Getting an AuthToken using Siesta via Password Grant - siesta-swift

new to both Swift and Siesta... Trying to make a "password" grant type request. I used the code located here (the block at the very bottom). My code is:
var authToken: String??
var tokenCreationResource: Resource { return resource("oauth/v2/token") }
func refreshTokenOnAuthFailure(request: Request) -> Request {
return request.chained {
guard case .failure(let error) = $0.response, // Did request fail…
error.httpStatusCode == 401 else { // …because of expired token?
return .useThisResponse // If not, use the response we got.
}
return .passTo(
self.createAuthToken().chained { // If so, first request a new token, then:
if case .failure = $0.response { // If token request failed…
return .useThisResponse // …report that error.
} else {
//print($0.response)
return .passTo(request.repeated()) // We have a new token! Repeat the original request.
}
}
)
}
}
func userAuthData() -> [String: String] {
return [
"username": "username",
"password": "password",
"grant_type": "password",
"client_id": "abc1234567",
"client_secret": "1234567abc"
]
}
func createAuthToken() -> Request {
print("requestingToken")
return tokenCreationResource
.request(.post, urlEncoded: userAuthData())
.onSuccess {
self.authToken = $0.jsonDict["access_token"] as? String // Store the new token, then…
print($0.jsonDict) //*****SEE MY NOTE BELOW ABOUT THIS LINE
self.invalidateConfiguration() // …make future requests use it
}
}
The problem is that it doesn't seem to set the authToken variable... In troubleshooting the $0.jsonDict variable in the createAuthToken() function seems to be empty. The line noted prints [:]
If I change the print($0.jsonDict) to print($0) I see the full response including the "content" section which displays the results I would have expected to be in the jsonDict
If it matters, my server implementation is Symfony using FOSOauthServerBundle. All this works fine if I just manually do a request in the browser and like I said the "content" of the response shows my token, I just can't seem to access it via the .jsonDict["access_token"]

Had this exact same issue with the example code - you need to remove
standardTransformers: [.text, .image]
from the Service constructor (or include .json).

Related

How to change access token with refresh token when it expires?

I am doing an Alamofire request, and during login, it gives me access token and refresh token. After getting access token, I save it in keychain. Every 20 minutes the access token expires and I need to convert it to refresh token.
Below is the code of saving in keychain.
final class KeychainManager {
let keychain = Keychain(service: "com.app")
func saveToken(token: String) {
do {
try keychain.set(token, key: "accessToken")
} catch let error {
print(error)
}
}
func getAccessToken() -> String? {
let token = try? keychain.getString(accessTokenKey)
return token
}
}
And here is my Alamofire request
AF.upload(multipartFormData: { multiFormData in
for form in bodyKeyValue {
multiFormData.append(Data(form.sValue.utf8), withName: form.sKey)
}
}, to: url).responseData { response in
switch response.result {
case .success(_):
do {
let decodedData = try JSONDecoder().decode(LoginResponseBody.self, from: response.data!)
self.keychain.saveToken(token: decodedData.data.accessToken)
completion(.success(decodedData))
} catch {
completion(.failure(.serverError))
}
case .failure(_):
print("fail")
}
}
Now I don't know how to use , refresh token here, so when access token expires, it will be converted to refresh token. Does Alamofire have a function for that?
Generally as a good rule of thumb.
When your access token expires and you need to use the refresh token.
What you should do is:
When the app makes the API call and the token is no longer valid (IE: time to use refresh) , when the call fails here in the do block.
do {
let decodedData = try JSONDecoder().decode(LoginResponseBody.self, from: response.data!)
self.keychain.saveToken(token: decodedData.data.accessToken)
completion(.success(decodedData))
} catch {
completion(.failure(.serverError))
}
When the completionHandler(.failure(.serverError)) is triggered
You can make another call here to retrieve the refresh token/generate a new one. Either inside this function or in the viewController.
so in your app, when your function call returns completionHandler(.failure(.serverError)) , add the function call into the app(either in the failure block or inside the viewController, depending on your app and dev preference) on failure retrieve new access token/refresh token then make the same API called that failed.

