NetIQ Mobile SDK for iOS  2.0
Access Manager iOS Framework for OAuth & OIDC
OIDAuthorizationRequest Class Reference

Represents an authorization request. More...

#import <OIDAuthorizationRequest.h>

Inherits NSObject, <NSCopying>, and <NSSecureCoding>.

Instance Methods

(instancetype) - NS_UNAVAILABLE
 
(instancetype) - initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:
 Creates an authorization request with opinionated defaults (a secure state, and PKCE with S256 as the code_challenge_method). More...
 
(instancetype) - initWithConfiguration:clientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:
 Creates an authorization request with opinionated defaults (a secure state, and PKCE with S256 as the code_challenge_method). More...
 
(instancetype) - initWithConfiguration:clientId:clientSecret:scope:redirectURL:responseType:state:codeVerifier:codeChallenge:codeChallengeMethod:additionalParameters:
 Designated initializer. More...
 
(NSURL *) - authorizationRequestURL
 Constructs the request URI by adding the request parameters to the query component of the authorization endpoint URI using the "application/x-www-form-urlencoded" format. More...
 

Class Methods

(nullable NSString *) + generateState
 Generates an OAuth state param using a random source. More...
 
(nullable NSString *) + generateCodeVerifier
 Constructs a PKCE-compliant code verifier. More...
 
(nullable NSString *) + codeChallengeS256ForVerifier:
 Creates a PKCE S256 codeChallenge from the codeVerifier. More...
 

Properties

OIDServiceConfigurationconfiguration
 The service's configuration. More...
 
NSString * responseType
 The expected response type. More...
 
NSString * clientID
 The client identifier. More...
 
NSString * clientSecret
 The client secret. More...
 
NSString * scope
 The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. More...
 
NSURL * redirectURL
 The client's redirect URI. More...
 
NSString * state
 An opaque value used by the client to maintain state between the request and callback. More...
 
NSString * codeVerifier
 The PKCE code verifier. More...
 
NSString * codeChallenge
 The PKCE code challenge, derived from codeVerifier. More...
 
NSString * codeChallengeMethod
 The method used to compute the codeChallenge. More...
 
NSDictionary< NSString *, NSString * > * additionalParameters
 The client's additional authorization parameters. More...
 

Detailed Description

Method Documentation

◆ authorizationRequestURL()

- (NSURL *) authorizationRequestURL

Constructs the request URI by adding the request parameters to the query component of the authorization endpoint URI using the "application/x-www-form-urlencoded" format.

Returns
A URL representing the authorization request.
See also
https://tools.ietf.org/html/rfc6749#section-4.1.1

◆ codeChallengeS256ForVerifier:()

+ (nullable NSString *) codeChallengeS256ForVerifier: (nullable NSString *)  codeVerifier

Creates a PKCE S256 codeChallenge from the codeVerifier.

Parameters
codeVerifierThe code verifier from which the code challenge will be derived.
Returns
The generated code challenge.

Generate a secure code verifier to pass into this method with generateCodeVerifier. The matching codeChallengeMethod for codeChallenges created by this method is OIDOAuthorizationRequestCodeChallengeMethodS256.

See also
https://tools.ietf.org/html/rfc7636#section-4.1

◆ generateCodeVerifier()

+ (nullable NSString *) generateCodeVerifier

Constructs a PKCE-compliant code verifier.

Returns
The generated code verifier.
See also
https://tools.ietf.org/html/rfc7636#section-4.1

◆ generateState()

+ (nullable NSString *) generateState

Generates an OAuth state param using a random source.

Returns
The generated state.
See also
https://tools.ietf.org/html/rfc6819#section-5.3.5

◆ initWithConfiguration:clientId:clientSecret:scope:redirectURL:responseType:state:codeVerifier:codeChallenge:codeChallengeMethod:additionalParameters:()

- (instancetype) initWithConfiguration: (OIDServiceConfiguration *)  configuration
clientId: (NSString *)  clientID
clientSecret: (nullable NSString *)  clientSecret
scope: (nullable NSString *)  scope
redirectURL: (nullable NSURL *)  redirectURL
responseType: (NSString *)  responseType
state: (nullable NSString *)  state
codeVerifier: (nullable NSString *)  codeVerifier
codeChallenge: (nullable NSString *)  codeChallenge
codeChallengeMethod: (nullable NSString *)  codeChallengeMethod
additionalParameters: (nullable NSDictionary< NSString *, NSString * > *)  NS_DESIGNATED_INITIALIZER 

Designated initializer.

Parameters
configurationThe service's configuration.
clientIDThe client identifier.
scopeA scope string per the OAuth2 spec (a space-delimited set of scopes).
redirectURLThe client's redirect URI.
responseTypeThe expected response type.
stateAn opaque value used by the client to maintain state between the request and callback.
codeVerifierThe PKCE code verifier. See generateCodeVerifier.
codeChallengeThe PKCE code challenge, calculated from the code verifier such as with codeChallengeS256ForVerifier:.
codeChallengeMethodThe PKCE code challenge method. OIDOAuthorizationRequestCodeChallengeMethodS256 when codeChallengeS256ForVerifier: is used to create the code challenge.
additionalParametersThe client's additional authorization parameters.

