Rename OIDC to OAuth. (#5525)
* Rename OIDC to OAuth. * Update the enterprise submodule.
This commit is contained in:
Doug
@@ -276,11 +276,11 @@ class AppCoordinator: AppCoordinatorProtocol, AuthenticationFlowCoordinatorDeleg
|
||||
case .accountProvisioningLink:
|
||||
handleAppRoute(route,
|
||||
windowType: windowType)
|
||||
case .oidcCallback(let url):
|
||||
case .oAuthCallback(let url):
|
||||
if stateMachine.state == .softLogout {
|
||||
softLogoutCoordinator?.handleOIDCRedirectURL(url)
|
||||
softLogoutCoordinator?.handleOAuthCallbackURL(url)
|
||||
} else {
|
||||
authenticationFlowCoordinator?.handleOIDCRedirectURL(url)
|
||||
authenticationFlowCoordinator?.handleOAuthCallbackURL(url)
|
||||
}
|
||||
case .userProfile(let userID):
|
||||
if isExternalURL {
|
||||
|
||||
@@ -14,9 +14,9 @@ import MatrixRustSDK
|
||||
enum AppRoute: Hashable {
|
||||
/// An account provisioning link generated externally.
|
||||
case accountProvisioningLink(AccountProvisioningParameters)
|
||||
/// An external callback used to complete login with OIDC. This is only used when authentication
|
||||
/// requires an external app so cannot be done within the built in web authentication session.
|
||||
case oidcCallback(url: URL)
|
||||
/// An external callback used to complete login with OAuth. This is only used when authentication
|
||||
/// requires an external app so cannot be handled directly by the web authentication session.
|
||||
case oAuthCallback(url: URL)
|
||||
|
||||
/// The app's home screen.
|
||||
case roomList
|
||||
@@ -61,7 +61,7 @@ enum AppRoute: Hashable {
|
||||
var isAuthenticationRoute: Bool {
|
||||
switch self {
|
||||
case .accountProvisioningLink: true
|
||||
case .oidcCallback: true
|
||||
case .oAuthCallback: true
|
||||
default: false
|
||||
}
|
||||
}
|
||||
@@ -87,7 +87,7 @@ struct AppRouteURLParser {
|
||||
MatrixPermalinkParser(),
|
||||
ElementWebURLParser(domains: appSettings.elementWebHosts),
|
||||
AccountProvisioningURLParser(domain: appSettings.accountProvisioningHost),
|
||||
OIDCCallbackURLParser(redirectURL: appSettings.oidcRedirectURL)
|
||||
OAuthCallbackURLParser(redirectURL: appSettings.oAuthRedirectURL)
|
||||
]
|
||||
}
|
||||
|
||||
@@ -204,12 +204,12 @@ private struct AccountProvisioningURLParser: URLParser {
|
||||
}
|
||||
}
|
||||
|
||||
/// The parser for the OIDC callback URL. This always returns a `.oidcCallback`.
|
||||
struct OIDCCallbackURLParser: URLParser {
|
||||
/// The parser for the OAuth callback URL. This always returns an `.oAuthCallback`.
|
||||
struct OAuthCallbackURLParser: URLParser {
|
||||
let redirectURL: URL
|
||||
|
||||
func route(from url: URL) -> AppRoute? {
|
||||
guard url.absoluteString.starts(with: redirectURL.absoluteString) else { return nil }
|
||||
return .oidcCallback(url: url)
|
||||
return .oAuthCallback(url: url)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -135,7 +135,7 @@ final class AppSettings {
|
||||
allowOtherAccountProviders: Bool,
|
||||
hideBrandChrome: Bool,
|
||||
pushGatewayBaseURL: URL,
|
||||
oidcRedirectURL: URL,
|
||||
oAuthRedirectURL: URL,
|
||||
websiteURL: URL,
|
||||
logoURL: URL,
|
||||
copyrightURL: URL,
|
||||
@@ -155,7 +155,7 @@ final class AppSettings {
|
||||
self.allowOtherAccountProviders = allowOtherAccountProviders
|
||||
self.hideBrandChrome = hideBrandChrome
|
||||
self.pushGatewayBaseURL = pushGatewayBaseURL
|
||||
self.oidcRedirectURL = oidcRedirectURL
|
||||
self.oAuthRedirectURL = oAuthRedirectURL
|
||||
self.websiteURL = websiteURL
|
||||
self.logoURL = logoURL
|
||||
self.copyrightURL = copyrightURL
|
||||
@@ -249,19 +249,19 @@ final class AppSettings {
|
||||
|
||||
// MARK: - Authentication
|
||||
|
||||
/// Any pre-defined static client registrations for OIDC issuers.
|
||||
let oidcStaticRegistrations: [URL: String] = ["https://id.thirdroom.io/realms/thirdroom": "elementx"]
|
||||
/// The redirect URL used for OIDC. For the normal case we don't actually need the bundle ID as the web authentication session handles the redirect internally.
|
||||
/// Any pre-defined static client registrations for OAuth issuers.
|
||||
let oAuthStaticRegistrations: [URL: String] = ["https://id.thirdroom.io/realms/thirdroom": "elementx"]
|
||||
/// The redirect URL used for OAuth. For the normal case we don't actually need the bundle ID as the web authentication session handles the redirect internally.
|
||||
/// However in the case where MAS sends the user to an external app, we need to make sure that the system will open the correct variant of the app (e.g. Nightly).
|
||||
private(set) var oidcRedirectURL: URL! = URL(string: "https://element.io/oauth/ios/\(InfoPlistReader.main.bundleIdentifier)")
|
||||
private(set) var oAuthRedirectURL: URL! = URL(string: "https://element.io/oauth/ios/\(InfoPlistReader.main.bundleIdentifier)")
|
||||
|
||||
private(set) lazy var oidcConfiguration = OIDCConfiguration(clientName: InfoPlistReader.main.bundleDisplayName,
|
||||
redirectURI: oidcRedirectURL,
|
||||
clientURI: websiteURL,
|
||||
logoURI: logoURL,
|
||||
tosURI: acceptableUseURL,
|
||||
policyURI: privacyURL,
|
||||
staticRegistrations: oidcStaticRegistrations.mapKeys { $0.absoluteString })
|
||||
private(set) lazy var oAuthConfiguration = OAuthConfiguration(clientName: InfoPlistReader.main.bundleDisplayName,
|
||||
redirectURI: oAuthRedirectURL,
|
||||
clientURI: websiteURL,
|
||||
logoURI: logoURL,
|
||||
tosURI: acceptableUseURL,
|
||||
policyURI: privacyURL,
|
||||
staticRegistrations: oAuthStaticRegistrations.mapKeys { $0.absoluteString })
|
||||
|
||||
/// Whether or not the Create Account button is shown on the start screen.
|
||||
///
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
//
|
||||
// Copyright 2025 Element Creations Ltd.
|
||||
// Copyright 2024-2025 New Vector Ltd.
|
||||
//
|
||||
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
|
||||
// Please see LICENSE files in the repository root for full details.
|
||||
//
|
||||
|
||||
import Foundation
|
||||
import MatrixRustSDK
|
||||
|
||||
struct OAuthConfiguration {
|
||||
let clientName: String
|
||||
let redirectURI: URL
|
||||
let clientURI: URL
|
||||
let logoURI: URL
|
||||
let tosURI: URL
|
||||
let policyURI: URL
|
||||
let staticRegistrations: [String: String]
|
||||
}
|
||||
|
||||
#if canImport(MatrixRustSDK)
|
||||
import MatrixRustSDK
|
||||
|
||||
extension OAuthConfiguration {
|
||||
var rustValue: MatrixRustSDK.OAuthConfiguration {
|
||||
MatrixRustSDK.OAuthConfiguration(clientName: clientName,
|
||||
redirectUri: redirectURI.absoluteString,
|
||||
clientUri: clientURI.absoluteString,
|
||||
logoUri: logoURI.absoluteString,
|
||||
tosUri: tosURI.absoluteString,
|
||||
policyUri: policyURI.absoluteString,
|
||||
staticRegistrations: staticRegistrations)
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -1,35 +0,0 @@
|
||||
//
|
||||
// Copyright 2025 Element Creations Ltd.
|
||||
// Copyright 2024-2025 New Vector Ltd.
|
||||
//
|
||||
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
|
||||
// Please see LICENSE files in the repository root for full details.
|
||||
//
|
||||
|
||||
import Foundation
|
||||
|
||||
struct OIDCConfiguration {
|
||||
let clientName: String
|
||||
let redirectURI: URL
|
||||
let clientURI: URL
|
||||
let logoURI: URL
|
||||
let tosURI: URL
|
||||
let policyURI: URL
|
||||
let staticRegistrations: [String: String]
|
||||
}
|
||||
|
||||
#if canImport(MatrixRustSDK)
|
||||
import MatrixRustSDK
|
||||
|
||||
extension OIDCConfiguration {
|
||||
var rustValue: OAuthConfiguration {
|
||||
OAuthConfiguration(clientName: clientName,
|
||||
redirectUri: redirectURI.absoluteString,
|
||||
clientUri: clientURI.absoluteString,
|
||||
logoUri: logoURI.absoluteString,
|
||||
tosUri: tosURI.absoluteString,
|
||||
policyUri: policyURI.absoluteString,
|
||||
staticRegistrations: staticRegistrations)
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -96,7 +96,7 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
private let stateMachine: StateMachine<State, Event>
|
||||
private var cancellables = Set<AnyCancellable>()
|
||||
|
||||
private var oidcPresenter: OIDCAuthenticationPresenter?
|
||||
private var oAuthPresenter: OAuthAuthenticationPresenter?
|
||||
|
||||
// periphery:ignore - retaining purpose
|
||||
private var bugReportFlowCoordinator: BugReportFlowCoordinator?
|
||||
@@ -151,7 +151,7 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
}
|
||||
|
||||
func clearRoute(animated: Bool) {
|
||||
oidcPresenter?.cancel() // Handle ongoing OIDC authentication first.
|
||||
oAuthPresenter?.cancel() // Handle ongoing OAuth authentication first.
|
||||
|
||||
switch stateMachine.state {
|
||||
case .initial, .startScreen:
|
||||
@@ -175,13 +175,13 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
}
|
||||
}
|
||||
|
||||
func handleOIDCRedirectURL(_ url: URL) {
|
||||
guard let oidcPresenter else {
|
||||
MXLog.error("Failed to find an OIDC request in progress.")
