CODEWITHSUNDEEP
iosswiftoauth-2.0
Ando
Ando

Reputation: 325

Intercept oauth2 callback

I'm trying to connect an iOS Swift app to an API, and I've experimented with oauthswift, aerogear, and heimdallr.

The flow is working fine, but the API itself doesn't have user-owned resources. All users have access to all resources. The API does, however, require OAuth2 to authenticate.

Is there a way to prevent a swift app from bouncing to Safari (or Safariwebview) and either avoiding the user login part or handling it with a workaround? I know this is sort of antithetical to oauth2, but there's no need (and actually it would be an impediment) for a single user to be logged in to this api.

Basically, I want the app to login on the backend for access to every user. I know this api has sdk's in Ruby, Python, and Node that do just that. So, how can I do this in Swift?

Here's my oauthswift code that successfully gets me in:

let yourEndpoint = ("https://www.awebsite.com/search/shows/a_show")
    let oauthswift = OAuth2Swift(
        consumerKey: "my key",
        consumerSecret: "my secret",
        authorizeUrl: "https://www.awebsite.com/oauth/authorize",
        accessTokenUrl: "https://www.awebsite.com/oauth/token",
        responseType: "token")

        let name = "sample_api_proj"


    oauthswift.authorizeWithCallbackURL( NSURL(string: "xxx:xxxx:xx:oauth:2.0:xxx")!, scope: "", state: "", success: {
        credential, response, parameters in
        self.showTokenAlert(name, credential: credential)

        let parameters =  Dictionary<String, AnyObject>()
        oauthswift.client.get("https://www.awebsite.com/api/search/shows/ashow", parameters: parameters,
            success: {
                data, response in
                let jsonDict: AnyObject! = try? NSJSONSerialization.JSONObjectWithData(data, options: [])
                print(jsonDict)
            }, failure: { error in
                print(error)
        })
        }, failure: { error in
            print(error.localizedDescription)
    })

Upvotes: 2

Views: 724

Answers (1)

Ando
Ando

Reputation: 325

I'm returning to this to provide the answer that I ultimately found. I didn't realize there were different types of oauth2, and the type used to authorize an entire app is called 'client credentials.' Not all libraries/pods are designed for this type of oauth. The working solution I found was with p2.OAuth2.

Upvotes: 2

Related Questions