How to intercept Moya request and return failure response without sending the request at all

I'm using Moya library to handle networking layer, and I already have a custom plugin that add an authentication token to the header.
What I want to do is to make this plugin cancel the request and return a failure response (or throw an error) if the token is not available yet.
P.S. I extended the protocol TargetType to add extra variable that indicates if the target needs authentication or not, so I need to access these data to determine if the authentication token is needed in the header or not.
this is a snapshot of my custom plugin:
struct AuthTokenPlugin: PluginType {
let tokenClosure:()->String?
func prepare(_ request: URLRequest, target: TargetType) -> URLRequest {
guard let target = target as? AuthorizebleTargetType, target.needsAuth else {
return request
}
guard let token = tokenClosure() else {
// Here where a failure response will be triggered or an error should be thrown
return ......
}
var request = request
request.addValue( "Token " + token, forHTTPHeaderField:"Authorization")
return request
}
}
P.S.2: throwing an error is not a good practice and it is not possible because the enclosing function "prepare(_:target:)" is not declared 'throws'.
I don't think that we can implement such logic with usage of protocol TargetType in cause his methods don't return Bool values and are not throw-marked.
Take a look at MoyaProvider init parameters. There is a requestClosure param in it. You can copy-paste and replace this parameter's default implementation with your own implementation which will check authorization header of Endpoint.
Default implementation of this closure:
final class func defaultRequestMapping(for endpoint: Endpoint, closure: RequestResultClosure) {
do {
let urlRequest = try endpoint.urlRequest()
closure(.success(urlRequest))
} catch MoyaError.requestMapping(let url) {
closure(.failure(MoyaError.requestMapping(url)))
} catch MoyaError.parameterEncoding(let error) {
closure(.failure(MoyaError.parameterEncoding(error)))
} catch {
closure(.failure(MoyaError.underlying(error, nil)))
}
}
UPD with my comment:
I suggest to check that if Endpoint has header with key “Authorization”, but it’s value is empty string, then call closure parameter with .failure case in requestClosure