|
||||
func handleOAuthCallbackURL(_ url: URL) {
|
||||
guard let oAuthPresenter else {
|
||||
MXLog.error("Failed to find an OAuth request in progress.")
|
||||
return
|
||||
}
|
||||
|
||||
oidcPresenter.handleUniversalLinkCallback(url)
|
||||
oAuthPresenter.handleUniversalLinkCallback(url)
|
||||
}
|
||||
|
||||
// MARK: - Setup
|
||||
@@ -247,8 +247,8 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
// Completion
|
||||
|
||||
stateMachine.addRoutes(event: .signedIn, transitions: [.qrCodeLoginScreen => .complete,
|
||||
.serverConfirmationScreen => .complete, // OIDC authentication
|
||||
.startScreen => .complete, // Direct OIDC authentication
|
||||
.serverConfirmationScreen => .complete, // OAuth authentication
|
||||
.startScreen => .complete, // Direct OAuth authentication
|
||||
.loginScreen => .complete]) { [weak self] context in
|
||||
guard let userSession = context.userInfo as? UserSessionProtocol else { fatalError("The user session wasn't included in the context") }
|
||||
self?.userHasSignedIn(userSession: userSession)
|
||||
@@ -300,8 +300,8 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
case .register:
|
||||
stateMachine.tryEvent(.confirmServer(.register))
|
||||
|
||||
case .loginDirectlyWithOIDC(let oidcData, let window):
|
||||
showOIDCAuthentication(oidcData: oidcData, presentationAnchor: window)
|
||||
case .loginDirectlyWithOAuth(let oAuthData, let window):
|
||||
showOAuthAuthentication(oAuthData: oAuthData, presentationAnchor: window)
|
||||
case .loginDirectlyWithPassword(let loginHint):
|
||||
stateMachine.tryEvent(.continueWithPassword, userInfo: loginHint)
|
||||
|
||||
@@ -335,8 +335,8 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
switch action {
|
||||
case .startOver:
|
||||
fatalError("QR code login shouldn't request to start over as it's handled within the screen.")
|
||||
case .requestOIDCAuthorisation, .linkedDevice:
|
||||
fatalError("QR code login shouldn't request an OIDC flow or link a device.")
|
||||
case .requestOAuthAuthorisation, .linkedDevice:
|
||||
fatalError("QR code login shouldn't request an OAuth flow or link a device.")
|
||||
case .signInManually:
|
||||
navigationStackCoordinator.setSheetCoordinator(nil)
|
||||
stateMachine.tryEvent(.cancelledLoginWithQR)
|
||||
@@ -374,8 +374,8 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
guard let self else { return }
|
||||
|
||||
switch action {
|
||||
case .continueWithOIDC(let oidcData, let window):
|
||||
showOIDCAuthentication(oidcData: oidcData, presentationAnchor: window)
|
||||
case .continueWithOAuth(let oAuthData, let window):
|
||||
showOAuthAuthentication(oAuthData: oAuthData, presentationAnchor: window)
|
||||
case .continueWithPassword:
|
||||
stateMachine.tryEvent(.continueWithPassword)
|
||||
case .changeServer:
|
||||
@@ -420,22 +420,22 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
/// **Note:** We have intentionally excluded this presentation from the state machine as it doesn't mutate our navigation stack and there
|
||||
/// isn't a robust way to detect why the user returned to the app when the MAS URL directly opens an external app for authentication without
|
||||
/// presenting a web authentication session.
|
||||
private func showOIDCAuthentication(oidcData: OIDCAuthorizationDataProxy, presentationAnchor: UIWindow) {
|
||||
let presenter = OIDCAuthenticationPresenter(authenticationService: authenticationService,
|
||||
oidcRedirectURL: appSettings.oidcRedirectURL,
|
||||
presentationAnchor: presentationAnchor,
|
||||
appMediator: appMediator,
|
||||
userIndicatorController: userIndicatorController)
|
||||
oidcPresenter = presenter
|
||||
private func showOAuthAuthentication(oAuthData: OAuthAuthorizationDataProxy, presentationAnchor: UIWindow) {
|
||||
let presenter = OAuthAuthenticationPresenter(authenticationService: authenticationService,
|
||||
redirectURL: appSettings.oAuthRedirectURL,
|
||||
presentationAnchor: presentationAnchor,
|
||||
appMediator: appMediator,
|
||||
userIndicatorController: userIndicatorController)
|
||||
oAuthPresenter = presenter
|
||||
|
||||
Task {
|
||||
switch await presenter.authenticate(using: oidcData) {
|
||||
switch await presenter.authenticate(using: oAuthData) {
|
||||
case .success(let userSession):
|
||||
stateMachine.tryEvent(.signedIn, userInfo: userSession)
|
||||
case .failure:
|
||||
break // Nothing to do, any alerts will be handled by the presenter.
|
||||
}
|
||||
oidcPresenter = nil
|
||||
oAuthPresenter = nil
|
||||
}
|
||||
}
|
||||
|
||||
@@ -454,8 +454,8 @@ class AuthenticationFlowCoordinator: FlowCoordinatorProtocol {
|
||||
switch action {
|
||||
case .signedIn(let userSession):
|
||||
stateMachine.tryEvent(.signedIn, userInfo: userSession)
|
||||
case .configuredForOIDC:
|
||||
// Pop back to the confirmation screen for OIDC login to continue.
|
||||
case .configuredForOAuth:
|
||||
// Pop back to the confirmation screen for OAuth login to continue.
|
||||
navigationStackCoordinator.pop(animated: false)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -174,7 +174,7 @@ class ChatsTabFlowCoordinator: FlowCoordinatorProtocol {
|
||||
}
|
||||
case .globalSearch:
|
||||
presentGlobalSearch()
|
||||
case .accountProvisioningLink, .oidcCallback, .settings, .chatBackupSettings, .call:
|
||||
case .accountProvisioningLink, .oAuthCallback, .settings, .chatBackupSettings, .call:
|
||||
break // These routes cannot be handled.
|
||||
}
|
||||
}
|
||||
|
||||
@@ -122,8 +122,8 @@ class EncryptionResetFlowCoordinator: FlowCoordinatorProtocol {
|
||||
guard let self else { return }
|
||||
|
||||
switch action {
|
||||
case .requestOIDCAuthorisation(let url):
|
||||
presentOIDCAuthorization(for: url)
|
||||
case .requestOAuthAuthorisation(let url):
|
||||
presentOAuthAuthorization(for: url)
|
||||
case .requestPassword(let passwordPublisher):
|
||||
stateMachine.tryEvent(.confirmPassword, userInfo: passwordPublisher)
|
||||
case .cancel:
|
||||
@@ -155,14 +155,14 @@ class EncryptionResetFlowCoordinator: FlowCoordinatorProtocol {
|
||||
}
|
||||
}
|
||||
|
||||
private var accountSettingsPresenter: OIDCAccountSettingsPresenter?
|
||||
private func presentOIDCAuthorization(for url: URL) {
|
||||
private var accountSettingsPresenter: OAuthAccountSettingsPresenter?
|
||||
private func presentOAuthAuthorization(for url: URL) {
|
||||
// Note to anyone in the future if you come back here to make this open in Safari instead of a WAS.
|
||||
// As of iOS 16, there is an issue on the simulator with accessing the cookie but it works on a device. 🤷♂️
|
||||
accountSettingsPresenter = OIDCAccountSettingsPresenter(accountURL: url,
|
||||
presentationAnchor: windowManager.mainWindow,
|
||||
appMediator: appMediator,
|
||||
appSettings: appSettings)
|
||||
accountSettingsPresenter = OAuthAccountSettingsPresenter(accountURL: url,
|
||||
presentationAnchor: windowManager.mainWindow,
|
||||
appMediator: appMediator,
|
||||
appSettings: appSettings)
|
||||
accountSettingsPresenter?.start()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -80,7 +80,7 @@ class EncryptionSettingsFlowCoordinator: FlowCoordinatorProtocol {
|
||||
MXLog.info("Handling app route: \(appRoute)")
|
||||
|
||||
switch appRoute {
|
||||
case .accountProvisioningLink, .oidcCallback:
|
||||
case .accountProvisioningLink, .oAuthCallback:
|
||||
break // We always ignore these flows when logged in.
|
||||
case .roomList, .room, .roomAlias, .childRoom, .childRoomAlias,
|
||||
.roomDetails, .roomMemberDetails, .userProfile, .thread,
|
||||
|
||||
@@ -9,7 +9,7 @@ import Combine
|
||||
import Foundation
|
||||
|
||||
enum LinkNewDeviceFlowCoordinatorAction {
|
||||
case requestOIDCAuthorisation(URL, OIDCAccountSettingsPresenter.Continuation)
|
||||
case requestOAuthAuthorisation(URL, OAuthAccountSettingsPresenter.Continuation)
|
||||
case dismiss
|
||||
}
|
||||
|
||||
@@ -77,8 +77,8 @@ class LinkNewDeviceFlowCoordinator: FlowCoordinatorProtocol {
|
||||
fatalError("QR linking shouldn't send sign-in actions.")
|
||||
case .startOver:
|
||||
navigationStackCoordinator.pop() // Pops back to the LinkNewDeviceScreen.
|
||||
case .requestOIDCAuthorisation(let url, let continuation):
|
||||
actionsSubject.send(.requestOIDCAuthorisation(url, continuation))
|
||||
case .requestOAuthAuthorisation(let url, let continuation):
|
||||
actionsSubject.send(.requestOAuthAuthorisation(url, continuation))
|
||||
case .linkedDevice:
|
||||
actionsSubject.send(.dismiss)
|
||||
case .cancel:
|
||||
|
||||
@@ -201,7 +201,7 @@ class RoomFlowCoordinator: FlowCoordinatorProtocol {
|
||||
}
|
||||
case .roomAlias, .childRoomAlias, .eventOnRoomAlias, .childEventOnRoomAlias:
|
||||
break // These are converted to a room ID route one level above.
|
||||
case .accountProvisioningLink, .oidcCallback, .roomList, .userProfile, .call, .settings, .chatBackupSettings, .globalSearch:
|
||||
case .accountProvisioningLink, .oAuthCallback, .roomList, .userProfile, .call, .settings, .chatBackupSettings, .globalSearch:
|
||||
break // These routes can't be handled.
