Add support for custom Web Auth providers [SDK-3338] (#699)

* Add custom Web Auth providers implementation [SDK-3333] (#688)

* Implement custom Web Auth user agents

* Use a static factory

* Rename Safari provider methods

* Move custom description into user agents

* Remove optionals

* Add comment to SafariUserAgent

* Simplify implementation

* Return the closures directly

* Move Safari provider inside the library

* Handle other ASWebAuthenticationSessionError cases

* Move common logic to an extension

* Fix tests

* Remove whitespace

* Simplify implementation of custom Web Auth providers (#691)

* Add unit tests [SDK-3335] (#692)

* Add unit tests

* Remove unnecessary import

* Fix matcher name

* Use ASProvider in WebAuth test

* Add platform guards

* Update Auth0Tests/SafariProviderSpec.swift

Co-authored-by: Adam Mcgrath <[email protected]>

* Add additional unit tests (#694)

* Simplify the implementation some more (#695)

* Add API documentation (#697)

* Add API documentation

* Add link to example implementation

* Update Auth0/WebAuthUserAgent.swift

* Update Auth0/WebAuthUserAgent.swift

* Update FAQ and README (#698)

Co-authored-by: Adam Mcgrath <[email protected]>

Author: Widcket

App/AppDelegate.swift

@@ -10,5 +10,8 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
         return true
     }
 
-}
+    func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
+        return WebAuthentication.resume(with: url)
+    }
 
+}

App/ViewController.swift

@@ -10,9 +10,9 @@ class ViewController: UIViewController {
 
         self.onAuth = {
             switch $0 {
-            case .failure(let cause):
+            case .failure(let error):
                 DispatchQueue.main.async {
-                    self.alert(title: "Error", message: "\(cause)")
+                    self.alert(title: "Error", message: "\(error)")
                 }
             case .success(let credentials):
                 DispatchQueue.main.async {
@@ -25,13 +25,15 @@ class ViewController: UIViewController {
     }
 
     @IBAction func login(_ sender: Any) {
-        Auth0.webAuth()
+        Auth0
+            .webAuth()
             .logging(enabled: true)
             .start(onAuth)
     }
-    
+
     @IBAction func logout(_ sender: Any) {
-        Auth0.webAuth()
+        Auth0
+            .webAuth()
             .logging(enabled: true)
             .clearSession(federated: false) { result in
                 switch result {
@@ -44,12 +46,12 @@ class ViewController: UIViewController {
 }
 
 extension UIViewController {
-    
+
     func alert(title: String, message: String) {
         let alert = UIAlertController(title: title, message: message, preferredStyle: .alert)
         alert.addAction(UIAlertAction(title: "Ok", style: .default, handler: nil))
 
         present(alert, animated: true)
     }
-    
+
 }

Auth0.podspec

@@ -1,26 +1,27 @@
 web_auth_files = [
   'Auth0/Array+Encode.swift',
-  'Auth0/ASCallbackTransaction.swift',
-  'Auth0/ASTransaction.swift',
-  'Auth0/AuthSession.swift',
+  'Auth0/ASProvider.swift',
   'Auth0/AuthTransaction.swift',
   'Auth0/Auth0WebAuth.swift',
-  'Auth0/BaseCallbackTransaction.swift',
-  'Auth0/BaseTransaction.swift',
   'Auth0/BioAuthentication.swift',
   'Auth0/ChallengeGenerator.swift',
   'Auth0/ClaimValidators.swift',
+  'Auth0/ClearSessionTransaction.swift',
   'Auth0/IDTokenSignatureValidator.swift',
   'Auth0/IDTokenValidator.swift',
   'Auth0/IDTokenValidatorContext.swift',
   'Auth0/JWK+RSA.swift',
   'Auth0/JWT+Header.swift',
   'Auth0/JWTAlgorithm.swift',
+  'Auth0/LoginTransaction.swift',
   'Auth0/NSURLComponents+OAuth2.swift',
   'Auth0/OAuth2Grant.swift',
+  'Auth0/SafariProvider.swift',
   'Auth0/TransactionStore.swift',
   'Auth0/WebAuth.swift',
-  'Auth0/WebAuthError.swift'
+  'Auth0/WebAuthentication.swift',
+  'Auth0/WebAuthError.swift',
+  'Auth0/WebAuthUserAgent.swift'
 ]
 
 ios_files = ['Auth0/MobileWebAuth.swift']