◆ initWithConfiguration:clientId:clientSecret:scopes:redirectURL:responseType:additionalParameters:()

- (instancetype) initWithConfiguration: (OIDServiceConfiguration *)  configuration
clientId: (NSString *)  clientID
clientSecret: (nullable NSString *)  clientSecret
scopes: (nullable NSArray< NSString * > *)  scopes
redirectURL: (NSURL *)  redirectURL
responseType: (NSString *)  responseType
additionalParameters: (nullable NSDictionary< NSString *, NSString * > *)  additionalParameters 

Creates an authorization request with opinionated defaults (a secure state, and PKCE with S256 as the code_challenge_method).

Parameters
configurationThe service's configuration.
clientIDThe client identifier.
clientSecretThe client secret.
scopesAn array of scopes to combine into a single scope string per the OAuth2 spec.
redirectURLThe client's redirect URI.
responseTypeThe expected response type.
additionalParametersThe client's additional authorization parameters.
Remarks
This convenience initializer generates a state parameter and PKCE challenges automatically.

◆ initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:()

- (instancetype) initWithConfiguration: (OIDServiceConfiguration *)  configuration
clientId: (NSString *)  clientID
scopes: (nullable NSArray< NSString * > *)  scopes
redirectURL: (NSURL *)  redirectURL
responseType: (NSString *)  responseType
additionalParameters: (nullable NSDictionary< NSString *, NSString * > *)  additionalParameters 

Creates an authorization request with opinionated defaults (a secure state, and PKCE with S256 as the code_challenge_method).

Parameters
configurationThe service's configuration.
clientIDThe client identifier.
scopesAn array of scopes to combine into a single scope string per the OAuth2 spec.
redirectURLThe client's redirect URI.
responseTypeThe expected response type.
additionalParametersThe client's additional authorization parameters.
Remarks
This convenience initializer generates a state parameter and PKCE challenges automatically.

Property Documentation

◆ additionalParameters

- (NSDictionary<NSString *, NSString *>*) additionalParameters
readnonatomicassign

The client's additional authorization parameters.

See also
https://tools.ietf.org/html/rfc6749#section-3.1

◆ clientID

- (NSString*) clientID
readnonatomicassign

The client identifier.

Remarks
client_id
See also
https://tools.ietf.org/html/rfc6749#section-2.2

◆ clientSecret

- (NSString*) clientSecret
readnonatomicassign

The client secret.

Remarks
client_secret The client secret is used to prove that identity of the client when exchaning an authorization code for an access token. The client secret is not passed in the authorizationRequestURL. It is only used when exchanging the authorization code for an access token.
See also
https://tools.ietf.org/html/rfc6749#section-2.3.1

◆ codeChallenge

- (NSString*) codeChallenge
readnonatomicassign

The PKCE code challenge, derived from codeVerifier.

Remarks
code_challenge
See also
https://tools.ietf.org/html/rfc7636#section-4.2

◆ codeChallengeMethod

- (NSString*) codeChallengeMethod
readnonatomicassign

The method used to compute the codeChallenge.

Remarks
code_challenge_method
See also
https://tools.ietf.org/html/rfc7636#section-4.3

◆ codeVerifier

- (NSString*) codeVerifier
readnonatomicassign

The PKCE code verifier.

Remarks
code_verifier The code verifier itself is not included in the authorization request that is sent on the wire, but needs to be in the token exchange request. tokenExchangeRequest (OIDAuthorizationResponse) will create a OIDTokenRequest that includes this parameter automatically.
See also
https://tools.ietf.org/html/rfc7636#section-4.1

◆ configuration

- (OIDServiceConfiguration*) configuration
readnonatomicassign

The service's configuration.

Remarks
This configuration specifies how to connect to a particular OAuth provider. Configurations may be created manually, or via an OpenID Connect Discovery Document.

◆ redirectURL

- (NSURL*) redirectURL
readnonatomicassign

The client's redirect URI.

Remarks
redirect_uri
See also
https://tools.ietf.org/html/rfc6749#section-3.1.2

◆ responseType

- (NSString*) responseType
readnonatomicassign

The expected response type.

Remarks
response_type Generally 'code' if pure OAuth, otherwise a space-delimited list of of response types including 'code', 'token', and 'id_token' for OpenID Connect.
See also
https://tools.ietf.org/html/rfc6749#section-3.1.1
http://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3

◆ scope

- (NSString*) scope
readnonatomicassign

The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings.

Remarks
scope
See also
https://tools.ietf.org/html/rfc6749#section-3.3

◆ state

- (NSString*) state
readnonatomicassign

An opaque value used by the client to maintain state between the request and callback.

Remarks
state If this value is not explicitly set, this library will automatically add state and perform appropriate validation of the state in the authorization response. It is recommended that the default implementation of this parameter be used wherever possible. Typically used to prevent CSRF attacks, as recommended in RFC6819 Section 5.3.5.
See also
https://tools.ietf.org/html/rfc6749#section-4.1.1
https://tools.ietf.org/html/rfc6819#section-5.3.5

The documentation for this class was generated from the following file: