, NSSecureCoding>@property(nonatomic, readonly, nullable) OIDAuthorizationResponse *lastAuthorizationResponse;
@property(nonatomic, readonly, nullable) OIDTokenResponse *lastTokenResponse;
@property(nonatomic, readonly, nullable) NSString *refreshToken;
@property(nonatomic, readonly, nullable) NSError *authorizationError;
@property(nonatomic, readonly) BOOL isAuthorized;- (void)performActionWithFreshTokens:(OIDAuthStateAction)action;
@end
更多精彩内容 请关注我的个人公众号 公众号(办公AI智能小助手)
)
