OAuth2AuthenticationParameters
public struct OAuth2AuthenticationParameters
extension OAuth2AuthenticationParameters: DiscoveryServiceConfigurable
A wrapper for the expected input parameters for the OAuth2 Authorization Code Grant.
-
This URL loads the login page and gets the additional parameters as GET parameters.
Declaration
Swift
public let authorizationEndpointURL: URL
-
This URL has the functionality to exchange OAuth 2.0 code grant for a OAuth 2.0 token.
Declaration
Swift
public let tokenEndpointURL: URL
-
This is the URL which will be loaded at the end of the web view login process. The OAuth 2.0 code grant will be appended to the end of this URL as a GET parameter.
Declaration
Swift
public let redirectURL: URL
-
The identifier of the client that is configured on the OAuth2 server.
Declaration
Swift
public let clientID: String
-
The client secret.
Declaration
Swift
public let clientSecret: String?
-
This URL is used to provide a performance improvement on top of
authorizationEndpointURL
Calling the “authorizationEndpointURL” will hit the CPms first, then XSUAA to trigger the authorization. But calling “xsuaaAuthorizationURL” will directly hit XSUAA by avoiding the roundtrip. This happens both during the start and end of the authorization. Hence, this improves the overall onboarding performance. When this parameter is configured, standard authorization code grant flow will be used and PKCE(Proof Key for Code Exchange) feature associated with authorization code grant flow will be disabled. The value of this parameter can be provided in the ConfigurationProvider.plist under the key called “oauth2.xsuaaAuthorizationURL”. By default, this config is generated and kept commented in the ConfigurationProvider.plist of SAP BTP SDK Assistant generated apps.Declaration
Swift
public let xsuaaAuthorizationURL: URL?
-
Set of scopes that the client should request.
Declaration
Swift
public let requestingScopes: Set<String>
-
An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery.
Declaration
Swift
public let state: String?
-
transformation method applied to the code_verifier as part of PKCE (Proof Key for Code Exchange) Authorization Code Grant used by OAuth 2.0 public clients are protected from authorization code interception attack through the use of PKCE. The default value of this parameter is provided as part of ConfigurationProvider.plist with config name “oauth2.pkce” and key “codeChallengeMethod”. The default value of this parameter is “S256” which implies SHA256 has been used as the transformation method for deriving code challenge.
Declaration
Swift
public let codeChallengeMethod: String
-
init(authorizationEndpointURL:clientID:redirectURL:tokenEndpointURL:requestingScopes:state:clientSecret:xsuaaAuthorizationURL:codeChallengeMethod:)
Authentication parameters for the Authorization Code Grant.
Declaration
Swift
public init(authorizationEndpointURL: URL, clientID: String, redirectURL: URL, tokenEndpointURL: URL, requestingScopes: Set<String> = [], state: String? = nil, clientSecret: String? = nil, xsuaaAuthorizationURL: URL? = nil, codeChallengeMethod: String = "S256")
Parameters
authorizationEndpointURL
This URL loads the login page and gets the additional parameters as GET parameters.
clientID
The identifier of the client that is configured on the OAuth2 server.
redirectURL
This is the URL which will be loaded at the end of the web view login process. The OAuth 2.0 code grant will be appended to the end of this URL as a GET parameter.
tokenEndpointURL
This URL has the functionality to exchange OAuth 2.0 code grant for a OAuth 2.0 token.
requestingScopes
Set of scopes that the client should request.
state
An opaque value used by the client to maintain state between the request and callback.
clientSecret
The client secret.
xsuaaAuthorizationURL
xsuaa authorization URL.
codeChallengeMethod
code challenge method applied to the code_verifier in PKCE
-
Instantiates the OAuth2AuthenticationParameters from the Discovery Service configuration object. Example Discovery Service configuration structure contaning an OAuth 2.0 configuration:
{ "auth": [{ "type": "oauth2", "config": { "oauth2.tokenEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/token", "oauth2.authorizationEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/authorize", "oauth2.endUserUI": "https://oauthasservices-###.hana.ondemand.com/oauth2", "oauth2.clients": [{ "clientID": "123532-426436-234352354-2352-235-3252", "redirectURL": "scheme://redirect.url", "grantType": "authorization_code" }] } }], "host": "mobilepreview-aaf7eb1c4.hana.ondemand.com", "port": 443, "protocol": "https" }
Will use the corresponding auth-type if there are multiple auths. Will use the first client and ignore the rest.
Throws
ConfigurationError if a key is missing or the object has invalid structureDeclaration
Swift
public init(discoveryServiceConfig config: Any) throws
-
Instantiates the OAuth2AuthenticationParameters from the corresponding sub-configuration of the Discovery Service configuration object. Example OAuth 2.0 sub-configuration structure in a Discovery Service configuration object:
{ "oauth2.tokenEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/token", "oauth2.authorizationEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/authorize", "oauth2.endUserUI": "https://oauthasservices-###.hana.ondemand.com/oauth2", "oauth2.clients": [{ "clientID": "123532-426436-234352354-2352-235-3252", "redirectURL": "scheme://redirect.url", "grantType": "authorization_code" }] }
Will use the first client and ignore the rest.
Throws
ConfigurationError if a key is missing or the object has invalid structureDeclaration
Swift
public init(config: Any) throws
-
Initializer of OAuth2AuthenticationParameters
Declaration
Swift
public init?(certificateDiscoveryAuthenticationConfiguration configuration: [String : Any])
Parameters
certificateDiscoveryAuthenticationConfiguration
Dictionary with oauth type, authorizationEndpoint, client_id, redirect_uri and tokenEndpoint
-
Initializer of OAuth2AuthenticationParameters
Declaration
Swift
public init?(certificateDiscoveryConfiguration configuration: [String : Any])
Parameters
certificateDiscoveryConfiguration
Dictionary with com.sap.mobilesecure.certificateService.authType key, that contains the authentication configuration paramteres