在iOS上使用OAuth2进行身份验证 [英] Authenticating with OAuth2 on iOS

问题描述

我目前正在尝试使用OAuth2授权我的用户。我目前正在使用以下库： https://github.com/p2/OAuth2

I am currently trying to authorize my users with OAuth2. I am currently using the following library: https://github.com/p2/OAuth2

let oauth2 = OAuth2CodeGrant(settings: [
        "client_id": "my-id",
        "authorize_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://www.googleapis.com/oauth2/v3/token",
        "scope": "profile",     // depends on the API you use
        "redirect_uris": ["com.TestAuthorizeApp:/oauth2Callback"],
        ])

    //let oauth2 = OAuth2CodeGrant(settings: settings)
    oauth2.onAuthorize = { parameters in
        print("Did authorize with parameters: \(parameters)")
    }
    oauth2.onFailure = { error in        // `error` is nil on cancel
        if let error = error {
            print("Authorization went wrong: \(error)")
        }
    }

    oauth2.authConfig.authorizeEmbedded = false
    oauth2.authorize()

当我运行它时，它会在浏览器中加载谷歌，我能够登录。然后它询问我在范围内声明的权限，并且工作正常。我点击确定打开它将我重定向回我的应用程序。

When I run this it loads up google in the browser and I am able to sign in. It then asks me about the permissions I have declared in the scope and that works fine. I click ok open and it redirects me back to my app.

然而，当我再次运行此代码时，我希望访问令牌已存储在密钥链中。但是这似乎没有用。

However when I run this code again I am expecting that the access token has been stored in the key chain. However this doesn't seem to be working.

我查看了源代码并找到了以下检查： tryToObtainAccessTokenIfNeeded 总是返回false。这意味着我再次获取页面，我需要点击允许。

I have looked inside the source code and found the following check: tryToObtainAccessTokenIfNeeded which always returns false. This means I get the page again where I need to click 'Allow'.

我想知道是否有人可以帮我弄清楚为什么它不会在钥匙串中保存任何东西。这也意味着用户并未真正通过身份验证吗？

I was wondering if someone could help me figure out why it's not saving anything in the keychain. Also does this mean the user is not really being authenticated?

谢谢。

===

编辑

已添加 oauth2.verbose = true 根据Pascal的评论。我得到以下输出。

Have added oauth2.verbose = true as per Pascal's comment. I get the following output.

 OAuth2: Looking for items in keychain
 OAuth2: No access token, maybe I can refresh
 OAuth2: I don't have a refresh token, not trying to refresh

其中是我认为发生的事情。但是我仍然不确定它为什么不在钥匙串中保存/找到任何东西。

Which is what I thought was happening. However I am still unsure as to why it's not saving / finding anything in the keychain.

=====

编辑2

事实证明，我实际上根本没有获得访问令牌。请参阅此对话： https://github.com/p2/OAuth2/issues/109和我的答案如下。

It turns out that I wasn't actually getting an access token back at all. Please see this conversation: https://github.com/p2/OAuth2/issues/109 and my answer below.

推荐答案

在Pascal的帮助下： https://github.com/p2/OAuth2/issues/109 我设法让它运转起来。事实证明我没有实施步骤：'3授权用户'，因为我应该这样做。

With the help from Pascal here: https://github.com/p2/OAuth2/issues/109 I have managed to get it working. Turns out that I wasn't implementing step: '3 Authorize the User' as I should have been.

所以完整的解决方案是：

So a complete solution is:

在我的视图控制器中我有以下内容：

Inside my view controller I have the following:

let OAuth2AppDidReceiveCallbackNotification = "OAuth2AppDidReceiveCallback"

override func viewDidLoad() {
    super.viewDidLoad()

    // This notification is for handling step 3 in guide.
    NSNotificationCenter.defaultCenter().addObserver(self, selector: #selector(ViewController.handleRedirect(_:)), name: OAuth2AppDidReceiveCallbackNotification, object: nil)
}

func authoriseUser {
    let oauth2 = OAuth2CodeGrant(settings: [
        "client_id": "my-id", // Use own client_id here
        "authorize_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://www.googleapis.com/oauth2/v3/token",
        "scope": "profile",     // depends on the API you use
        "redirect_uris": ["com.TestAuthorizeApp:/oauth2Callback"],
        ])

     //let oauth2 = OAuth2CodeGrant(settings: settings)
     oauth2.onAuthorize = { parameters in
        print("Did authorize with parameters: \(parameters)")
     }
     oauth2.onFailure = { error in        // `error` is nil on cancel
         if let error = error {
             print("Authorization went wrong: \(error)")
         }
     }

     oauth2.authConfig.authorizeEmbedded = false
     oauth2.authorize()
 }

// This method gets called by notification and is the last thing we need to do to get our access token. 
func handleRedirect(notification: NSNotification) {
    oauth2.handleRedirectURL(notification.object as! NSURL)
}

以上代码应处理将您发送到您可以登录的Google网页，然后点击允许。

The above code should handle sending you to the google web page where you can log in and then click allow.

现在您需要处理在应用委托中返回应用的处理：

Now you need to handle returning to the app in the app delegate:

 let OAuth2AppDidReceiveCallbackNotification = "OAuth2AppDidReceiveCallback"

 func application(application: UIApplication,
                 openURL url: NSURL,
                         sourceApplication: String?,
                         annotation: AnyObject) -> Bool {
    // you should probably first check if this is your URL being opened
    NSNotificationCenter.defaultCenter().postNotificationName(OAuth2AppDidReceiveCallbackNotification, object: url)

    return true
}

希望这可以帮助其他可能在尝试获取访问令牌时遇到问题的人。

Hopefully this will help anyone else who might be having issues trying to get an access token.

这篇关于在iOS上使用OAuth2进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！