|
||||
case .transferOwnership(let roomID):
|
||||
guard self.roomID == roomID else { fatalError("Navigation route doesn't belong to this room flow.") }
|
||||
|
||||
@@ -120,7 +120,7 @@ final class RoomMembersFlowCoordinator: FlowCoordinatorProtocol {
|
||||
}
|
||||
case .roomAlias, .childRoomAlias, .eventOnRoomAlias, .childEventOnRoomAlias:
|
||||
break // These are converted to a room ID route one level above.
|
||||
case .accountProvisioningLink, .oidcCallback,
|
||||
case .accountProvisioningLink, .oAuthCallback,
|
||||
.roomList, .room, .roomDetails, .event,
|
||||
.userProfile, .call, .settings, .chatBackupSettings,
|
||||
.share, .transferOwnership, .thread, .globalSearch:
|
||||
|
||||
@@ -188,7 +188,7 @@ class SettingsFlowCoordinator: FlowCoordinatorProtocol {
|
||||
switch action {
|
||||
case .dismiss:
|
||||
navigationStackCoordinator.setSheetCoordinator(nil)
|
||||
case .requestOIDCAuthorisation(let url, let continuation):
|
||||
case .requestOAuthAuthorisation(let url, let continuation):
|
||||
presentAccountManagementURL(url, continuation: continuation)
|
||||
}
|
||||
}
|
||||
@@ -295,17 +295,17 @@ class SettingsFlowCoordinator: FlowCoordinatorProtocol {
|
||||
navigationStackCoordinator.push(coordinator)
|
||||
}
|
||||
|
||||
// MARK: OIDC Account Management
|
||||
// MARK: OAuth Account Management
|
||||
|
||||
private var accountSettingsPresenter: OIDCAccountSettingsPresenter?
|
||||
private func presentAccountManagementURL(_ url: URL, continuation: OIDCAccountSettingsPresenter.Continuation? = nil) {
|
||||
private var accountSettingsPresenter: OAuthAccountSettingsPresenter?
|
||||
private func presentAccountManagementURL(_ url: URL, continuation: OAuthAccountSettingsPresenter.Continuation? = nil) {
|
||||
// Note to anyone in the future if you come back here to make this open in Safari instead of a WAS.
|
||||
// As of iOS 16, there is an issue on the simulator with accessing the cookie but it works on a device. 🤷♂️
|
||||
accountSettingsPresenter = OIDCAccountSettingsPresenter(accountURL: url,
|
||||
presentationAnchor: flowParameters.windowManager.mainWindow,
|
||||
appMediator: flowParameters.appMediator,
|
||||
appSettings: flowParameters.appSettings,
|
||||
continuation: continuation)
|
||||
accountSettingsPresenter = OAuthAccountSettingsPresenter(accountURL: url,
|
||||
presentationAnchor: flowParameters.windowManager.mainWindow,
|
||||
appMediator: flowParameters.appMediator,
|
||||
appSettings: flowParameters.appSettings,
|
||||
continuation: continuation)
|
||||
accountSettingsPresenter?.start()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -121,7 +121,7 @@ class UserSessionFlowCoordinator: FlowCoordinatorProtocol {
|
||||
MXLog.info("Handling app route: \(appRoute)")
|
||||
|
||||
switch appRoute {
|
||||
case .accountProvisioningLink, .oidcCallback:
|
||||
case .accountProvisioningLink, .oAuthCallback:
|
||||
break // We always ignore these flows when logged in.
|
||||
case .settings, .chatBackupSettings:
|
||||
if ProcessInfo.processInfo.isiOSAppOnMac, flowParameters.windowManager.secondaryWindowsEnabled {
|
||||
|
||||
@@ -18,26 +18,26 @@ extension AuthenticationClientFactoryMock {
|
||||
"example.com": ClientSDKMock(configuration: .init(serverAddress: "example.com",
|
||||
homeserverURL: "https://matrix.example.com",
|
||||
slidingSyncVersion: .native,
|
||||
oidcLoginURL: nil,
|
||||
supportsOIDCCreatePrompt: false,
|
||||
oAuthLoginURL: nil,
|
||||
supportsOAuthCreatePrompt: false,
|
||||
supportsPasswordLogin: true)),
|
||||
"company.com": ClientSDKMock(configuration: .init(serverAddress: "company.com",
|
||||
homeserverURL: "https://matrix.company.com",
|
||||
slidingSyncVersion: .native,
|
||||
oidcLoginURL: "https://auth.company.com/oidc",
|
||||
supportsOIDCCreatePrompt: false,
|
||||
oAuthLoginURL: "https://auth.company.com/login",
|
||||
supportsOAuthCreatePrompt: false,
|
||||
supportsPasswordLogin: false)),
|
||||
"server.net": ClientSDKMock(configuration: .init(serverAddress: "server.net",
|
||||
homeserverURL: "https://matrix.server.net",
|
||||
slidingSyncVersion: .native,
|
||||
oidcLoginURL: nil,
|
||||
supportsOIDCCreatePrompt: false,
|
||||
oAuthLoginURL: nil,
|
||||
supportsOAuthCreatePrompt: false,
|
||||
supportsPasswordLogin: false)),
|
||||
"secure.gov": ClientSDKMock(configuration: .init(serverAddress: "secure.gov",
|
||||
homeserverURL: "https://ess.secure.gov",
|
||||
slidingSyncVersion: .native,
|
||||
oidcLoginURL: "https://auth.secure.gov/oidc",
|
||||
supportsOIDCCreatePrompt: false,
|
||||
oAuthLoginURL: "https://auth.secure.gov/login",
|
||||
supportsOAuthCreatePrompt: false,
|
||||
supportsPasswordLogin: false,
|
||||
elementWellKnown: "{\"version\":1,\"enforce_element_pro\":true}"))
|
||||
]
|
||||
|
||||
@@ -17,8 +17,8 @@ extension ClientSDKMock {
|
||||
var serverAddress = "matrix.org"
|
||||
var homeserverURL = "https://matrix-client.matrix.org"
|
||||
var slidingSyncVersion = SlidingSyncVersion.native
|
||||
var oidcLoginURL: String? = "https://account.matrix.org/authorize"
|
||||
var supportsOIDCCreatePrompt = true
|
||||
var oAuthLoginURL: String? = "https://account.matrix.org/authorize"
|
||||
var supportsOAuthCreatePrompt = true
|
||||
var supportsPasswordLogin = true
|
||||
var elementWellKnown: String?
|
||||
var validCredentials = (username: "alice", password: "12345678")
|
||||
@@ -77,8 +77,8 @@ extension HomeserverLoginDetailsSDKMock {
|
||||
|
||||
slidingSyncVersionReturnValue = configuration.slidingSyncVersion
|
||||
supportsPasswordLoginReturnValue = configuration.supportsPasswordLogin
|
||||
supportsOauthLoginReturnValue = configuration.oidcLoginURL != nil
|
||||
supportedOauthPromptsReturnValue = switch (configuration.oidcLoginURL, configuration.supportsOIDCCreatePrompt) {
|
||||
supportsOauthLoginReturnValue = configuration.oAuthLoginURL != nil
|
||||
supportedOauthPromptsReturnValue = switch (configuration.oAuthLoginURL, configuration.supportsOAuthCreatePrompt) {
|
||||
case (.none, _): []
|
||||
case (.some, true): [.consent, .create]
|
||||
case (.some, false): [.consent]
|
||||
@@ -91,6 +91,6 @@ extension OAuthAuthorizationDataSDKMock {
|
||||
convenience init(configuration: ClientSDKMock.Configuration) {
|
||||
self.init()
|
||||
|
||||
loginUrlReturnValue = configuration.oidcLoginURL
|
||||
loginUrlReturnValue = configuration.oAuthLoginURL
|
||||
}
|
||||
}
|
||||
|
||||
@@ -46,17 +46,17 @@ struct LoginHomeserver: Equatable {
|
||||
extension LoginHomeserver {
|
||||
/// A mock homeserver that is configured just like matrix.org.
|
||||
static var mockMatrixDotOrg: LoginHomeserver {
|
||||
LoginHomeserver(address: "matrix.org", loginMode: .oidc(supportsCreatePrompt: true))
|
||||
LoginHomeserver(address: "matrix.org", loginMode: .oAuth(supportsCreatePrompt: true))
|
||||
}
|
||||
|
||||
/// A mock homeserver that supports login and registration via a password but has no SSO providers.
|
||||
/// A mock homeserver that supports login and registration via a password but has no OAuth support.
|
||||
static var mockBasicServer: LoginHomeserver {
|
||||
LoginHomeserver(address: "example.com", loginMode: .password)
|
||||
}
|
||||
|
||||
/// A mock homeserver that supports only supports authentication via a single SSO provider.
|
||||
static var mockOIDC: LoginHomeserver {
|
||||
LoginHomeserver(address: "company.com", loginMode: .oidc(supportsCreatePrompt: false))
|
||||
/// A mock homeserver that supports only supports authentication via OAuth.
|
||||
static var mockOAuth: LoginHomeserver {
|
||||
LoginHomeserver(address: "company.com", loginMode: .oAuth(supportsCreatePrompt: false))
|
||||
}
|
||||
|
||||
/// A mock homeserver that only with no supported login flows.
|
||||
|
||||
@@ -13,15 +13,15 @@ enum LoginMode: Equatable {
|
||||
/// The login mode hasn't been determined yet.
|
||||
case unknown
|
||||
/// The homeserver supports login via OpenID Connect.
|
||||
case oidc(supportsCreatePrompt: Bool)
|
||||
case oAuth(supportsCreatePrompt: Bool)
|
||||
/// The homeserver supports login with a password.
|
||||
case password
|
||||
/// The homeserver only allows login with unsupported mechanisms. Use fallback instead.
|
||||
case unsupported
|
||||
|
||||
var supportsOIDCFlow: Bool {
|
||||
var supportsOAuthFlow: Bool {
|
||||
switch self {
|
||||
case .oidc: true
|
||||
case .oAuth: true
|
||||
default: false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,8 +20,8 @@ struct LoginScreenCoordinatorParameters {
|
||||
}
|
||||
|
||||
enum LoginScreenCoordinatorAction {
|
||||
/// The homeserver was updated to one that supports OIDC.
