I'm using https://github.com/auth0/socketio-jwt to connect the user to my node.js/socket.io server and I'm using one round trip
My problem right now is that whenever user logs in on the IOS part, the socket.connect() is not consistent, my theory is that the token is not yet ready even before the socket.connect() gets invoked.
I'm using Singleton design for my Socket.io class as many people pointed that out.
Here's the code on the SocketManager.swift part
import SocketIO
class SocketIOManager: NSObject {
static let sharedInstance = SocketIOManager()
var socket = SocketIOClient(socketURL: URL(string: mainURL)!, config: [.log(false), .compress, .connectParams(["token": getToken()])]) // getToken() I got it from other file which is Constant.Swift
func establishConnection() {
socket.connect()
}
func closeConnection() {
socket.disconnect()
}
}
I'm using KeychainAccess to store the token and Constant.Swift file store all the global variables and functions so that I could call it on any Swift files.
Constant.Swift
import Foundation
import KeychainAccess
let keychain = Keychain(server: "www.example.com", protocolType: .https)
func getToken() -> String {
if let token = keychain["token"] {
return token
}
return ""
}
LoginViewController.swift
#IBAction func facebookButtonClicked(_ sender: UIButton) {
Alamofire.request("/login", method: .post, parameters: parameters, encoding: JSONEncoding.default)
.responseJSON { response in
if let value = response.result.value {
let json = JSON(value)
self.keychain["token"] = String(describing: json["token"])
SocketIOManager.sharedInstance.establishConnection()
self.segueToAnotherVC() // Segue to another screen, to simplify things i put it in a function
}
}
}
So technically what is happening in this controller is, when the user logs in, I will store the token into KeychainAccess (it is equivalent to NSUserDefaults), then only I will make a socket connection because the socket connection needs a token beforehand.
What should I do to make the connection consistent all the time, whenever user logs in? Any methods that I could use?
I suggest you to use keychain like this:
let keychain = KeychainSwift()
keychain.set("string", forKey: "key")
keychain.get("key")
keychain.delete("key")
keychain Usage:
let saveBool: Bool = KeychainWrapper.setString("String", forKey: "key")
let retrievedString: String? = KeychainWrapper.stringForKey("key")
let removeBool: Bool = KeychainWrapper.removeObjectForKey("key")
And make sure that your token is set when calling establish connection, if not, don't try and connect.
References:
https://github.com/socketio/socket.io-client-swift/issues/788
https://github.com/marketplacer/keychain-swift
https://github.com/jrendel/SwiftKeychainWrapper
More info:
JSON Web Token is a JSON-based open standard for creating access tokens that assert some number of claims.
Related
I'm using the Spotify API, and followed the instructions for their iOS SDK setup. This involved abstracting away/delegating away most of the work to the SPTSession/SPTSessionManager. But now that everything is abstracted away, how can I get my access token so that I can do "manual" calls (using URL, URLSession, URLRequest, etc classes in Swift)?
The instructions for set up had me include a lazy var sessionmanager (an instance of SPTSessionManager) defined via closure that manages my SPTSession, and I know an SPTSession has members access_token and refresh_token. However, I can't seem to access them outside of my Appdelegate because sessionmanager is a lazy var in AppDelegate. I tried making global variables for the tokens outside of appdelegate, but I can't seem to find a way to actually set the values since sessionmanager is completely abstracted away. Even when I'm in the AppDelegate, if I try doing sessionmanager.session?.access_token it sends me into an infinite loop, which I assume is because sessionmanager is a lazy variable so every time I try to get it, the closure just reevaluates?