Moya rxswift : Refresh token and restart request

I'm using Moya Rx swift and i want to catch the response if the status code is 401 or 403 then call refresh token request then recall/retry the original request again and to do so i followed this Link but i tweaked it a bit to suit my needs
public extension ObservableType where E == Response {
/// Tries to refresh auth token on 401 errors and retry the request.
/// If the refresh fails, the signal errors.
public func retryWithAuthIfNeeded(sessionServiceDelegate : SessionProtocol) -> Observable<E> {
return self.retryWhen { (e: Observable<Error>) in
return Observable
.zip(e, Observable.range(start: 1, count: 3),resultSelector: { $1 })
.flatMap { i in
return sessionServiceDelegate
.getTokenObservable()?
.filterSuccessfulStatusAndRedirectCodes()
.mapString()
.catchError {
error in
log.debug("ReAuth error: \(error)")
if case Error.StatusCode(let response) = error {
if response.statusCode == 401 || response.statusCode == 403 {
// Force logout after failed attempt
sessionServiceDelegate.doLogOut()
}
}
return Observable.error(error)
}
.flatMapLatest({ responseString in
sessionServiceDelegate.refreshToken(responseString: responseString)
return Observable.just(responseString)
})
}}
}
}
And my Protocol :
import RxSwift
public protocol SessionProtocol {
func doLogOut()
func refreshToken(responseString : String)
func getTokenObservable() -> Observable<Response>?
}
But it is not working and the code is not compiling, i get the following :
'Observable' is not convertible to 'Observable<_>'
I'm just talking my first steps to RX-swift so it may be simple but i can not figure out what is wrong except that i have to return a type other than the one I'm returning but i do not know how and where to do so.
Your help is much appreciated and if you have a better idea to achieve what I'm trying to do, you are welcome to suggest it.
Thanks in advance for your help.
You can enumerate on error and return the String type from your flatMap. If the request succeeded then it will return string else will return error observable
public func retryWithAuthIfNeeded(sessionServiceDelegate: SessionProtocol) -> Observable<E> {
return self.retryWhen { (error: Observable<Error>) -> Observable<String> in
return error.enumerated().flatMap { (index, error) -> Observable<String> in
guard let moyaError = error as? MoyaError, let response = moyaError.response, index <= 3 else {
throw error
}
if response.statusCode == 401 || response.statusCode == 403 {
// Force logout after failed attempt
sessionServiceDelegate.doLogOut()
return Observable.error(error)
} else {
return sessionServiceDelegate
.getTokenObservable()!
.filterSuccessfulStatusAndRedirectCodes()
.mapString()
.flatMapLatest { (responseString: String) -> Observable<String> in
sessionServiceDelegate.refreshToken(responseString: responseString)
return Observable.just(responseString)
}
}
}
}
Finally i was able to solve this by doing the following :
First create a protocol like so ( Those functions are mandatory and not optional ).
import RxSwift
public protocol SessionProtocol {
func getTokenRefreshService() -> Single<Response>
func didFailedToRefreshToken()
func tokenDidRefresh (response : String)
}
It is very very important to conform to the protocol SessionProtocol in the class that you write your network request(s) in like so :
import RxSwift
class API_Connector : SessionProtocol {
//
private final var apiProvider : APIsProvider<APIs>!
required override init() {
super.init()
apiProvider = APIsProvider<APIs>()
}
// Very very important
func getTokenRefreshService() -> Single<Response> {
return apiProvider.rx.request(.doRefreshToken())
}
// Parse and save your token locally or do any thing with the new token here
func tokenDidRefresh(response: String) {}
// Log the user out or do anything related here
public func didFailedToRefreshToken() {}
func getUsers (page : Int, completion: #escaping completionHandler<Page>) {
let _ = apiProvider.rx
.request(.getUsers(page: String(page)))
.filterSuccessfulStatusAndRedirectCodes()
.refreshAuthenticationTokenIfNeeded(sessionServiceDelegate: self)
.map(Page.self)
.subscribe { event in
switch event {
case .success(let page) :
completion(.success(page))
case .error(let error):
completion(.failure(error.localizedDescription))
}
}
}
}
Then, I created a function that returns a Single<Response>.
import RxSwift
extension PrimitiveSequence where TraitType == SingleTrait, ElementType == Response {
// Tries to refresh auth token on 401 error and retry the request.
// If the refresh fails it returns an error .
public func refreshAuthenticationTokenIfNeeded(sessionServiceDelegate : SessionProtocol) -> Single<Response> {
return
// Retry and process the request if any error occurred
self.retryWhen { responseFromFirstRequest in
responseFromFirstRequest.flatMap { originalRequestResponseError -> PrimitiveSequence<SingleTrait, ElementType> in
if let lucidErrorOfOriginalRequest : LucidMoyaError = originalRequestResponseError as? LucidMoyaError {
let statusCode = lucidErrorOfOriginalRequest.statusCode!
if statusCode == 401 {
// Token expired >> Call refresh token request
return sessionServiceDelegate
.getTokenRefreshService()
.filterSuccessfulStatusCodesAndProcessErrors()
.catchError { tokeRefreshRequestError -> Single<Response> in
// Failed to refresh token
if let lucidErrorOfTokenRefreshRequest : LucidMoyaError = tokeRefreshRequestError as? LucidMoyaError {
//
// Logout or do any thing related
sessionServiceDelegate.didFailedToRefreshToken()
//
return Single.error(lucidErrorOfTokenRefreshRequest)
}
return Single.error(tokeRefreshRequestError)
}
.flatMap { tokenRefreshResponseString -> Single<Response> in
// Refresh token response string
// Save new token locally to use with any request from now on
sessionServiceDelegate.tokenDidRefresh(response: try! tokenRefreshResponseString.mapString())
// Retry the original request one more time
return self.retry(1)
}
}
else {
// Retuen errors other than 401 & 403 of the original request
return Single.error(lucidErrorOfOriginalRequest)
}
}
// Return any other error
return Single.error(originalRequestResponseError)
}
}
}
}
What this function do is that it catches the error from the response then check for the status code, If it is any thing other than 401 then it will return that error to the original request's onError block but if it is 401 (You can change it to fulfill your needs but this is the standard) then it is going to do the refresh token request.
After doing the refresh token request, it checks for the response.
=> If the status code is in bigger than or equal 400 then this means that the refresh token request failed too so return the result of that request to the original request OnError block.
=> If the status code in the 200..300 range then this means that refresh token request succeeded hence it will retry the original request one more time, if the original request fails again then the failure will go to OnError block as normal.
Notes:
=> It is very important to parse & save the new token after the refresh token request is successful and a new token is returned, so when repeating the original request it will do it with the new token & not with the old one.
The token response is returned at this callback right before repeating the original request.
func tokenDidRefresh (response : String)
=> In case the refresh token request fails then it may that the token is expired so in addition that the failure is redirected to the original request's onError, you also get this failure callback
func didFailedToRefreshToken(), you can use it to notify the user that his session is lost or log him out or anything.
=> It is very important to return the function that do the token request because it is the only way the refreshAuthenticationTokenIfNeeded function knows which request to call in order to do the refresh token.
func getTokenRefreshService() -> Single<Response> {
return apiProvider.rx.request(.doRefreshToken())
}
Instead of writing an extension on Observable there's another solution. It's written on pure RxSwift and returns a classic error in case of fail.
The easy way to refresh session token of Auth0 with RxSwift and Moya
The main advantage of the solution is that it can be easily applicable for different services similar to Auth0 allowing to authenticate users in mobile apps.