|
||||
case configuredForOIDC
|
||||
/// The homeserver was updated to one that supports OAuth.
|
||||
case configuredForOAuth
|
||||
/// Login was successful.
|
||||
case signedIn(UserSessionProtocol)
|
||||
}
|
||||
@@ -62,8 +62,8 @@ final class LoginScreenCoordinator: CoordinatorProtocol {
|
||||
guard let self else { return }
|
||||
|
||||
switch action {
|
||||
case .configuredForOIDC:
|
||||
actionsSubject.send(.configuredForOIDC)
|
||||
case .configuredForOAuth:
|
||||
actionsSubject.send(.configuredForOAuth)
|
||||
case .signedIn(let userSession):
|
||||
actionsSubject.send(.signedIn(userSession))
|
||||
}
|
||||
|
||||
@@ -9,14 +9,14 @@
|
||||
import Foundation
|
||||
|
||||
enum LoginScreenViewModelAction {
|
||||
/// The homeserver was updated to one that supports OIDC.
|
||||
case configuredForOIDC
|
||||
/// The homeserver was updated to one that supports OAuth.
|
||||
case configuredForOAuth
|
||||
/// Login was successful.
|
||||
case signedIn(UserSessionProtocol)
|
||||
|
||||
var isConfiguredForOIDC: Bool {
|
||||
var isConfiguredForOAuth: Bool {
|
||||
switch self {
|
||||
case .configuredForOIDC: true
|
||||
case .configuredForOAuth: true
|
||||
default: false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -78,8 +78,8 @@ class LoginScreenViewModel: LoginScreenViewModelType, LoginScreenViewModelProtoc
|
||||
Task {
|
||||
switch await authenticationService.configure(for: homeserverDomain, flow: .login) {
|
||||
case .success:
|
||||
if authenticationService.homeserver.value.loginMode.supportsOIDCFlow {
|
||||
actionsSubject.send(.configuredForOIDC)
|
||||
if authenticationService.homeserver.value.loginMode.supportsOAuthFlow {
|
||||
actionsSubject.send(.configuredForOAuth)
|
||||
}
|
||||
stopLoading()
|
||||
case .failure(let error):
|
||||
|
||||
@@ -27,7 +27,7 @@ struct LoginScreen: View {
|
||||
switch context.viewState.loginMode {
|
||||
case .password:
|
||||
loginForm
|
||||
case .oidc:
|
||||
case .oAuth:
|
||||
// This should never be shown.
|
||||
ProgressView()
|
||||
default:
|
||||
@@ -102,7 +102,7 @@ struct LoginScreen: View {
|
||||
}
|
||||
}
|
||||
|
||||
/// Text shown if neither password or OIDC login is supported.
|
||||
/// Text shown if neither password or OAuth login is supported.
|
||||
var loginUnavailableText: some View {
|
||||
Text(L10n.screenLoginErrorUnsupportedAuthentication)
|
||||
.font(.body)
|
||||
|
||||
@@ -8,15 +8,15 @@
|
||||
|
||||
import AuthenticationServices
|
||||
|
||||
/// Presents a web authentication session for an OIDC request.
|
||||
/// Presents a web authentication session for an OAuth request.
|
||||
///
|
||||
/// In certain instances the URL may require opening an external app instead of using a WAS. Because of this
|
||||
/// it is recommended to not encode the OIDC authentication within any state machines, as there is no guarantee
|
||||
/// it is recommended to not encode the OAuth authentication within any state machines, as there is no guarantee
|
||||
/// that any cancellations/failures will be communicated upwards.
|
||||
@MainActor
|
||||
class OIDCAuthenticationPresenter: NSObject {
|
||||
class OAuthAuthenticationPresenter: NSObject {
|
||||
private let authenticationService: AuthenticationServiceProtocol
|
||||
private let oidcRedirectURL: URL
|
||||
private let redirectURL: URL
|
||||
private let presentationAnchor: UIWindow
|
||||
private let appMediator: AppMediatorProtocol
|
||||
private let userIndicatorController: UserIndicatorControllerProtocol
|
||||
@@ -36,12 +36,12 @@ class OIDCAuthenticationPresenter: NSObject {
|
||||
private var activeRequest: Request?
|
||||
|
||||
init(authenticationService: AuthenticationServiceProtocol,
|
||||
oidcRedirectURL: URL,
|
||||
redirectURL: URL,
|
||||
presentationAnchor: UIWindow,
|
||||
appMediator: AppMediatorProtocol,
|
||||
userIndicatorController: UserIndicatorControllerProtocol) {
|
||||
self.authenticationService = authenticationService
|
||||
self.oidcRedirectURL = oidcRedirectURL
|
||||
self.redirectURL = redirectURL
|
||||
self.presentationAnchor = presentationAnchor
|
||||
self.appMediator = appMediator
|
||||
self.userIndicatorController = userIndicatorController
|
||||
@@ -53,11 +53,11 @@ class OIDCAuthenticationPresenter: NSObject {
|
||||
/// **Note:** The failure case cannot be relied upon as a signal that the authentication has ended.
|
||||
/// In particular if the authentication URL requires opening an external app, then the user may return
|
||||
/// to the app without completing (or cancelling) the authentication.
|
||||
func authenticate(using oidcData: OIDCAuthorizationDataProxy) async -> Result<UserSessionProtocol, AuthenticationServiceError> {
|
||||
func authenticate(using oAuthData: OAuthAuthorizationDataProxy) async -> Result<UserSessionProtocol, AuthenticationServiceError> {
|
||||
let response = await withCheckedContinuation { continuation in
|
||||
let authenticationURL = oidcData.url
|
||||
let authenticationURL = oAuthData.url
|
||||
|
||||
let session = ASWebAuthenticationSession(url: authenticationURL, callback: .oidcRedirectURL(oidcRedirectURL)) { url, error in
|
||||
let session = ASWebAuthenticationSession(url: authenticationURL, callback: .oAuthRedirectURL(redirectURL)) { url, error in
|
||||
MXLog.info("Handling callback from the session.")
|
||||
continuation.resume(returning: Response(url: url, isExternal: false, error: error))
|
||||
}
|
||||
@@ -86,30 +86,30 @@ class OIDCAuthenticationPresenter: NSObject {
|
||||
|
||||
guard let url = response.url else {
|
||||
// Check for user cancellation (on the WAS sheet) to avoid showing an alert in that instance.
|
||||
if response.error?.isOIDCUserCancellation == true {
|
||||
if response.error?.isOAuthUserCancellation == true {
|
||||
// No need to show an error here, just abort and return a failure.
|
||||
await authenticationService.abortOIDCLogin(data: oidcData)
|
||||
return .failure(.oidcError(.userCancellation))
|
||||
await authenticationService.abortOAuthLogin(data: oAuthData)
|
||||
return .failure(.oAuthError(.userCancellation))
|
||||
}
|
||||
|
||||
let errorDescription = response.error.map(String.init(describing:)) ?? "Unknown error"
|
||||
MXLog.error("Missing callback URL from the web authentication session: \(errorDescription)")
|
||||
|
||||
showFailureIndicator()
|
||||
await authenticationService.abortOIDCLogin(data: oidcData)
|
||||
return .failure(.oidcError(.unknown))
|
||||
await authenticationService.abortOAuthLogin(data: oAuthData)
|
||||
return .failure(.oAuthError(.unknown))
|
||||
}
|
||||
|
||||
// Exchanging the callback with the homeserver can be slow, so show the loading indicator while we wait (the modal has already been dismissed).
|
||||
startLoading(delay: .milliseconds(50)) // Small delay to handle a cancellation callback without the indicator showing.
|
||||
defer { stopLoading() }
|
||||
|
||||
switch await authenticationService.loginWithOIDCCallback(url) {
|
||||
switch await authenticationService.loginWithOAuthCallback(url) {
|
||||
case .success(let userSession):
|
||||
return .success(userSession)
|
||||
case .failure(.oidcError(.userCancellation)): // Check for user cancellation (on the MAS web page)
|
||||
case .failure(.oAuthError(.userCancellation)): // Check for user cancellation (on the MAS web page)
|
||||
// No need to show an error here, just return the failure.
|
||||
return .failure(.oidcError(.userCancellation))
|
||||
return .failure(.oAuthError(.userCancellation))
|
||||
case .failure(let error):
|
||||
MXLog.error("Error occurred: \(error)")
|
||||
showFailureIndicator()
|
||||
@@ -163,20 +163,20 @@ class OIDCAuthenticationPresenter: NSObject {
|
||||
|
||||
// MARK: ASWebAuthenticationPresentationContextProviding
|
||||
|
||||
extension OIDCAuthenticationPresenter: ASWebAuthenticationPresentationContextProviding {
|
||||
extension OAuthAuthenticationPresenter: ASWebAuthenticationPresentationContextProviding {
|
||||
func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
|
||||
presentationAnchor
|
||||
}
|
||||
}
|
||||
|
||||
extension ASWebAuthenticationSession.Callback {
|
||||
static func oidcRedirectURL(_ url: URL) -> Self {
|
||||
static func oAuthRedirectURL(_ url: URL) -> Self {
|
||||
if url.scheme == "https", let host = url.host() {
|
||||
.https(host: host, path: url.path())
|
||||
} else if let scheme = url.scheme {
|
||||
.customScheme(scheme)
|
||||
} else {
|
||||
fatalError("Invalid OIDC redirect URL: \(url)")
|
||||
fatalError("Invalid OAuth redirect URL: \(url)")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -184,7 +184,7 @@ extension ASWebAuthenticationSession.Callback {
|
||||
// MARK: - Helpers
|
||||
|
||||
extension Error {
|
||||
var isOIDCUserCancellation: Bool {
|
||||
var isOAuthUserCancellation: Bool {
|
||||
let nsError = self as NSError
|
||||
|
||||
if nsError.domain == ASWebAuthenticationSessionErrorDomain,
|
||||
@@ -17,7 +17,7 @@ struct ServerConfirmationScreenCoordinatorParameters {
|
||||
}
|
||||
|
||||
enum ServerConfirmationScreenCoordinatorAction {
|
||||
case continueWithOIDC(data: OIDCAuthorizationDataProxy, window: UIWindow)
|
||||
case continueWithOAuth(data: OAuthAuthorizationDataProxy, window: UIWindow)
|
||||
case continueWithPassword
|
||||
case changeServer
|
||||
}
|
||||
@@ -50,8 +50,8 @@ final class ServerConfirmationScreenCoordinator: CoordinatorProtocol {
|
||||
guard let self else { return }
|
||||
|
||||
switch action {
|
||||
case .continueWithOIDC(let oidcData, let window):
|
||||
actionsSubject.send(.continueWithOIDC(data: oidcData, window: window))
|
||||
case .continueWithOAuth(let oAuthData, let window):
|
||||
actionsSubject.send(.continueWithOAuth(data: oAuthData, window: window))
|
||||
case .continueWithPassword:
|
||||
actionsSubject.send(.continueWithPassword)
|
||||
case .changeServer:
|
||||
|
||||
@@ -9,8 +9,8 @@
|
||||
import SwiftUI
|
||||
|
||||
enum ServerConfirmationScreenViewModelAction {
|
||||
/// Continue the flow using the provided OIDC parameters.