I'm not sure what's going on. Also, I'm not very familiar with stackoverflow etiquette so please let me know if there's anything I should do differently!
class AppDelegate: UIResponder, UIApplicationDelegate, SPTSessionManagerDelegate {
// Default appdelegate methods and other irrelevant code
// implement session delegate
func sessionManager(manager: SPTSessionManager, didInitiate session: SPTSession) {
isLoggedIn = true
authToken = session.accessToken
refreshToken = session.refreshToken
print("success", session)
}
func sessionManager(manager: SPTSessionManager, didFailWith error: Error) {
print("fail", error)
}
func sessionManager(manager: SPTSessionManager, didRenew session: SPTSession) {
authToken = session.accessToken
print("renewed", session)
}
let SpotifyClientID = "b29fa2b4649e4bc697ecbf6721edaa39"
let SpotifyRedirectURL = URL(string: "spotify-ios-quick-start://spotify-login-callback")!
lazy var configuration = SPTConfiguration(
clientID: SpotifyClientID,
redirectURL: SpotifyRedirectURL
)
// Setup token swap via glitch
lazy var sessionManager: SPTSessionManager = {
if let tokenSwapURL = URL(string: "https://spotify-token-swap.glitch.me/api/token"),
let tokenRefreshURL = URL(string: "https://spotify-token-swap.glitch.me/api/refresh_token") {
self.configuration.tokenSwapURL = tokenSwapURL
self.configuration.tokenRefreshURL = tokenRefreshURL
self.configuration.playURI = ""
}
let manager = SPTSessionManager(configuration: self.configuration, delegate: self)
return manager
}()
// Request to login with Spotify. Called from a different file.
func requestSpotify() {
let requestedScopes: SPTScope = [.userTopRead, .playlistModifyPublic]
sessionManager.initiateSession(with: requestedScopes, options: .default)
}
// Configure auth callback
func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
self.sessionManager.application(app, open: url, options: options)
return true
}
}
Edit: As a separate issue, I can't seem to actually open the login flow cause I have an "invalid client", even though I've whitelisted my redirect uri and I'm sure my client id is correct?
I want to connect my app to the socket here is the code :-
import UIKit
import SocketIO
class SocketIOManager: NSObject {
static let manager = SocketManager(socketURL: URL(string: "myURL")!)
static let socket = manager.defaultSocket
class func connectSocket() {
let token = UserDefaults.standard.getAccessToken()
self.manager.config = SocketIOClientConfiguration(
arrayLiteral: .connectParams(["token": token]), .secure(true) // problem is here in passing token value
)
socket.connect()
}
class func receiveMsg() {
socket.on("new message here") { (dataArray, ack) in
print(dataArray.count)
}
}
}
I created a new class SocketIOManager.swift and I invoke my function in view controller
SocketIOManager.connectSocket()
and I am not using the localhost url but still my app is not connected to the socket I think I followed this How to connect with Socket.io? Swift 4 and I also add App Transport Security in info.plist. Any help? The problem is when I am passing the token value it gives me error otherwise it is working properly. Should I need to pass token when using socket?
You should make a shared property in your SocketIOManager class like this:
static let shared = SocketIOManager()
and then create init() like this:
var socket: SocketIOClient!
// defaultNamespaceSocket and swiftSocket both share a single connection to the server
let manager = SocketManager(socketURL: URL(string: "http://localhost:3000")!, config: [.log(true), .compress])
override init() {
super.init()
socket = manager.defaultSocket
}
and finally write your methods like this:
func connectSocket() {
let token = UserDefaults.standard.getAccessToken()
self.manager.config = SocketIOClientConfiguration(
arrayLiteral: .connectParams(["token": token]), .secure(true)
)
socket.connect()
}
func receiveMsg() {
socket.on("new message here") { (dataArray, ack) in
print(dataArray.count)
}
}
and call your method like this:
SocketIOManager.shared.connectSocket()
The point is that you should make a strong reference to manager property in your viewController and static let shared = SocketIOManager() you do this for you!
Is your URL secured under HTTPS?
If it is not, that could be the problem, due to App Transport Security restrictions.
See Info Plist Reference
See also this post here.
If that's not the problem. I'd suggest to check if your Socket version on both sides, server and client, are the same. Recently I had a problem because of that.
Hope it helps!
try this Example:
let manager = SocketManager(socketURL: URL(string:
"http://xxxxxxxxx.com")!, config: [.log(true), .compress])
var socket = manager.defaultSocket
socket.connect()
socket.on(clientEvent: .connect) {data, ack in
print("socket connected")
self.gotConnection()
}
}
func gotConnection(){
socket.on("new message here") { (dataArray, ack) in
print(dataArray.count)
}
}
I writing an app in Swift 4 that uses the Discogs API. As such, I require a user to have access to personal data on their Discogs account, so I am authenticating against their API using OAuthSwift. Currently, I am able to kick off the auth flow, sign in and return the an oauthToken and the oauthTokenSecret
Making a subsequent request to their https://api.discogs.com/oauth/identity I am returned a user object, so I am happy at this point I can sign in and make authenticated requests.