Siesta REST login

How to translate my login user URLSession code into Siesta framework code? My current attempt isn't working.
I've looked at the example in the GithubBrowser but the API I have doesn't work like that.
The issue is that the user structure is kind of split by how the endpoint in the API I'm consuming works. The endpoint is http://server.com/api/key. Yes, it really is called key and not user or login. Its called that by the authors because you post a user/pass pair and get a key back. So it takes in (via post) a json struct like:
{"name": "bob", "password": "s3krit"}
and returns as a response:
{"token":"AEWasBDasd...AAsdga"}
I have a SessionUser struct:
struct SessionUser: Codable
{
let name: String
let password: String
let token: String
}
...which encapsulates the state (the "S" in REST) for the user. The trouble is name & password get posted and token is the response.
When this state changes I do my:
service.invalidateConfiguration() // So requests get config change
service.wipeResources() // Scrub all unauthenticated data
An instance is stored in a singleton, which is picked up by the configure block so that the token from the API is put in the header for all other API requests:
configure("**") {
// This block ^ is run AGAIN when the configuration is invalidated
// even if loadManifest is not called again.
if let haveToken = SessionManager.shared.currentUser?.token
{
$0.headers["Authorization"] = haveToken
}
}
That token injection part is already working well, by the way. Yay, Siesta!
URLSession version
This is bloated compared to Siesta, and I'm now not using this but here is what it used to be:
func login(user: SessionUser, endpoint: URL)
{
DDLogInfo("Logging in: \(user.name) with \(user.password)")
let json: [String: Any] = ["name": user.name, "password": user.password]
let jsonData = try? JSONSerialization.data(withJSONObject: json)
var request = URLRequest(url: endpoint)
request.httpMethod = "POST"
request.httpBody = jsonData
_currentStatus = .Unknown
weak var welf = self
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
handleLogin(error: error, message: "No data from login attempt")
return
}
let jsonData:Any
do {
jsonData = try JSONSerialization.jsonObject(with: data, options: [])
}
catch let jsonDecodeError {
handleLogin(error: jsonDecodeError, message: "Could not get JSON from login response data")
return
}
guard let jsonDecoded = jsonData as? [String: Any] else {
handleLogin(error: error, message: "Could not decode JSON as dictionary")
return
}
guard let token = jsonDecoded["token"] as? String else {
handleLogin(error: error, message: "No auth token in login response")
return
}
let newUser = SessionUser(name: user.name, password: "", token: token)
welf?.currentUser = newUser
welf?.saveCurrentSession()
welf?._currentStatus = .LoggedIn
DDLogInfo("User \(newUser.name) logged in")
loginUpdate(user: newUser, status: .LoggedIn, message: nil, error: nil)
}
task.resume()
}
Siesta Version
Here is my attempt right now:
func login(user: String, pass: String, status: #escaping (String?) -> ())
{
let json = [ "name": user, "password": pass]
let req = ManifestCloud.shared.keys.request(.post, json: json)
req.onSuccess { (tokenInfo) in
if let token = tokenInfo.jsonDict["token"] as? String
{
let newUser = SessionUser(name: user, password: pass, token: token)
self.currentUser = newUser
}
status("success")
}
req.onFailure { (error) in
status(error.userMessage)
}
req.onCompletion { (response) in
status(nil)
}
}
Its sort of working, but the log in credentials are not saved by Siesta and I've had to rig up a new notification system for login state which I'd hoped Siesta would do for me.
I want to use Siesta's caching so that the SessionUser object is cached locally and I can use it to get a new token, if required, using the cached credentials. At the moment I have a jury-rigged system using UserDefaults.
Any help appreciated!
The basic problem here is that you are requesting but not loading the resource. Siesta draws a distinction between those two things: the first is essentially a fancied-up URLSession request; the second means that Siesta hangs on to some state and notifies observers about it.
Funny thing, I just answered a different but related question about this a few minutes ago! You might find that answer a helpful starting point.
In your case, the problem is here:
let req = ManifestCloud.shared.keys.request(.post, json: json)
That .request(…) means that only your request hooks (onSuccess etc.) receive a notification when your POST request finishes, and Siesta doesn’t keep the state around for others to observe.
You would normally accomplish that by using .load(); however, that creates a GET request and you need a POST. You probably want to promote your POST to be a full-fledge load request like this:
let keysResource = ManifestCloud.shared.keys
let req = keysResource.load(using:
keysResource.request(.post, json: json))
This will take whatever that POST request returns and make it the (observable) latestData of ManifestCloud.shared.keys, which should give you the “notification system for login state” that you’re looking for.