|
||||
case continueWithOIDC(data: OIDCAuthorizationDataProxy, window: UIWindow)
|
||||
/// Continue the flow using the provided OAuth parameters.
|
||||
case continueWithOAuth(data: OAuthAuthorizationDataProxy, window: UIWindow)
|
||||
/// Continue the flow using password authentication.
|
||||
case continueWithPassword
|
||||
/// The user would like to change to a different homeserver.
|
||||
@@ -29,7 +29,7 @@ struct ServerConfirmationScreenViewState: BindableState {
|
||||
var mode: ServerConfirmationScreenMode
|
||||
/// The flow being attempted on the selected homeserver.
|
||||
let authenticationFlow: AuthenticationFlow
|
||||
/// The presentation anchor used for OIDC authentication.
|
||||
/// The presentation anchor used for OAuth authentication.
|
||||
var window: UIWindow?
|
||||
|
||||
var bindings = ServerConfirmationScreenBindings()
|
||||
@@ -76,7 +76,7 @@ struct ServerConfirmationScreenBindings {
|
||||
}
|
||||
|
||||
enum ServerConfirmationScreenViewAction {
|
||||
/// Updates the window used as the OIDC presentation anchor.
|
||||
/// Updates the window used as the OAuth presentation anchor.
|
||||
case updateWindow(UIWindow)
|
||||
/// The user would like to continue with the current homeserver.
|
||||
case confirm
|
||||
|
||||
@@ -133,7 +133,7 @@ class ServerConfirmationScreenViewModel: ServerConfirmationScreenViewModelType,
|
||||
}
|
||||
|
||||
private func fetchLoginURLIfNeededAndContinue() async {
|
||||
guard authenticationService.homeserver.value.loginMode.supportsOIDCFlow else {
|
||||
guard authenticationService.homeserver.value.loginMode.supportsOAuthFlow else {
|
||||
actionsSubject.send(.continueWithPassword)
|
||||
return
|
||||
}
|
||||
@@ -146,9 +146,9 @@ class ServerConfirmationScreenViewModel: ServerConfirmationScreenViewModelType,
|
||||
startLoading() // Uses the same ID, so no need to worry if the indicator already exists
|
||||
defer { stopLoading() }
|
||||
|
||||
switch await authenticationService.urlForOIDCLogin(loginHint: nil) {
|
||||
case .success(let oidcData):
|
||||
actionsSubject.send(.continueWithOIDC(data: oidcData, window: window))
|
||||
switch await authenticationService.urlForOAuthLogin(loginHint: nil) {
|
||||
case .success(let oAuthData):
|
||||
actionsSubject.send(.continueWithOAuth(data: oAuthData, window: window))
|
||||
case .failure:
|
||||
displayError(.unknownError)
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@ enum MockSoftLogoutScreenState: String, CaseIterable {
|
||||
// mock that screen.
|
||||
case emptyPassword
|
||||
case enteredPassword
|
||||
case oidc
|
||||
case oAuth
|
||||
case unsupported
|
||||
case keyBackupNeeded
|
||||
|
||||
@@ -37,9 +37,9 @@ enum MockSoftLogoutScreenState: String, CaseIterable {
|
||||
homeserver: .mockBasicServer,
|
||||
keyBackupNeeded: false,
|
||||
password: "12345678")
|
||||
case .oidc:
|
||||
case .oAuth:
|
||||
return SoftLogoutScreenViewModel(credentials: credentials,
|
||||
homeserver: .mockOIDC,
|
||||
homeserver: .mockOAuth,
|
||||
keyBackupNeeded: false)
|
||||
case .unsupported:
|
||||
return SoftLogoutScreenViewModel(credentials: credentials,
|
||||
|
||||
@@ -46,7 +46,7 @@ final class SoftLogoutScreenCoordinator: CoordinatorProtocol {
|
||||
parameters.authenticationService
|
||||
}
|
||||
|
||||
private var oidcPresenter: OIDCAuthenticationPresenter?
|
||||
private var oAuthPresenter: OAuthAuthenticationPresenter?
|
||||
|
||||
var actions: AnyPublisher<SoftLogoutScreenCoordinatorResult, Never> {
|
||||
actionsSubject.eraseToAnyPublisher()
|
||||
@@ -76,8 +76,8 @@ final class SoftLogoutScreenCoordinator: CoordinatorProtocol {
|
||||
showForgotPasswordScreen()
|
||||
case .clearAllData:
|
||||
actionsSubject.send(.clearAllData)
|
||||
case .continueWithOIDC:
|
||||
continueWithOIDC(presentationAnchor: viewModel.context.viewState.window)
|
||||
case .continueWithOAuth:
|
||||
continueWithOAuth(presentationAnchor: viewModel.context.viewState.window)
|
||||
}
|
||||
}
|
||||
.store(in: &cancellables)
|
||||
@@ -91,13 +91,13 @@ final class SoftLogoutScreenCoordinator: CoordinatorProtocol {
|
||||
AnyView(SoftLogoutScreen(context: viewModel.context))
|
||||
}
|
||||
|
||||
func handleOIDCRedirectURL(_ url: URL) {
|
||||
guard let oidcPresenter else {
|
||||
MXLog.error("Failed to find an OIDC request in progress.")
|
||||
func handleOAuthCallbackURL(_ url: URL) {
|
||||
guard let oAuthPresenter else {
|
||||
MXLog.error("Failed to find an OAuth request in progress.")
|
||||
return
|
||||
}
|
||||
|
||||
oidcPresenter.handleUniversalLinkCallback(url)
|
||||
oAuthPresenter.handleUniversalLinkCallback(url)
|
||||
}
|
||||
|
||||
// MARK: - Private
|
||||
@@ -143,32 +143,32 @@ final class SoftLogoutScreenCoordinator: CoordinatorProtocol {
|
||||
}
|
||||
}
|
||||
|
||||
private func continueWithOIDC(presentationAnchor: UIWindow?) {
|
||||
private func continueWithOAuth(presentationAnchor: UIWindow?) {
|
||||
guard let presentationAnchor else { return }
|
||||
|
||||
startLoading()
|
||||
|
||||
Task {
|
||||
switch await authenticationService.urlForOIDCLogin(loginHint: nil) {
|
||||
switch await authenticationService.urlForOAuthLogin(loginHint: nil) {
|
||||
case .failure(let error):
|
||||
stopLoading()
|
||||
handleError(error)
|
||||
case .success(let oidcData):
|
||||
case .success(let oAuthData):
|
||||
stopLoading()
|
||||
|
||||
let presenter = OIDCAuthenticationPresenter(authenticationService: parameters.authenticationService,
|
||||
oidcRedirectURL: parameters.appSettings.oidcRedirectURL,
|
||||
presentationAnchor: presentationAnchor,
|
||||
appMediator: parameters.appMediator,
|
||||
userIndicatorController: parameters.userIndicatorController)
|
||||
self.oidcPresenter = presenter
|
||||
switch await presenter.authenticate(using: oidcData) {
|
||||
let presenter = OAuthAuthenticationPresenter(authenticationService: parameters.authenticationService,
|
||||
redirectURL: parameters.appSettings.oAuthRedirectURL,
|
||||
presentationAnchor: presentationAnchor,
|
||||
appMediator: parameters.appMediator,
|
||||
userIndicatorController: parameters.userIndicatorController)
|
||||
self.oAuthPresenter = presenter
|
||||
switch await presenter.authenticate(using: oAuthData) {
|
||||
case .success(let userSession):
|
||||
actionsSubject.send(.signedIn(userSession))
|
||||
case .failure(let error):
|
||||
handleError(error)
|
||||
}
|
||||
self.oidcPresenter = nil
|
||||
self.oAuthPresenter = nil
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -180,10 +180,10 @@ final class SoftLogoutScreenCoordinator: CoordinatorProtocol {
|
||||
viewModel.displayError(.alert(L10n.screenLoginErrorInvalidCredentials))
|
||||
case .accountDeactivated:
|
||||
viewModel.displayError(.alert(L10n.screenLoginErrorDeactivatedAccount))
|
||||
case .oidcError(.notSupported):
|
||||
// Temporary alert hijacking the use of .notSupported, can be removed when OIDC support is in the SDK.
|
||||
case .oAuthError(.notSupported):
|
||||
// Temporary alert hijacking the use of .notSupported, can be removed when OAuth support is in the SDK.
|
||||
viewModel.displayError(.alert(L10n.commonServerNotSupported))
|
||||
case .oidcError(.userCancellation):
|
||||
case .oAuthError(.userCancellation):
|
||||
// No need to show an error, the user cancelled authentication.
|
||||
break
|
||||
case .sessionTokenRefreshNotSupported:
|
||||
|
||||
@@ -22,8 +22,8 @@ enum SoftLogoutScreenViewModelAction: CustomStringConvertible {
|
||||
case forgotPassword
|
||||
/// Clear all user data
|
||||
case clearAllData
|
||||
/// Continue using OIDC.
|
||||
case continueWithOIDC
|
||||
/// Continue using OAuth.
|
||||
case continueWithOAuth
|
||||
|
||||
/// A string representation of the result, ignoring any associated values that could leak PII.