However, I do not understand how I can check if a user is authenticated when the app first starts up. Currently, I am not storing the response, instead I am making a call to the identity endpoint in nested callback
import UIKit
import OAuthSwift
class ViewController: UIViewController {
let oauthSwift = OAuth1Swift(
consumerKey: "foo",
consumerSecret: "bar",
requestTokenUrl: "https://api.discogs.com/oauth/request_token",
authorizeUrl: "https://www.discogs.com/oauth/authorize",
accessTokenUrl: "https://api.discogs.com/oauth/access_token"
)
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view, typically from a nib.
view.backgroundColor = .white
kickOffAuthFlow()
}
fileprivate func kickOffAuthFlow() {
oauthSwift.authorizeURLHandler = SafariURLHandler(viewController: self, oauthSwift: oauthSwift)
guard let callbackURL = URL(string: "foo.bar.boobaz:/oauth_callback") else { return }
oauthSwift.authorize(withCallbackURL: callbackURL, success: { (credential, response, parameters) in
_ = self.oauthSwift.client.get("https://api.discogs.com/oauth/identity", success: { (response) in
guard let dataString = response.string else { return }
print(dataString)
}, failure: { (error) in
print("error")
})
}) { (error) in
print(error.localizedDescription)
}
}
}
What is best practice in this case? How should I store these tokens and how should I ensure once the user is logged in, they aren't forced to log in the next time the app is opened (providing the token hasn't expired, however that is a separate issue I am prepared to handle at a later point)
Coming from a web development background, I was able to just store a token in session storage, on load I would then check the exp on the token and request a new one or take some other action.
I have not quite grasped how this works in iOS development yet.
You have two options to store access token in local.
UserDefault
Keychain
1. UserDefault
Use UserDefault to store token in memory. When the app gets launch, check if the token is stored in userdafault. UserDefault is used as short memory storage where you can store small data. It remains in memory if you kill the app.
let tokenIdentifier = "TokenIdentifier"
func storeAccessToken(token: String) {
UserDefaults.standard.set(token, forKey: tokenIdentifier)
}
func checkUserLogin() {
if UserDefaults.standard.value(forKey: tokenIdentifier) != nil {
print("User is Login")
}
else {
print("User need to login")
}
}
check this for learn more about userdefault
https://swift3tutorials.com/swift-3-user-defaults/
https://www.hackingwithswift.com/example-code/system/how-to-save-user-settings-using-userdefaults
2. Keychain
Userdefault is not secure. An access token is a sensitive information which should be stored in a secure place. So storing the access token in user default is not the correct choice. You must store access token in the keychain. Use SwiftKeychainWrapper pod to store token in Keychain.
let tokenIdentifier = "TokenIdentifier"
func storeAccessToken(token: String) {
KeychainWrapper.standard.set(token, forKey: tokenIdentifier)
}
func checkUserLogin() {
let token: String? = KeychainWrapper.standard.string(forKey: tokenIdentifier)
if token != nil {
print("User is Login")
}
else {
print("User need to login")
}
}
I am trying to implement OAuth2 in my iOS app through Square but it's saying there is an error with my redirect_uri when I sign in successfully through the browser that pops up.
