OAuth2AuthenticationParameters

public struct OAuth2AuthenticationParameters
extension OAuth2AuthenticationParameters: DiscoveryServiceConfigurable

A wrapper for the expected input parameters for the OAuth2 Authorization Code Grant.

  • This URL loads the login page and gets the additional parameters as GET parameters.

    Declaration

    Swift

    public let authorizationEndpointURL: URL
  • This URL has the functionality to exchange OAuth 2.0 code grant for a OAuth 2.0 token.

    Declaration

    Swift

    public let tokenEndpointURL: URL
  • This is the URL which will be loaded at the end of the web view login process. The OAuth 2.0 code grant will be appended to the end of this URL as a GET parameter.

    Declaration

    Swift

    public let redirectURL: URL
  • The identifier of the client that is configured on the OAuth2 server.

    Declaration

    Swift

    public let clientID: String
  • The client secret.

    Declaration

    Swift

    public let clientSecret: String?
  • This URL is used to provide a performance improvement on top of authorizationEndpointURL Calling the “authorizationEndpointURL” will hit the CPms first, then XSUAA to trigger the authorization. But calling “xsuaaAuthorizationURL” will directly hit XSUAA by avoiding the roundtrip. This happens both during the start and end of the authorization. Hence, this improves the overall onboarding performance. When this parameter is configured, standard authorization code grant flow will be used and PKCE(Proof Key for Code Exchange) feature associated with authorization code grant flow will be disabled. The value of this parameter can be provided in the ConfigurationProvider.plist under the key called “oauth2.xsuaaAuthorizationURL”. By default, this config is generated and kept commented in the ConfigurationProvider.plist of SAP BTP SDK Assistant generated apps.

    Declaration

    Swift

    public let xsuaaAuthorizationURL: URL?
  • Set of scopes that the client should request.

    Declaration

    Swift

    public let requestingScopes: Set<String>
  • An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery.

    Declaration

    Swift

    public let state: String?
  • transformation method applied to the code_verifier as part of PKCE (Proof Key for Code Exchange) Authorization Code Grant used by OAuth 2.0 public clients are protected from authorization code interception attack through the use of PKCE. The default value of this parameter is provided as part of ConfigurationProvider.plist with config name “oauth2.pkce” and key “codeChallengeMethod”. The default value of this parameter is “S256” which implies SHA256 has been used as the transformation method for deriving code challenge.

    Declaration

    Swift

    public let codeChallengeMethod: String
  • Authentication parameters for the Authorization Code Grant.

    Declaration

    Swift

    public init(authorizationEndpointURL: URL, clientID: String, redirectURL: URL, tokenEndpointURL: URL, requestingScopes: Set<String> = [], state: String? = nil, clientSecret: String? = nil, xsuaaAuthorizationURL: URL? = nil, codeChallengeMethod: String = "S256")

    Parameters

    authorizationEndpointURL

    This URL loads the login page and gets the additional parameters as GET parameters.

    clientID

    The identifier of the client that is configured on the OAuth2 server.

    redirectURL

    This is the URL which will be loaded at the end of the web view login process. The OAuth 2.0 code grant will be appended to the end of this URL as a GET parameter.

    tokenEndpointURL

    This URL has the functionality to exchange OAuth 2.0 code grant for a OAuth 2.0 token.

    requestingScopes

    Set of scopes that the client should request.

    state

    An opaque value used by the client to maintain state between the request and callback.

    clientSecret

    The client secret.

    xsuaaAuthorizationURL

    xsuaa authorization URL.

    codeChallengeMethod

    code challenge method applied to the code_verifier in PKCE

  • Instantiates the OAuth2AuthenticationParameters from the Discovery Service configuration object. Example Discovery Service configuration structure contaning an OAuth 2.0 configuration:

    {
      "auth": [{
          "type": "oauth2",
          "config": {
              "oauth2.tokenEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/token",
              "oauth2.authorizationEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/authorize",
              "oauth2.endUserUI": "https://oauthasservices-###.hana.ondemand.com/oauth2",
              "oauth2.clients": [{
                  "clientID": "123532-426436-234352354-2352-235-3252",
                  "redirectURL": "scheme://redirect.url",
                  "grantType": "authorization_code"
              }]
          }
      }],
      "host": "mobilepreview-aaf7eb1c4.hana.ondemand.com",
      "port": 443,
      "protocol": "https"
    }
    

    Will use the corresponding auth-type if there are multiple auths. Will use the first client and ignore the rest.

    Throws

    ConfigurationError if a key is missing or the object has invalid structure

    Declaration

    Swift

    public init(discoveryServiceConfig config: Any) throws
  • Instantiates the OAuth2AuthenticationParameters from the corresponding sub-configuration of the Discovery Service configuration object. Example OAuth 2.0 sub-configuration structure in a Discovery Service configuration object:

    {
      "oauth2.tokenEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/token",
      "oauth2.authorizationEndpoint": "https://oauthasservices-###.hana.ondemand.com/oauth2/api/v1/authorize",
      "oauth2.endUserUI": "https://oauthasservices-###.hana.ondemand.com/oauth2",
      "oauth2.clients": [{
          "clientID": "123532-426436-234352354-2352-235-3252",
          "redirectURL": "scheme://redirect.url",
          "grantType": "authorization_code"
      }]
    }
    

    Will use the first client and ignore the rest.

    Throws

    ConfigurationError if a key is missing or the object has invalid structure

    Declaration

    Swift

    public init(config: Any) throws
  • Initializer of OAuth2AuthenticationParameters

    Declaration

    Swift

    public init?(certificateDiscoveryAuthenticationConfiguration configuration: [String : Any])

    Parameters

    certificateDiscoveryAuthenticationConfiguration

    Dictionary with oauth type, authorizationEndpoint, client_id, redirect_uri and tokenEndpoint

  • Initializer of OAuth2AuthenticationParameters

    Declaration

    Swift

    public init?(certificateDiscoveryConfiguration configuration: [String : Any])

    Parameters

    certificateDiscoveryConfiguration

    Dictionary with com.sap.mobilesecure.certificateService.authType key, that contains the authentication configuration paramteres