|
||||
var description: String {
|
||||
@@ -34,8 +34,8 @@ enum SoftLogoutScreenViewModelAction: CustomStringConvertible {
|
||||
return "forgotPassword"
|
||||
case .clearAllData:
|
||||
return "clearAllData"
|
||||
case .continueWithOIDC:
|
||||
return "continueWithOIDC"
|
||||
case .continueWithOAuth:
|
||||
return "continueWithOAuth"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -58,7 +58,7 @@ struct SoftLogoutScreenViewState: BindableState {
|
||||
homeserver.loginMode
|
||||
}
|
||||
|
||||
/// The presentation anchor used for OIDC authentication.
|
||||
/// The presentation anchor used for OAuth authentication.
|
||||
var window: UIWindow?
|
||||
|
||||
/// Whether to show recover encryption keys message
|
||||
@@ -80,7 +80,7 @@ struct SoftLogoutScreenBindings {
|
||||
}
|
||||
|
||||
enum SoftLogoutScreenViewAction {
|
||||
/// Updates the window used as the OIDC presentation anchor.
|
||||
/// Updates the window used as the OAuth presentation anchor.
|
||||
case updateWindow(UIWindow?)
|
||||
/// Login.
|
||||
case login
|
||||
@@ -88,8 +88,8 @@ enum SoftLogoutScreenViewAction {
|
||||
case forgotPassword
|
||||
/// Clear all user data.
|
||||
case clearAllData
|
||||
/// Continue using OIDC.
|
||||
case continueWithOIDC
|
||||
/// Continue using OAuth.
|
||||
case continueWithOAuth
|
||||
}
|
||||
|
||||
enum SoftLogoutScreenErrorType: Hashable {
|
||||
|
||||
@@ -38,8 +38,8 @@ class SoftLogoutScreenViewModel: SoftLogoutScreenViewModelType, SoftLogoutScreen
|
||||
actionsSubject.send(.forgotPassword)
|
||||
case .clearAllData:
|
||||
actionsSubject.send(.clearAllData)
|
||||
case .continueWithOIDC:
|
||||
actionsSubject.send(.continueWithOIDC)
|
||||
case .continueWithOAuth:
|
||||
actionsSubject.send(.continueWithOAuth)
|
||||
case .updateWindow(let window):
|
||||
guard state.window != window else { return }
|
||||
Task { state.window = window }
|
||||
|
||||
@@ -26,8 +26,8 @@ struct SoftLogoutScreen: View {
|
||||
switch context.viewState.loginMode {
|
||||
case .password:
|
||||
loginForm
|
||||
case .oidc:
|
||||
oidcButton
|
||||
case .oAuth:
|
||||
oAuthButton
|
||||
default:
|
||||
loginUnavailableText
|
||||
}
|
||||
@@ -98,15 +98,15 @@ struct SoftLogoutScreen: View {
|
||||
}
|
||||
}
|
||||
|
||||
/// The OIDC button that can be used for login.
|
||||
var oidcButton: some View {
|
||||
Button { context.send(viewAction: .continueWithOIDC) } label: {
|
||||
/// The OAuth button that can be used for login.
|
||||
var oAuthButton: some View {
|
||||
Button { context.send(viewAction: .continueWithOAuth) } label: {
|
||||
Text(L10n.actionContinue)
|
||||
}
|
||||
.buttonStyle(.compound(.primary))
|
||||
}
|
||||
|
||||
/// Text shown if neither password or OIDC login is supported.
|
||||
/// Text shown if neither password or OAuth login is supported.
|
||||
var loginUnavailableText: some View {
|
||||
Text(L10n.screenLoginErrorUnsupportedAuthentication)
|
||||
.font(.body)
|
||||
|
||||
@@ -24,7 +24,7 @@ enum AuthenticationStartScreenCoordinatorAction {
|
||||
case login
|
||||
case register
|
||||
|
||||
case loginDirectlyWithOIDC(data: OIDCAuthorizationDataProxy, window: UIWindow)
|
||||
case loginDirectlyWithOAuth(data: OAuthAuthorizationDataProxy, window: UIWindow)
|
||||
case loginDirectlyWithPassword(loginHint: String?)
|
||||
|
||||
case reportProblem
|
||||
@@ -65,8 +65,8 @@ final class AuthenticationStartScreenCoordinator: CoordinatorProtocol {
|
||||
case .register:
|
||||
actionsSubject.send(.register)
|
||||
|
||||
case .loginDirectlyWithOIDC(let data, let window):
|
||||
actionsSubject.send(.loginDirectlyWithOIDC(data: data, window: window))
|
||||
case .loginDirectlyWithOAuth(let data, let window):
|
||||
actionsSubject.send(.loginDirectlyWithOAuth(data: data, window: window))
|
||||
case .loginDirectlyWithPassword(let loginHint):
|
||||
actionsSubject.send(.loginDirectlyWithPassword(loginHint: loginHint))
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ enum AuthenticationStartScreenViewModelAction: Equatable {
|
||||
case login
|
||||
case register
|
||||
|
||||
case loginDirectlyWithOIDC(data: OIDCAuthorizationDataProxy, window: UIWindow)
|
||||
case loginDirectlyWithOAuth(data: OAuthAuthorizationDataProxy, window: UIWindow)
|
||||
case loginDirectlyWithPassword(loginHint: String?)
|
||||
|
||||
case reportProblem
|
||||
@@ -21,7 +21,7 @@ enum AuthenticationStartScreenViewModelAction: Equatable {
|
||||
}
|
||||
|
||||
struct AuthenticationStartScreenViewState: BindableState {
|
||||
/// The presentation anchor used for OIDC authentication.
|
||||
/// The presentation anchor used for OAuth authentication.
|
||||
var window: UIWindow?
|
||||
|
||||
let serverName: String?
|
||||
@@ -56,7 +56,7 @@ enum AuthenticationStartScreenAlertType {
|
||||
}
|
||||
|
||||
enum AuthenticationStartScreenViewAction {
|
||||
/// Updates the window used as the OIDC presentation anchor.
|
||||
/// Updates the window used as the OAuth presentation anchor.
|
||||
case updateWindow(UIWindow)
|
||||
case developerOptions
|
||||
case reportProblem
|
||||
|
||||
@@ -144,7 +144,7 @@ class AuthenticationStartScreenViewModel: AuthenticationStartScreenViewModelType
|
||||
}
|
||||
}
|
||||
|
||||
guard authenticationService.homeserver.value.loginMode.supportsOIDCFlow else {
|
||||
guard authenticationService.homeserver.value.loginMode.supportsOAuthFlow else {
|
||||
actionsSubject.send(.loginDirectlyWithPassword(loginHint: loginHint))
|
||||
return
|
||||
}
|
||||
@@ -154,9 +154,9 @@ class AuthenticationStartScreenViewModel: AuthenticationStartScreenViewModelType
|
||||
return
|
||||
}
|
||||
|
||||
switch await authenticationService.urlForOIDCLogin(loginHint: loginHint) {
|
||||
case .success(let oidcData):
|
||||
actionsSubject.send(.loginDirectlyWithOIDC(data: oidcData, window: window))
|
||||
switch await authenticationService.urlForOAuthLogin(loginHint: loginHint) {
|
||||
case .success(let oAuthData):
|
||||
actionsSubject.send(.loginDirectlyWithOAuth(data: oAuthData, window: window))
|
||||
case .failure:
|
||||
displayError()
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import Combine
|
||||
import SwiftUI
|
||||
|
||||
enum EncryptionResetScreenCoordinatorAction {
|
||||
case requestOIDCAuthorisation(URL)
|
||||
case requestOAuthAuthorisation(URL)
|
||||
case requestPassword(passwordPublisher: PassthroughSubject<String, Never>)
|
||||
case resetFinished
|
||||
case cancel
|
||||
@@ -44,8 +44,8 @@ final class EncryptionResetScreenCoordinator: CoordinatorProtocol {
|
||||
|
||||
guard let self else { return }
|
||||
switch action {
|
||||
case .requestOIDCAuthorisation(let url):
|
||||
self.actionsSubject.send(.requestOIDCAuthorisation(url))
|
||||
case .requestOAuthAuthorisation(let url):
|
||||
self.actionsSubject.send(.requestOAuthAuthorisation(url))
|
||||
case .requestPassword(let passwordPublisher):
|
||||
self.actionsSubject.send(.requestPassword(passwordPublisher: passwordPublisher))
|
||||
case .resetFinished:
|
||||
|
||||
@@ -11,7 +11,7 @@ import Foundation
|
||||
|
||||
enum EncryptionResetScreenViewModelAction {
|
||||
case requestPassword(passwordPublisher: PassthroughSubject<String, Never>)
|
||||
case requestOIDCAuthorisation(url: URL)
|
||||
case requestOAuthAuthorisation(url: URL)
|
||||
case resetFinished
|
||||
case cancel
|
||||
}
|
||||
|
||||
@@ -91,9 +91,9 @@ class EncryptionResetScreenViewModel: EncryptionResetScreenViewModelType, Encryp
|
||||
|
||||
hideLoadingIndicator()
|
||||
|
||||
actionsSubject.send(.requestOIDCAuthorisation(url: url))
|
||||
actionsSubject.send(.requestOAuthAuthorisation(url: url))
|
||||
|
||||
await resetWithOIDCAuthorisation()
|
||||
await resetWithOAuthAuthorisation()
|
||||
}
|
||||
case .failure(let error):
|
||||
MXLog.error("Failed resetting encryption with error \(error)")
|
||||
@@ -121,7 +121,7 @@ class EncryptionResetScreenViewModel: EncryptionResetScreenViewModelType, Encryp
|
||||
}
|
||||
}
|
||||
|
||||
private func resetWithOIDCAuthorisation() async {
|
||||
private func resetWithOAuthAuthorisation() async {
|
||||
guard let identityResetHandle else {
|
||||
fatalError("Requested reset flow continuation without a stored handle")
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ enum QRCodeLoginScreenCoordinatorAction: CustomStringConvertible {
|
||||
case startOver
|
||||
case signInManually
|
||||
case signedIn(userSession: UserSessionProtocol)
|
||||
case requestOIDCAuthorisation(URL, OIDCAccountSettingsPresenter.Continuation)
|
||||
case requestOAuthAuthorisation(URL, OAuthAccountSettingsPresenter.Continuation)
|
||||
case linkedDevice
|
||||
/// Cancel the flow (dismiss the modal).
