AppAuth: OIDAuthorizationRequest Class Reference (original) (raw)
Represents an authorization request. More...
#import <[OIDAuthorizationRequest.h](%5Fo%5Fi%5Fd%5Fauthorization%5Frequest%5F8h%5Fsource.html)>
| Instance Methods | |
|---|---|
| (instancetype) | - initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters: |
| Creates an authorization request with opinionated defaults (a secure state, and PKCE with S256 as the code_challenge_method). More... | |
| (instancetype) | - initWithConfiguration:clientId:clientSecret:scopes:redirectURL:responseType:additionalParameters: |
| Creates an authorization request with opinionated defaults (a secure state, nonce, and PKCE with S256 as the code_challenge_method). More... | |
| (instancetype) | - initWithConfiguration:clientId:clientSecret:scope:redirectURL:responseType:state:nonce:codeVerifier:codeChallenge:codeChallengeMethod:additionalParameters: |
| Designated initializer. More... | |
| (NSURL *) | - authorizationRequestURL |
| Constructs the request URI by adding the request parameters to the query component of the authorization endpoint URI using the "application/x-www-form-urlencoded" format. More... | |
 Instance Methods inherited from |
|
| (NSURL *) | - externalUserAgentRequestURL |
| Method to create and return the complete request URL instance. More... | |
| (NSString *) | - redirectScheme |
| If this external user-agent request has a redirect URL, this should return its scheme. Since some external requests have optional callbacks (such as the end session endpoint), the return value of this method is nullable. More... | |
| Class Methods | |
|---|---|
| (nullable NSString *) | + generateState |
| Generates an OAuth state param using a random source. More... | |
| (nullable NSString *) | + generateCodeVerifier |
| Constructs a PKCE-compliant code verifier. More... | |
| (nullable NSString *) | + codeChallengeS256ForVerifier: |
| Creates a PKCE S256 codeChallenge from the codeVerifier. More... | |
| Properties | |
|---|---|
| OIDServiceConfiguration * | configuration |
| The service's configuration. More... | |
| NSString * | responseType |
| The expected response type. More... | |
| NSString * | clientID |
| The client identifier. More... | |
| NSString * | clientSecret |
| The client secret. More... | |
| NSString * | scope |
| The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. More... | |
| NSURL * | redirectURL |
| The client's redirect URI. More... | |
| NSString * | state |
| An opaque value used by the client to maintain state between the request and callback. More... | |
| NSString * | nonce |
| String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values. More... | |
| NSString * | codeVerifier |
| The PKCE code verifier. More... | |
| NSString * | codeChallenge |
| The PKCE code challenge, derived from codeVerifier. More... | |
| NSString * | codeChallengeMethod |
| The method used to compute the codeChallenge. More... | |
| NSDictionary< NSString *, NSString * > * | additionalParameters |
| The client's additional authorization parameters. More... | |
◆ authorizationRequestURL()
| - (NSURL *) authorizationRequestURL |
|---|
Constructs the request URI by adding the request parameters to the query component of the authorization endpoint URI using the "application/x-www-form-urlencoded" format.
Returns
A URL representing the authorization request.
See also
https://tools.ietf.org/html/rfc6749#section-4.1.1
◆ codeChallengeS256ForVerifier:()
| + (nullable NSString *) codeChallengeS256ForVerifier: | (nullable NSString *) | codeVerifier |
|---|
◆ generateCodeVerifier()
| + (nullable NSString *) generateCodeVerifier |
|---|
◆ generateState()
| + (nullable NSString *) generateState |
|---|
◆ initWithConfiguration:clientId:clientSecret:scope:redirectURL:responseType:state:nonce:codeVerifier:codeChallenge:codeChallengeMethod:additionalParameters:()
| - (instancetype) initWithConfiguration: | (OIDServiceConfiguration *) | configuration |
|---|---|---|
| clientId: | (NSString *) | clientID |
| clientSecret: | (nullable NSString *) | clientSecret |
| scope: | (nullable NSString *) | scope |
| redirectURL: | (nullable NSURL *) | redirectURL |
| responseType: | (NSString *) | responseType |
| state: | (nullable NSString *) | state |
| nonce: | (nullable NSString *) | nonce |
| codeVerifier: | (nullable NSString *) | codeVerifier |
| codeChallenge: | (nullable NSString *) | codeChallenge |
| codeChallengeMethod: | (nullable NSString *) | codeChallengeMethod |
| additionalParameters: | (nullable NSDictionary< NSString *, NSString * > *) | NS_DESIGNATED_INITIALIZER |
Designated initializer.