I'm using the OAuthSwift pod. This is what I have so far to set up the URL scheme so that the redirect should open my iOS app:
Square dashboard config:
AppDelegate:
class AppDelegate: UIResponder, UIApplicationDelegate {
var window: UIWindow?
func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool {
print("hollaaaaaaaaaaaaaaaaa") // i never see this printed
OAuthSwift.handle(url: url)
return true
}
}
Target:
Controller that opens the browser:
class OAuthViewController: UIViewController {
#IBAction func signInButtonTapped(_ sender: AnyObject) {
print("tapped");
let oauthswift = OAuth2Swift(
consumerKey: "my token",
consumerSecret: "my secret",
authorizeUrl: "https://connect.squareup.com/oauth2/authorize?client_id=my_id",
responseType: "token"
)
oauthswift.authorize(
withCallbackURL: URL(string: "com.edmund.ios/oauth-callback")!, // doesn't seem to do anything honestly... I think the Square dashboard setting has precedence over this.
scope: "MERCHANT_PROFILE_READ%20PAYMENTS_READ%20ITEMS_READ%20ORDERS_READ",
state: "",
success: { (credential, response, parameters) -> Void in
print(credential)
},
failure: { error in
print(error.localizedDescription)
}
)
}
}
Redirect to ios app is possible? Completly possible
Here I will guide you simple approach to achieve this.
The square oAuth implementation can achieve by 2 simple easy steps without using any third-party libraries.
Benefits of this approach
You always stay within the application (because we use the in-app browser)
No need to add URI schema in the application (because we never leave the app)
Step 1: Add a view controller and attach a WKWebview;
Step 2: Load auth request URL and listen for redirect URI;
You can dismiss the controller and proceed with the access token once the redirection happens.
Redirect URI
You have to set a redirect URI in the square dashboard;
(Example: "http://localhost/square-oauth-callback")
but you are free to set any valid URL.
We monitor this url within our app.
Implement the following code in your application
import Foundation
import UIKit
import WebKit
class SquareAuthenticationViewController: UIViewController {
// MARK: Connection Objects
#IBOutlet weak var webView: WKWebView!
// MARK: Life Cycle
override func viewDidLoad() {
super.viewDidLoad()
configureView()
initiateAuthentication()
}
func configureView() {
webView.navigationDelegate = self
}
func initiateAuthentication() {
// Validation
guard let url = getPath() else {
return
}
// Prepare request
let request = URLRequest(url: url)
webView.load(request)
}
func getPath() -> URL? {
let clientId = "Your Suare Application Id"
let scope = ["MERCHANT_PROFILE_READ",
"CUSTOMERS_READ",
"CUSTOMERS_WRITE",
"EMPLOYEES_READ",
"EMPLOYEES_WRITE",
"ITEMS_READ",
"PAYMENTS_READ"].joined(separator: " ")
let queryClientId = URLQueryItem(name: "client_id" , value: clientId.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed))
let queryScope = URLQueryItem(name: "scope" , value: scope.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed))
var components = URLComponents()
components.scheme = "https"
components.host = "connect.squareup.com"
components.path = "/oauth2/authorize"
components.percentEncodedQueryItems = [queryClientId, queryScope]
return components.url
}
}
extension SquareAuthenticationViewController: WKNavigationDelegate {
func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: #escaping (WKNavigationActionPolicy) -> Void) {
// here we handle internally the callback url and call method that call handleOpenURL (not app scheme used)
if let url = navigationAction.request.url, url.host == "localhost" , url.path == "/square-oauth-callback" {
print(url)
print(url.valueOf("code"))
//decisionHandler(.cancel)
/* Dismiss your view controller as normal
And proceed with OAuth authorization code
The code you receive here is not the auth token; For auth token you have to make another api call with the code that you received here and you can procced further
*/
/*
Auth Process Flow: https://developer.squareup.com/docs/oauth-api/how-it-works#oauth-access-token-management
Obtain Auth Token: https://developer.squareup.com/reference/square/oauth-api/obtain-token
*/
}
decisionHandler(.allow)
}
}
extension URL {
func valueOf(_ queryParamaterName: String) -> String? {
guard let url = URLComponents(string: self.absoluteString) else { return nil }
return url.queryItems?.first(where: { $0.name == queryParamaterName })?.value
}
}
When you guide a user through the oauth flow for your app, you must specify a redirect_uri parameter that matches that value you have specified in the Square developer portal. Note that this redirect_uri must start with http or https and correspond to a webpage on your server.