|
||||
case cancel
|
||||
@@ -34,7 +34,7 @@ enum QRCodeLoginScreenCoordinatorAction: CustomStringConvertible {
|
||||
case .startOver: "startOver"
|
||||
case .signInManually: "signInManually"
|
||||
case .signedIn: "signedIn"
|
||||
case .requestOIDCAuthorisation: "requestOIDCAuthorisation"
|
||||
case .requestOAuthAuthorisation: "requestOAuthAuthorisation"
|
||||
case .linkedDevice: "linkedDevice"
|
||||
case .cancel: "cancel"
|
||||
}
|
||||
@@ -71,8 +71,8 @@ final class QRCodeLoginScreenCoordinator: CoordinatorProtocol {
|
||||
actionsSubject.send(.startOver)
|
||||
case .signedIn(let userSession):
|
||||
actionsSubject.send(.signedIn(userSession: userSession))
|
||||
case .requestOIDCAuthorisation(let url, let continuation):
|
||||
actionsSubject.send(.requestOIDCAuthorisation(url, continuation))
|
||||
case .requestOAuthAuthorisation(let url, let continuation):
|
||||
actionsSubject.send(.requestOAuthAuthorisation(url, continuation))
|
||||
case .linkedDevice:
|
||||
actionsSubject.send(.linkedDevice)
|
||||
case .cancel:
|
||||
|
||||
@@ -16,7 +16,7 @@ enum QRCodeLoginScreenViewModelAction: CustomStringConvertible {
|
||||
case startOver
|
||||
case signInManually
|
||||
case signedIn(userSession: UserSessionProtocol)
|
||||
case requestOIDCAuthorisation(URL, OIDCAccountSettingsPresenter.Continuation)
|
||||
case requestOAuthAuthorisation(URL, OAuthAccountSettingsPresenter.Continuation)
|
||||
case linkedDevice
|
||||
/// Cancel the flow (dismiss the modal).
|
||||
case cancel
|
||||
@@ -26,7 +26,7 @@ enum QRCodeLoginScreenViewModelAction: CustomStringConvertible {
|
||||
case .startOver: "startOver"
|
||||
case .signInManually: "signInManually"
|
||||
case .signedIn: "signedIn"
|
||||
case .requestOIDCAuthorisation: "requestOIDCAuthorisation"
|
||||
case .requestOAuthAuthorisation: "requestOAuthAuthorisation"
|
||||
case .linkedDevice: "linkedDevice"
|
||||
case .cancel: "cancel"
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ class QRCodeLoginScreenViewModel: QRCodeLoginScreenViewModelType, QRCodeLoginScr
|
||||
}
|
||||
|
||||
private var currentTask: AnyCancellable?
|
||||
private var oidcResultTask: AnyCancellable?
|
||||
private var oAuthResultTask: AnyCancellable?
|
||||
|
||||
init(mode: QRCodeLoginScreenMode,
|
||||
canSignInManually: Bool,
|
||||
@@ -182,7 +182,7 @@ class QRCodeLoginScreenViewModel: QRCodeLoginScreenViewModelType, QRCodeLoginScr
|
||||
case .establishingSecureChannel(let checkCodeString):
|
||||
state.state = .displayCode(.deviceCode(checkCodeString))
|
||||
case .waitingForAuthorisation(let url):
|
||||
requestOIDCAuthorization(url: url)
|
||||
requestOAuthAuthorization(url: url)
|
||||
case .syncingSecrets:
|
||||
break // Nothing to do.
|
||||
case .done:
|
||||
@@ -222,7 +222,7 @@ class QRCodeLoginScreenViewModel: QRCodeLoginScreenViewModelType, QRCodeLoginScr
|
||||
case .qrScanned(let checkCodeSender):
|
||||
state.state = .confirmCode(.inputCode(checkCodeSender))
|
||||
case .waitingForAuthorisation(let url):
|
||||
requestOIDCAuthorization(url: url)
|
||||
requestOAuthAuthorization(url: url)
|
||||
case .syncingSecrets:
|
||||
break // Nothing to do.
|
||||
case .done:
|
||||
@@ -257,11 +257,11 @@ class QRCodeLoginScreenViewModel: QRCodeLoginScreenViewModelType, QRCodeLoginScr
|
||||
}
|
||||
}
|
||||
|
||||
private func requestOIDCAuthorization(url: URL) {
|
||||
let (stream, continuation) = AsyncStream<Result<Void, OIDCError>>.makeStream()
|
||||
actionsSubject.send(.requestOIDCAuthorisation(url, continuation))
|
||||
private func requestOAuthAuthorization(url: URL) {
|
||||
let (stream, continuation) = AsyncStream<Result<Void, OAuthError>>.makeStream()
|
||||
actionsSubject.send(.requestOAuthAuthorisation(url, continuation))
|
||||
|
||||
oidcResultTask = Task { [weak self] in
|
||||
oAuthResultTask = Task { [weak self] in
|
||||
for await result in stream {
|
||||
guard let self else { return }
|
||||
switch result {
|
||||
|
||||
@@ -15,13 +15,13 @@ import AuthenticationServices
|
||||
/// have access to this session, and for some reason `prefersEphemeralWebBrowserSession`
|
||||
/// isn't sharing the session back to Safari.
|
||||
@MainActor
|
||||
class OIDCAccountSettingsPresenter: NSObject {
|
||||
class OAuthAccountSettingsPresenter: NSObject {
|
||||
private let accountURL: URL
|
||||
private let oidcRedirectURL: URL
|
||||
private let redirectURL: URL
|
||||
private let presentationAnchor: UIWindow
|
||||
private let appMediator: AppMediatorProtocol
|
||||
|
||||
typealias Continuation = AsyncStream<Result<Void, OIDCError>>.Continuation
|
||||
typealias Continuation = AsyncStream<Result<Void, OAuthError>>.Continuation
|
||||
private let continuation: Continuation?
|
||||
|
||||
init(accountURL: URL,
|
||||
@@ -30,7 +30,7 @@ class OIDCAccountSettingsPresenter: NSObject {
|
||||
appSettings: AppSettings,
|
||||
continuation: Continuation? = nil) {
|
||||
self.accountURL = accountURL
|
||||
oidcRedirectURL = appSettings.oidcRedirectURL
|
||||
redirectURL = appSettings.oAuthRedirectURL
|
||||
self.presentationAnchor = presentationAnchor
|
||||
self.appMediator = appMediator
|
||||
self.continuation = continuation
|
||||
@@ -40,10 +40,10 @@ class OIDCAccountSettingsPresenter: NSObject {
|
||||
|
||||
/// Presents a web authentication session for the supplied data.
|
||||
func start() {
|
||||
let session = ASWebAuthenticationSession(url: accountURL, callback: .oidcRedirectURL(oidcRedirectURL)) { [continuation] _, error in
|
||||
let session = ASWebAuthenticationSession(url: accountURL, callback: .oAuthRedirectURL(redirectURL)) { [continuation] _, error in
|
||||
guard let continuation else { return }
|
||||
|
||||
if error?.isOIDCUserCancellation == true {
|
||||
if error?.isOAuthUserCancellation == true {
|
||||
continuation.yield(.failure(.userCancellation))
|
||||
} else {
|
||||
let errorDescription = error.map(String.init(describing:)) ?? "Unknown error"
|
||||
@@ -70,7 +70,7 @@ class OIDCAccountSettingsPresenter: NSObject {
|
||||
|
||||
// MARK: ASWebAuthenticationPresentationContextProviding
|
||||
|
||||
extension OIDCAccountSettingsPresenter: ASWebAuthenticationPresentationContextProviding {
|
||||
extension OAuthAccountSettingsPresenter: ASWebAuthenticationPresentationContextProviding {
|
||||
func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
|
||||
presentationAnchor
|
||||
}
|
||||
@@ -73,7 +73,7 @@ class AuthenticationService: AuthenticationServiceProtocol {
|
||||
let loginDetails = await client.homeserverLoginDetails()
|
||||
|
||||
homeserver.loginMode = if loginDetails.supportsOauthLogin() {
|
||||
.oidc(supportsCreatePrompt: loginDetails.supportedOauthPrompts().contains(.create))
|
||||
.oAuth(supportsCreatePrompt: loginDetails.supportedOauthPrompts().contains(.create))
|
||||
} else if loginDetails.supportsPasswordLogin() {
|
||||
.password
|
||||
} else {
|
||||
@@ -83,7 +83,7 @@ class AuthenticationService: AuthenticationServiceProtocol {
|
||||
if flow == .login, homeserver.loginMode == .unsupported {
|
||||
return .failure(.loginNotSupported)
|
||||
}
|
||||
if flow == .register, !homeserver.loginMode.supportsOIDCFlow {
|
||||
if flow == .register, !homeserver.loginMode.supportsOAuthFlow {
|
||||
return .failure(.registrationNotSupported)
|
||||
}
|
||||
|
||||
@@ -105,39 +105,39 @@ class AuthenticationService: AuthenticationServiceProtocol {
|
||||
}
|
||||
}
|
||||
|
||||
func urlForOIDCLogin(loginHint: String?) async -> Result<OIDCAuthorizationDataProxy, AuthenticationServiceError> {
|
||||
guard let client else { return .failure(.oidcError(.urlFailure)) }
|
||||
func urlForOAuthLogin(loginHint: String?) async -> Result<OAuthAuthorizationDataProxy, AuthenticationServiceError> {
|
||||
guard let client else { return .failure(.oAuthError(.urlFailure)) }
|
||||
do {
|
||||
// The create prompt is broken: https://github.com/element-hq/matrix-authentication-service/issues/3429
|
||||
// let prompt: OidcPrompt = flow == .register ? .create : .consent
|
||||
let oidcData = try await client.urlForOauth(oauthConfiguration: appSettings.oidcConfiguration.rustValue,
|
||||
prompt: .consent,
|
||||
loginHint: loginHint,
|
||||
deviceId: nil,
|
||||
additionalScopes: nil)
|
||||
return .success(OIDCAuthorizationDataProxy(underlyingData: oidcData))
|
||||
// let prompt: OAuthPrompt = flow == .register ? .create : .consent
|
||||
let oAuthData = try await client.urlForOauth(oauthConfiguration: appSettings.oAuthConfiguration.rustValue,
|
||||
prompt: .consent,
|
||||
loginHint: loginHint,
|
||||
deviceId: nil,
|
||||
additionalScopes: nil)
|
||||
return .success(OAuthAuthorizationDataProxy(underlyingData: oAuthData))
|
||||
} catch {
|
||||
MXLog.error("Failed to get URL for OIDC login: \(error)")
|
||||
return .failure(.oidcError(.urlFailure))
|
||||
MXLog.error("Failed to get URL for OAuth login: \(error)")
|
||||
return .failure(.oAuthError(.urlFailure))
|
||||
}
|
||||
}
|
||||
|
||||
func abortOIDCLogin(data: OIDCAuthorizationDataProxy) async {
|
||||
func abortOAuthLogin(data: OAuthAuthorizationDataProxy) async {
|
||||
guard let client else { return }
|
||||
MXLog.info("Aborting OIDC login.")