Auth0.xcodeproj/project.pbxproj

@@ -0,0 +1,62 @@
+#if WEB_AUTH_PLATFORM
+import AuthenticationServices
+
+extension WebAuthentication {
+
+    static func asProvider(urlScheme: String, ephemeralSession: Bool = false) -> WebAuthProvider {
+        return { url, callback in
+            let session = ASWebAuthenticationSession(url: url, callbackURLScheme: urlScheme) {
+                guard let callbackURL = $0, $1 == nil else {
+                    if let error = $1, case ASWebAuthenticationSessionError.canceledLogin = error {
+                        callback(.failure(WebAuthError(code: .userCancelled)))
+                    } else if let error = $1 {
+                        callback(.failure(WebAuthError(code: .other, cause: error)))
+                    } else {
+                        callback(.failure(WebAuthError(code: .unknown("ASWebAuthenticationSession failed"))))
+                    }
+
+                    return TransactionStore.shared.clear()
+                }
+
+                _ = TransactionStore.shared.resume(callbackURL)
+            }
+
+            if #available(iOS 13.0, *) {
+                session.prefersEphemeralWebBrowserSession = ephemeralSession
+            }
+
+            return ASUserAgent(session: session, callback: callback)
+        }
+    }
+
+}
+
+class ASUserAgent: NSObject, WebAuthUserAgent {
+
+    let session: ASWebAuthenticationSession
+    let callback: (WebAuthResult<Void>) -> Void
+
+    init(session: ASWebAuthenticationSession, callback: @escaping (WebAuthResult<Void>) -> Void) {
+        self.session = session
+        self.callback = callback
+        super.init()
+
+        if #available(iOS 13.0, *) {
+            session.presentationContextProvider = self
+        }
+    }
+
+    func start() {
+        _ = self.session.start()
+    }
+
+    func finish(with result: WebAuthResult<Void>) {
+        callback(result)
+    }
+
+    public override var description: String {
+        return String(describing: ASWebAuthenticationSession.self)
+    }
+
+}
+#endif

Auth0/ASCallbackTransaction.swift

@@ -197,18 +197,13 @@ public func webAuth(clientId: String, domain: String, session: URLSession = .sha
 #endif
 
 func plistValues(bundle: Bundle) -> (clientId: String, domain: String)? {
-    guard
-        let path = bundle.path(forResource: "Auth0", ofType: "plist"),
-        let values = NSDictionary(contentsOfFile: path) as? [String: Any]
-        else {
+    guard let path = bundle.path(forResource: "Auth0", ofType: "plist"),
+          let values = NSDictionary(contentsOfFile: path) as? [String: Any] else {
             print("Missing Auth0.plist file with 'ClientId' and 'Domain' entries in main bundle!")
             return nil
         }
 
-    guard
-        let clientId = values["ClientId"] as? String,
-        let domain = values["Domain"] as? String
-        else {
+    guard let clientId = values["ClientId"] as? String, let domain = values["Domain"] as? String else {
             print("Auth0.plist file at \(path) is missing 'ClientId' and/or 'Domain' entries!")
             print("File currently has the following entries: \(values)")
             return nil

Auth0/ASProvider.swift

@@ -29,6 +29,11 @@ final class Auth0WebAuth: WebAuth {
     private(set) var maxAge: Int?
     private(set) var organization: String?
     private(set) var invitationURL: URL?
+    private(set) var provider: WebAuthProvider?
+
+    var state: String {
+        return self.parameters["state"] ?? self.generateDefaultState()
+    }
 
     lazy var redirectURL: URL? = {
         guard let bundleIdentifier = Bundle.main.bundleIdentifier else { return nil }
@@ -123,20 +128,28 @@ final class Auth0WebAuth: WebAuth {
         return self
     }
 