Authentication Token

I'm trying to setup a simple iOS example to better understand Siesta. My REST api requires an access token to accompany each request. So (1) at the start of the app and (2) anytime I retrieve a HTTP 401 I need to request an access token and then put that in all future Authorization headers.
Working off this example from the documentation, I assume the line containing showLoginScreen is where I need to make a call to my authenticationResource to retrieve the token BUT how do I make the failed call immediately after (and not infinite loop of course)? Thank you.
let authURL = authenticationResource.url
configure({ url in url != authURL }, description: "catch auth failures") {
$0.config.beforeStartingRequest { _, req in // For all resources except auth:
req.onFailure { error in // If a request fails...
if error.httpStatusCode == 401 { // ...with a 401...
showLoginScreen() // ...then prompt the user to log in
}
}
}
}
Since you asked the question, the docs have been updated with an example that answers it.
The crux of it is to use decorateRequests(…) and Request.chained(…) to wrap all your service’s requests so that they automatically attempt to refresh the token before returning a response.
Here is the code from that example:
authToken: String??
init() {
...
configure("**", description: "auth token") {
if let authToken = self.authToken {
$0.headers["X-Auth-Token"] = authToken // Set the token header from a var that we can update
}
$0.decorateRequests {
self.refreshTokenOnAuthFailure(request: $1)
}
}
}
// Refactor away this pyramid of doom however you see fit
func refreshTokenOnAuthFailure(request: Request) -> Request {
return request.chained {
guard case .failure(let error) = $0.response, // Did request fail…
error.httpStatusCode == 401 else { // …because of expired token?
return .useThisResponse // If not, use the response we got.
}
return .passTo(
self.createAuthToken().chained { // If so, first request a new token, then:
if case .failure = $0.response { // If token request failed…
return .useThisResponse // …report that error.
} else {
return .passTo(request.repeated()) // We have a new token! Repeat the original request.
}
}
)
}
}
func createAuthToken() -> Request {
return tokenCreationResource
.request(.post, json: userAuthData())
.onSuccess {
self.authToken = $0.jsonDict["token"] as? String // Store the new token, then…
self.invalidateConfiguration() // …make future requests use it
}
}
}

Resources