If you redirect the square endpoint to your server, if your sure they are running on iOS you can use your URL Scheme to reopen your app and pass any parameters that you wish
I'm building an iOS (Swift) app using AWS as the backend with Developer Authenticated Identities. Everything works fine until I close the app, leave it for a while and then relaunch. In this scenario I often, but not always, receive ExpiredTokenException errors when trying to retrieve data from AWS.
Here is my code:
class DeveloperAuthenticatedIdentityProvider: AWSAbstractCognitoIdentityProvider {
var _token: String!
var _logins: [ NSObject : AnyObject ]!
override var token: String {
get {
return _token
}
}
override var logins: [ NSObject : AnyObject ]! {
get {
return _logins
}
set {
_logins = newValue
}
}
override func getIdentityId() -> AWSTask! {
if self.identityId != nil {
return AWSTask(result: self.identityId)
} else {
return AWSTask(result: nil).continueWithBlock({ (task) -> AnyObject! in
if self.identityId == nil {
return self.refresh()
}
return AWSTask(result: self.identityId)
})
}
}
override func refresh() -> AWSTask! {
let apiUrl = "https://url-goes-here" // call my server to retrieve an OpenIdToken
request.GET(apiUrl, parameters: nil, progress: nil,
success: {
(task: NSURLSessionDataTask, response: AnyObject?) -> Void in
let tmp = NSMutableDictionary()
tmp.setObject("temp", forKey: "ExampleApp")
self.logins = tmp as [ NSObject : AnyObject ]
let jsonDictionary = response as! NSDictionary
self.identityId = jsonDictionary["identityId"] as! String
self._token = jsonDictionary["token"] as! String
awstask.setResult(response)
},
failure: {
(task: NSURLSessionDataTask?, error: NSError) -> Void in
awstask.setError(error)
}
)
return awstask.task
}
}
And in the AppDelegate:
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
let identityProvider = DeveloperAuthenticatedIdentityProvider()
// set default service configuration
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: cognitoRegion, identityProvider: identityProvider, unauthRoleArn: unauthRole, authRoleArn: authRole)
let configuration = AWSServiceConfiguration(region: defaultServiceRegion, credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configuration
// set service configuration for S3 (my bucket is located in a different region to my Cognito and Lambda service)
let credentialsProviderForS3 = AWSCognitoCredentialsProvider(regionType: cognitoRegion, identityProvider: identityProvider, unauthRoleArn: unauthRole, authRoleArn: unauthRole)
let awsConfigurationForS3 = AWSServiceConfiguration(region: s3ServiceRegion, credentialsProvider: credentialsProviderForS3)
AWSS3TransferUtility.registerS3TransferUtilityWithConfiguration(awsConfigurationForS3, forKey: "S3")
return true
}
This post suggests that the Cognito token has expired and it is up to the developer to manually refresh. This seems overly complex as it would require setting a timer to refresh regularly, handling app closures and relaunches and handling AWS requests that occur while the refresh is taking place. Is there a simpler way? For example, is it possible to have the AWS SDK automatically call refresh whenever it attempts to query the server using an expired token?
Any help would be appreciated. I'm using version 2.3.5 of the AWS SDK for iOS.
The AWS Mobile SDK for iOS 2.4.x has a new protocol called AWSIdentityProviderManager. It has the following method:
/**
* Each entry in logins represents a single login with an identity provider.
* The key is the domain of the login provider (e.g. 'graph.facebook.com') and the value is the
* OAuth/OpenId Connect token that results from an authentication with that login provider.
*/
- (AWSTask<NSDictionary<NSString *, NSString *> *> *)logins;
The responsibility of an object conforming to this protocol is to return a valid logins dictionary whenever it is requested. Because this method is asynchronous, you can make networking calls in it if the cached token is expired. The implementation is up to you, but in many cases, AWSIdentityProviderManager manages multiple AWSIdentityProviders, aggregates them and return the logins dictionary.
Unfortunately developers refreshing the token is the only way.
I agree that it would be simpler for app developers if AWS SDK handled this but the way CrdentialsProvider is designed is supposed to be generic for all providers. For example, if someone wants to use Facebook as provider then AWS SDK will not be able to handle the refresh on its own and developer will have t handle that in his app. Keeping the refresh flow out of the SDK gives us the capability to keep the CredentialsProvider generic.