Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MOB-439: Access token refreshing #22

Merged
merged 3 commits into from
Feb 23, 2017
Merged

MOB-439: Access token refreshing #22

merged 3 commits into from
Feb 23, 2017

Conversation

mats-claassen
Copy link
Contributor

Fixes #7

Description

Access token refreshing implemented using the OAuth flow.
The expiration date of the refresh token is also saved so that if the refresh token is expired then the SDK can return an error immediately

Todos

  • Tests
  • Documentation

m-revetria
m-revetria suggested changes Feb 22, 2017
View reviewed changes
ID.me WebVerify SDK/IDmeWebVerify.m Outdated
}

NSString* token = [self.keychainData accessTokenForScope:scope];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't you use latestScope instead of scope here?

ID.me WebVerify SDK/IDmeWebVerifyKeychainData.m
@@ -11,6 +11,7 @@
/// Keychain Constants
#define IDME_KEYCHAIN_DATA_ACCOUNT @"IDME_KEYCHAIN_DATA"
#define IDME_EXPIRATION_DATE @"IDME_EXPIRATION_DATE"
#define IDME_REFRESH_EXPIRATION_DATE @"IDME_REFRESH_EXPIRATION_DATE"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when you load scope tokens from keychain, are you loading this new property?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is loaded.
I load a dictionary and save it directly in tokensByScope that is why this variable is not used when loading

ID.me WebVerify SDK/IDmeWebVerify.m Outdated
}

#pragma mark - Keychain access
- (void)saveDataFromJson:(NSDictionary* _Nonnull)json {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not clear enough what this function is expecting/saving just by reading its name. Please consider changing it for something more descriptive

ID.me WebVerify SDK/IDmeWebVerify.m
@@ -304,6 +308,39 @@ - (void)getAccessTokenWithScope:(NSString* _Nullable)scope forceRefreshing:(BOOL

}

- (void)refreshTokenForScope:(NSString* _Nonnull)scope callback:(IDmeVerifyWebVerifyTokenResults _Nonnull)callback {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getAccessTokenWithScope accepts a nullable scope value. Shouldn't this be similar to be consistent?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think so. This method is just called internally and only if there is a scope (either passed to getAccesToken or the latest used scope from the keychain)

ID.me WebVerify SDK/IDmeWebVerify.m Outdated
// TODO: refresh token
callback(nil, [self notAuthorizedErrorWithUserInfo:nil]);
// token has expired
[self refreshTokenForScope:scope callback:callback];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here too, latestScope vs scope?

ID.me WebVerify SDK/IDmeWebVerify.m Outdated
#define IDME_WEB_VERIFY_ERROR_DESCRIPTION_PARAM @"error_description"

// HTTP methods
#define GET_METHOD @"GET"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this doesn't seem to be used

ID.me WebVerify SDK/IDmeWebVerify.m Outdated
#define IDME_WEB_VERIFY_SIGN_UP_OR_LOGIN IDME_WEB_VERIFY_BASE_URL @"oauth/authorize?client_id=%@&redirect_uri=%@&response_type=token&scope=%@&op=%@"
#define IDME_WEB_VERIFY_GET_AUTH_URI IDME_WEB_VERIFY_BASE_URL @"oauth/authorize?client_id=%@&redirect_uri=%@&response_type=code&scope=%@"
#define IDME_WEB_VERIFY_SIGN_UP_OR_LOGIN IDME_WEB_VERIFY_BASE_URL @"oauth/authorize?client_id=%@&redirect_uri=%@&response_type=code&scope=%@&op=%@"
#define IDME_WEB_VERIFY_REFRESH_CODE_URL IDME_WEB_VERIFY_BASE_URL @"oauth/token"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please keep this alphabetically sorted

ID.me WebVerify SDK/IDmeWebVerify.m Outdated
#define IDME_WEB_VERIFY_GET_USER_PROFILE IDME_WEB_VERIFY_BASE_URL @"api/public/v2/data.json?access_token=%@"
#define IDME_WEB_VERIFY_REGISTER_CONNECTION_URI IDME_WEB_VERIFY_BASE_URL @"oauth/authorize?client_id=%@&redirect_uri=%@&response_type=code&op=signin&scope=%@&connect=%@&access_token=%@"
#define IDME_WEB_VERIFY_REGISTER_AFFILIATION_URI IDME_WEB_VERIFY_BASE_URL @"oauth/authorize?client_id=%@&redirect_uri=%@&response_type=code&scope=%@&access_token=%@"

/// Data Constants
#define IDME_WEB_VERIFY_ACCESS_TOKEN_PARAM @"access_token"
#define IDME_WEB_VERIFY_REFRESH_TOKEN_PARAM @"refresh_token"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

order here too

m-revetria
m-revetria reviewed Feb 23, 2017
View reviewed changes
ID.me WebVerify SDK/IDmeWebVerify.m Outdated
@@ -643,7 +642,7 @@ - (void)makePostRequestWithUrl:(NSString *_Nonnull)urlString parameters:(NSStrin
}

#pragma mark - Keychain access
- (void)saveDataFromJson:(NSDictionary* _Nonnull)json {
- (void)saveKeychainDataFromJson:(NSDictionary* _Nonnull)json scope:(NSString* _Nonnull)scope {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking something like saveTokenDataFromJson, I think it's more clear, if you read it then you will know that this functions expect a JSON representation of a token object (access token + refresh token + etc.) What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good.

@mats-claassen mats-claassen merged commit c3c185b into 4.x Feb 23, 2017
@mats-claassen mats-claassen deleted the MOB-439 branch February 23, 2017 15:30
@mats-claassen mats-claassen mentioned this pull request Mar 28, 2017
Merged
sdownie pushed a commit that referenced this pull request Mar 29, 2017
@mats-claassen @sdownie
MOB-439: Access token refreshing (#22)
3d9552a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sdownie sdownie sdownie approved these changes

@m-revetria m-revetria m-revetria approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mats-claassen @sdownie @m-revetria