+    func provider(_ provider: @escaping WebAuthProvider) -> Self {
+        self.provider = provider
+        return self
+    }
+
     func start(_ callback: @escaping (WebAuthResult<Credentials>) -> Void) {
-        guard let redirectURL = self.redirectURL else {
+        guard let redirectURL = self.redirectURL, let urlScheme = redirectURL.scheme else {
             return callback(.failure(WebAuthError(code: .noBundleIdentifier)))
         }
+
         let handler = self.handler(redirectURL)
-        let state = self.parameters["state"] ?? generateDefaultState()
+        let state = self.state
         var organization: String? = self.organization
         var invitation: String?
+
         if let invitationURL = self.invitationURL {
             guard let queryItems = URLComponents(url: invitationURL, resolvingAgainstBaseURL: false)?.queryItems,
                 let organizationId = queryItems.first(where: { $0.name == "organization" })?.value,
                 let invitationId = queryItems.first(where: { $0.name == "invitation" })?.value else {
                     return callback(.failure(WebAuthError(code: .invalidInvitationURL(invitationURL.absoluteString))))
             }
+
             organization = organizationId
             invitation = invitationId
         }
@@ -146,36 +159,45 @@ final class Auth0WebAuth: WebAuth {
                                                   state: state,
                                                   organization: organization,
                                                   invitation: invitation)
-        let session = ASTransaction(authorizeURL: authorizeURL,
-                                    redirectURL: redirectURL,
-                                    state: state,
-                                    handler: handler,
-                                    logger: self.logger,
-                                    ephemeralSession: self.ephemeralSession,
-                                    callback: callback)
-        logger?.trace(url: authorizeURL, source: String(describing: session.self))
-        self.storage.store(session)
+        let provider = self.provider ?? WebAuthentication.asProvider(urlScheme: urlScheme,
+                                                                     ephemeralSession: ephemeralSession)
+        let userAgent = provider(authorizeURL) { result in
+            if case let .failure(error) = result {
+                callback(.failure(error))
+            }
+        }
+        let transaction = LoginTransaction(redirectURL: redirectURL,
+                                           state: state,
+                                           userAgent: userAgent,
+                                           handler: handler,
+                                           logger: self.logger,
+                                           callback: callback)
+        userAgent.start()
+        self.storage.store(transaction)
+        logger?.trace(url: authorizeURL, source: String(describing: userAgent.self))
     }
 
     func clearSession(federated: Bool, callback: @escaping (WebAuthResult<Void>) -> Void) {
         let endpoint = federated ?
             URL(string: "v2/logout?federated", relativeTo: self.url)! :
             URL(string: "v2/logout", relativeTo: self.url)!
-
         let returnTo = URLQueryItem(name: "returnTo", value: self.redirectURL?.absoluteString)
         let clientId = URLQueryItem(name: "client_id", value: self.clientId)
         var components = URLComponents(url: endpoint, resolvingAgainstBaseURL: true)
         let queryItems = components?.queryItems ?? []
         components?.queryItems = queryItems + [returnTo, clientId]
 
-        guard let logoutURL = components?.url, let redirectURL = self.redirectURL else {
+        guard let logoutURL = components?.url,
+              let redirectURL = self.redirectURL,
+              let urlScheme = redirectURL.scheme else {
             return callback(.failure(WebAuthError(code: .noBundleIdentifier)))
         }
 
-        let session = ASCallbackTransaction(url: logoutURL,
-                                            schemeURL: redirectURL,
-                                            callback: callback)
-        self.storage.store(session)
+        let provider = self.provider ?? WebAuthentication.asProvider(urlScheme: urlScheme)
+        let userAgent = provider(logoutURL, callback)
+        let transaction = ClearSessionTransaction(userAgent: userAgent)
+        userAgent.start()
+        self.storage.store(transaction)
     }
 
     func buildAuthorizeURL(withRedirectURL redirectURL: URL,
@@ -210,16 +232,18 @@ final class Auth0WebAuth: WebAuth {
         return components.url!
     }
 
-    func generateDefaultState() -> String? {
+    func generateDefaultState() -> String {
         let data = Data(count: 32)
         var tempData = data
 
         let result = tempData.withUnsafeMutableBytes {
             SecRandomCopyBytes(kSecRandomDefault, data.count, $0.baseAddress!)
         }
 
-        guard result == 0 else { return nil }
-        return tempData.a0_encodeBase64URLSafe()
+        guard result == 0, let state = tempData.a0_encodeBase64URLSafe()
+        else { return UUID().uuidString.replacingOccurrences(of: "-", with: "") }
+
+        return state
     }
 
     private func handler(_ redirectURL: URL) -> OAuth2Grant {