Parameters
| configuration | The service's configuration. |
|---|---|
| clientID | The client identifier. |
| scope | A scope string per the OAuth2 spec (a space-delimited set of scopes). |
| redirectURL | The client's redirect URI. |
| responseType | The expected response type. |
| state | An opaque value used by the client to maintain state between the request and callback. |
| nonce | String value used to associate a Client session with an ID Token. Can be set to nil if not using OpenID Connect, although pure OAuth servers should ignore params they don't understand anyway. |
| codeVerifier | The PKCE code verifier. See generateCodeVerifier. |
| codeChallenge | The PKCE code challenge, calculated from the code verifier such as with codeChallengeS256ForVerifier:. |
| codeChallengeMethod | The PKCE code challenge method. OIDOAuthorizationRequestCodeChallengeMethodS256 when codeChallengeS256ForVerifier: is used to create the code challenge. |
| additionalParameters | The client's additional authorization parameters. |
◆ initWithConfiguration:clientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:()
| - (instancetype) initWithConfiguration: | (OIDServiceConfiguration *) | configuration |
|---|---|---|
| clientId: | (NSString *) | clientID |
| clientSecret: | (nullable NSString *) | clientSecret |
| scopes: | (nullable NSArray< NSString * > *) | scopes |
| redirectURL: | (NSURL *) | redirectURL |
| responseType: | (NSString *) | responseType |
| additionalParameters: | (nullable NSDictionary< NSString *, NSString * > *) | additionalParameters |
Creates an authorization request with opinionated defaults (a secure state, nonce, and PKCE with S256 as the code_challenge_method).
Parameters
| configuration | The service's configuration. |
|---|---|
| clientID | The client identifier. |
| clientSecret | The client secret. |
| scopes | An array of scopes to combine into a single scope string per the OAuth2 spec. |
| redirectURL | The client's redirect URI. |
| responseType | The expected response type. |
| additionalParameters | The client's additional authorization parameters. |
◆ initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:()
| - (instancetype) initWithConfiguration: | (OIDServiceConfiguration *) | configuration |
|---|---|---|
| clientId: | (NSString *) | clientID |
| scopes: | (nullable NSArray< NSString * > *) | scopes |
| redirectURL: | (NSURL *) | redirectURL |
| responseType: | (NSString *) | responseType |
| additionalParameters: | (nullable NSDictionary< NSString *, NSString * > *) | additionalParameters |
Creates an authorization request with opinionated defaults (a secure state, and PKCE with S256 as the code_challenge_method).
Parameters
| configuration | The service's configuration. |
|---|---|
| clientID | The client identifier. |
| scopes | An array of scopes to combine into a single scope string per the OAuth2 spec. |
| redirectURL | The client's redirect URI. |
| responseType | The expected response type. |
| additionalParameters | The client's additional authorization parameters. |
◆ additionalParameters
| - (NSDictionary<NSString *, NSString *>*) additionalParameters | readnonatomicassign |
|---|
◆ clientID
◆ clientSecret
| - (NSString*) clientSecret | readnonatomicassign |
|---|
◆ codeChallenge
| - (NSString*) codeChallenge | readnonatomicassign |
|---|
◆ codeChallengeMethod
| - (NSString*) codeChallengeMethod | readnonatomicassign |
|---|
◆ codeVerifier
| - (NSString*) codeVerifier | readnonatomicassign |
|---|
◆ configuration
The service's configuration.
◆ nonce
String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.
See also
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
◆ redirectURL
◆ responseType
| - (NSString*) responseType | readnonatomicassign |
|---|
◆ scope
◆ state
The documentation for this class was generated from the following file:
- Source/OIDAuthorizationRequest.h