Latest 0.1.0-beta
Homepage https://github.com/okta/okta-sdk-appauth-ios
License APACHE2
Platforms ios 9.0
Dependencies AppAuth
Authors

Okta

CI Status
Version
License
Platform

Example

To run the example project, clone the repo, and run pod install from the Example directory first.

Requirements

Installation

Okta is available through CocoaPods. To install
it, simply add the following line to your Podfile:

pod "OktaAuth"

Overview

This library currently supports:

Getting Started

You can create an Okta developer account at https://developer.okta.com/.

  1. After login, navigate to https://{yourOrg}-admin.oktapreview.com/admin/apps/add-app and select Create New App
  2. Choose Native as the platform, Sign on method as OpenID Connect then select Create.
  3. Populate your new OpenID Connect application with values similar to:
Setting Value
Application Name Native OpenId Connect App (must be unique)
Redirect URIs com.okta.yoursubdomain:/callback
Allowed grant types Authorization Code, Refresh Token (recommended)
  1. Click Finish to redirect back to the General Settings of your application.
  2. Copy the Client ID, as it will be needed for the client configuration.

Note: As with any Okta application, make sure you assign Users or Groups to the OpenID Connect Client. Otherwise, no one can use it.

If using the Resource Owner Password Grant, make sure to select it in the Allowed Grant Types and select Client authentication.

Configuration

Create an Okta.plist file in your application’s bundle with the following fields:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>issuer</key>
    <string>{oktaOrg}</string>
    <key>clientId</key>
    <string>{clientIdValue}</string>
    <key>redirectUri</key>
    <string>{redirectUrlValue}</string>
        <key>scopes</key>
    <array>
        <string>offline_access</string>
        <string>openid</string>
        <string>profile</string>
    </array>
</dict>
</plist>

Note: To receive a refresh_token, you must include the offline_access scope.

Update the Private-use URI Scheme

In order to redirect back to your application from a web browser, you must specify a unique URI to your app. To do this, open Info.plist in your application bundle and set a URL Scheme to the scheme of the redirect URI.

For example, if your Redirect URI is com.okta.example:/callback, the URL Scheme will be com.okta.example.

Resource Owner Password

If using the Resource Owner Password Grant, you must specify the clientSecret in Okta.plist:

<key>clientSecret</key>
<string>{clientSecret}</string>

IMPORTANT: It is strongly discouraged to store a clientSecret on a distributed app. Please refer to OAuth 2.0 for Native Apps for more information.

Authorization

First, update your AppDelegate to include the following function to allow the redirect to occur:

// AppDelegate.swift
import OktaAuth

func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any]) -> Bool {
    return OktaAuth.resume(url: url, options: options)
}

Then, you can start the authorization flow by simply calling login:

OktaAuth
    .login()
    .start(view: self) {
        response, error in

        if error != nil { print(error!) }

        // Success
        if let authResponse = response {
            // authResponse.accessToken
            // authResponse.idToken
        }
    }

To login using username and password:

OktaAuth
    .login(username: "[email protected]", password: "password")
    .start(view: self) {
        response, error in

        if error != nil { print(error!) }

        // Success
        if let authResponse = response {
            // authResponse.accessToken
            // authResponse.idToken
        }
    }

Get UserInfo

Calls the OIDC userInfo endpoint to return user information.

OktaAuth.userinfo() {
    response, error in

    if error != nil { print("Error: (error!)") }

    if let userinfo = response {
        userinfo.forEach { print("($0): ($1)") }
    }
}

Introspect the Tokens

Calls the introspection endpoint to inspect the validity of the specified token.

OktaAuth
    .introspect()
    .validate(token: token) {
        response, error in
            if error != nil { print("Error: (error!)") }

            if let isActive = response { print("Is token valid? (isActive)") }
    }

Revoke a Token

Calls the revocation endpoint to revoke the specified token.

OktaAuth.revoke(token: token) {
    response, error in

    if error != nil { print("Error: (error!)") }
    if let _ = response { print("Token was revoked") }
}

Refresh a Token

Refreshes the accessToken if the refreshToken is provided.

OktaAuth.refresh()

Token Management

Tokens are securely stored in the Keychain. They can be easily be set and retrieved with the helper methods set and get.

OktaAuth
    .login()
    .start(self) { response, error in

        if error != nil { print(error!) }
        if let authResponse = response {
            // Store tokens in keychain
            tokens?.set(value: authResponse.accessToken!, forKey: "accessToken")
            tokens?.set(value: authResponse.idToken!, forKey: "idToken")
            self.buildTokenTextView()
        }
}

// OktaAuth.tokens.get(forKey: "accessToken")
// OktaAuth.tokens.get(forKey: "idToken")

License

Okta is available under the MIT license. See the LICENSE file for more info.

Latest podspec

{
    "name": "OktaAuth",
    "version": "0.1.0-beta",
    "summary": "SDK to easily integrate AppAuth with Okta",
    "description": "Integrate your native app with Okta using the AppAuth library.",
    "homepage": "https://github.com/okta/okta-sdk-appauth-ios",
    "license": {
        "type": "APACHE2",
        "file": "LICENSE"
    },
    "authors": {
        "Okta Developers": "[email protected]"
    },
    "source": {
        "git": "https://github.com/okta/okta-sdk-appauth-ios.git",
        "tag": "0.1.0-beta"
    },
    "platforms": {
        "ios": "9.0"
    },
    "source_files": "Okta/**/*",
    "dependencies": {
        "AppAuth": [
            "~> 0.9.1"
        ]
    },
    "pushed_with_swift_version": "3.0"
}

Pin It on Pinterest

Share This