|
||||
MXLog.info("Aborting OAuth login.")
|
||||
await client.abortOauthAuth(authorizationData: data.underlyingData)
|
||||
}
|
||||
|
||||
func loginWithOIDCCallback(_ callbackURL: URL) async -> Result<UserSessionProtocol, AuthenticationServiceError> {
|
||||
func loginWithOAuthCallback(_ callbackURL: URL) async -> Result<UserSessionProtocol, AuthenticationServiceError> {
|
||||
guard let client else { return .failure(.failedLoggingIn) }
|
||||
do {
|
||||
try await client.loginWithOauthCallback(callbackUrl: callbackURL.absoluteString)
|
||||
await verifyClientIfPossible(client: client)
|
||||
return await userSession(for: client)
|
||||
} catch OAuthError.Cancelled {
|
||||
return .failure(.oidcError(.userCancellation))
|
||||
} catch MatrixRustSDK.OAuthError.Cancelled {
|
||||
return .failure(.oAuthError(.userCancellation))
|
||||
} catch {
|
||||
MXLog.error("Login with OIDC failed: \(error)")
|
||||
MXLog.error("Login with OAuth failed: \(error)")
|
||||
return .failure(.failedLoggingIn)
|
||||
}
|
||||
}
|
||||
@@ -149,7 +149,7 @@ class AuthenticationService: AuthenticationServiceProtocol {
|
||||
|
||||
let refreshToken = try? client.session().refreshToken
|
||||
if refreshToken != nil {
|
||||
MXLog.warning("Refresh token found for a non oidc session, can't restore session, logging out")
|
||||
MXLog.warning("Refresh token found for a non OAuth session, can't restore session, logging out")
|
||||
_ = try? await client.logout()
|
||||
return .failure(.sessionTokenRefreshNotSupported)
|
||||
}
|
||||
@@ -206,7 +206,7 @@ class AuthenticationService: AuthenticationServiceProtocol {
|
||||
Task {
|
||||
do {
|
||||
let client = try await makeClient(homeserverAddress: scannedServerNameOrBaseUrl)
|
||||
let qrCodeHandler = client.newLoginWithQrCodeHandler(oauthConfiguration: appSettings.oidcConfiguration.rustValue)
|
||||
let qrCodeHandler = client.newLoginWithQrCodeHandler(oauthConfiguration: appSettings.oAuthConfiguration.rustValue)
|
||||
try await qrCodeHandler.scan(qrCodeData: qrData, progressListener: listener)
|
||||
|
||||
// Since the QR code login flow includes verification.
|
||||
@@ -273,7 +273,7 @@ class AuthenticationService: AuthenticationServiceProtocol {
|
||||
// MARK: - Classic App
|
||||
|
||||
/// Populates the Classic app account's state by checking whether the account's homeserver is supported
|
||||
/// (has Sliding Sync and OIDC or password login) and whether all of the required secrets are available.
|
||||
/// (has Sliding Sync and OAuth or password login) and whether all of the required secrets are available.
|
||||
func setupClassicAppAccountState() async {
|
||||
guard let classicAppAccount, classicAppAccount.state.isServerSupported == nil else { return }
|
||||
MXLog.info("Checking Classic app account: \(classicAppAccount)")
|
||||
|
||||
@@ -19,8 +19,8 @@ enum AuthenticationFlow {
|
||||
}
|
||||
|
||||
enum AuthenticationServiceError: Error, Equatable {
|
||||
/// An error occurred during OIDC authentication.
|
||||
case oidcError(OIDCError)
|
||||
/// An error occurred during OAuth authentication.
|
||||
case oAuthError(OAuthError)
|
||||
/// An error occurred during login with QR Code.
|
||||
case qrCodeError(QRCodeLoginError)
|
||||
|
||||
@@ -46,12 +46,12 @@ protocol AuthenticationServiceProtocol: QRCodeLoginServiceProtocol {
|
||||
|
||||
/// Sets up the service for login on the specified homeserver address.
|
||||
func configure(for homeserverAddress: String, flow: AuthenticationFlow) async -> Result<Void, AuthenticationServiceError>
|
||||
/// Performs login using OIDC for the current homeserver.
|
||||
func urlForOIDCLogin(loginHint: String?) async -> Result<OIDCAuthorizationDataProxy, AuthenticationServiceError>
|
||||
/// Asks the SDK to abort an ongoing OIDC login if we didn't get a callback to complete the request with.
|
||||
func abortOIDCLogin(data: OIDCAuthorizationDataProxy) async
|
||||
/// Completes an OIDC login that was started using ``urlForOIDCLogin``.
|
||||
func loginWithOIDCCallback(_ callbackURL: URL) async -> Result<UserSessionProtocol, AuthenticationServiceError>
|
||||
/// Performs login using OAuth for the current homeserver.
|
||||
func urlForOAuthLogin(loginHint: String?) async -> Result<OAuthAuthorizationDataProxy, AuthenticationServiceError>
|
||||
/// Asks the SDK to abort an ongoing OAuth login if we didn't get a callback to complete the request with.
|
||||
func abortOAuthLogin(data: OAuthAuthorizationDataProxy) async
|
||||
/// Completes an OAuth login that was started using ``urlForOAuthLogin``.
|
||||
func loginWithOAuthCallback(_ callbackURL: URL) async -> Result<UserSessionProtocol, AuthenticationServiceError>
|
||||
/// Performs a password login using the current homeserver.
|
||||
func login(username: String, password: String, initialDeviceName: String?, deviceID: String?) async -> Result<UserSessionProtocol, AuthenticationServiceError>
|
||||
|
||||
@@ -70,25 +70,25 @@ protocol AuthenticationServiceProtocol: QRCodeLoginServiceProtocol {
|
||||
func refreshClassicAppAccountState() async
|
||||
}
|
||||
|
||||
// MARK: - OIDC
|
||||
// MARK: - OAuth
|
||||
|
||||
enum OIDCError: Error {
|
||||
enum OAuthError: Error {
|
||||
/// Failed to get the URL that should be presented for login.
|
||||
case urlFailure
|
||||
/// The user cancelled the login.
|
||||
case userCancellation
|
||||
/// OIDC isn't supported on the currently configured server.
|
||||
/// OAuth isn't supported on the currently configured server.
|
||||
case notSupported
|
||||
/// An unknown error occurred.
|
||||
case unknown
|
||||
}
|
||||
|
||||
struct OIDCAuthorizationDataProxy: Hashable {
|
||||
struct OAuthAuthorizationDataProxy: Hashable {
|
||||
let underlyingData: OAuthAuthorizationData
|
||||
|
||||
var url: URL {
|
||||
guard let url = URL(string: underlyingData.loginUrl()) else {
|
||||
fatalError("OIDC login URL hasn't been validated.")
|
||||
fatalError("OAuth login URL hasn't been validated.")
|
||||
}
|
||||
return url
|
||||
}
|
||||
|
||||
@@ -405,7 +405,7 @@ class ClientProxy: ClientProxyProtocol {
|
||||
Task {
|
||||
await syncService.start()
|
||||
|
||||
// If we are using OIDC we want to cache the account management URL in volatile memory on the SDK side.
|
||||
// If we are using OAuth we want to cache the account management URL in volatile memory on the SDK side.
|
||||
// To avoid the cache being invalidated while the app is backgrounded, we cache at every sync start.
|
||||
await cacheAccountURL()
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ extension MatrixRustSDK.Session: @retroactive Codable {
|
||||
userId: container.decode(String.self, forKey: .userId),
|
||||
deviceId: container.decode(String.self, forKey: .deviceId),
|
||||
homeserverUrl: container.decode(String.self, forKey: .homeserverUrl),
|
||||
oauthData: container.decodeIfPresent(String.self, forKey: .oidcData),
|
||||
oauthData: container.decodeIfPresent(String.self, forKey: .oauthData),
|
||||
slidingSyncVersion: .native)
|
||||
}
|
||||
|
||||
@@ -88,10 +88,11 @@ extension MatrixRustSDK.Session: @retroactive Codable {
|
||||
try container.encode(userId, forKey: .userId)
|
||||
try container.encode(deviceId, forKey: .deviceId)
|
||||
try container.encode(homeserverUrl, forKey: .homeserverUrl)
|
||||
try container.encode(oauthData, forKey: .oidcData)
|
||||
try container.encode(oauthData, forKey: .oauthData)
|
||||
}
|
||||
|
||||
enum CodingKeys: String, CodingKey {
|
||||
case accessToken, refreshToken, userId, deviceId, homeserverUrl, oidcData, slidingSyncProxy
|
||||
case accessToken, refreshToken, userId, deviceId, homeserverUrl, slidingSyncProxy
|
||||
case oauthData = "oidcData" // We're using the name from before the MSC was stabilised.
|
||||
}
|
||||
}
|
||||
|
||||
@@ -134,7 +134,7 @@ class MockScreen: Identifiable {
|
||||
allowOtherAccountProviders: false,
|
||||
hideBrandChrome: false,
|
||||
pushGatewayBaseURL: appSettings.pushGatewayBaseURL,
|
||||
oidcRedirectURL: appSettings.oidcRedirectURL,
|
||||
oAuthRedirectURL: appSettings.oAuthRedirectURL,
|
||||
websiteURL: appSettings.websiteURL,
|
||||
logoURL: appSettings.logoURL,
|
||||
copyrightURL: appSettings.copyrightURL,
|
||||
@@ -773,7 +773,7 @@ class MockScreen: Identifiable {
|
||||
switch action {
|
||||
case .dismiss:
|
||||
navigationRootCoordinator.setSheetCoordinator(nil)
|
||||
case .requestOIDCAuthorisation:
|
||||
case .requestOAuthAuthorisation:
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user