Update for PKCE

Podfile

@@ -5,6 +5,6 @@ platform :ios, '9.0'
 use_frameworks!
 
 target 'SingleSignOn' do
-    pod 'Alamofire'
-    pod 'SwiftKeychainWrapper'
+    pod 'AppAuth', '1.6.0'
+    pod 'SwiftKeychainWrapper', '3.0.1'
 end

Podfile.lock

@@ -1,20 +1,25 @@
 PODS:
-  - Alamofire (4.7.3)
+  - AppAuth (1.6.0):
+    - AppAuth/Core (= 1.6.0)
+    - AppAuth/ExternalUserAgent (= 1.6.0)
+  - AppAuth/Core (1.6.0)
+  - AppAuth/ExternalUserAgent (1.6.0):
+    - AppAuth/Core
   - SwiftKeychainWrapper (3.0.1)
 
 DEPENDENCIES:
-  - Alamofire
-  - SwiftKeychainWrapper
+  - AppAuth (= 1.6.0)
+  - SwiftKeychainWrapper (= 3.0.1)
 
 SPEC REPOS:
-  https://github.com/cocoapods/specs.git:
-    - Alamofire
+  https://github.com/CocoaPods/Specs.git:
+    - AppAuth
     - SwiftKeychainWrapper
 
 SPEC CHECKSUMS:
-  Alamofire: c7287b6e5d7da964a70935e5db17046b7fde6568
+  AppAuth: 8fca6b5563a5baef2c04bee27538025e4ceb2add
   SwiftKeychainWrapper: 38952a3636320ae61bad3513cadd870929de7a4a
 
-PODFILE CHECKSUM: 5b9df332a135fcc090d04042e541929ed53aa5d4
+PODFILE CHECKSUM: 5b873ee44bd67706d8f252c520a9c79759b9f275
 
-COCOAPODS: 1.5.3
+COCOAPODS: 1.11.3

SingleSignOn.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name            = "SingleSignOn"
-  s.version         = "1.0.6"
+  s.version         = "1.1.0"
   s.summary         = "Library to interface with RedHat SSO"
   s.description     = "This pod contains various components to support authentication and credential managment"
   s.homepage        = "http://pathfinder.gov.bc.ca"
@@ -12,5 +12,5 @@ Pod::Spec.new do |s|
   s.resources       = 'SingleSignOn/**/*.{storyboard,xib,xcassets}'
   s.requires_arc    = true
   s.dependency      'SwiftKeychainWrapper', '~> 3.0.1'
-  s.dependency      'Alamofire', '~> 4.7.3'
+  s.dependency      'AppAuth', '1.6.0'
 end

SingleSignOn.xcodeproj/project.pbxproj

@@ -11,7 +11,6 @@
 		5610F074202D13E7004CD2AC /* SingleSignOnTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5610F073202D13E7004CD2AC /* SingleSignOnTests.swift */; };
 		5610F076202D13E7004CD2AC /* SingleSignOn.h in Headers */ = {isa = PBXBuildFile; fileRef = 5610F068202D13E7004CD2AC /* SingleSignOn.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		5610F080202D14E3004CD2AC /* Podfile in Resources */ = {isa = PBXBuildFile; fileRef = 5610F07F202D14E3004CD2AC /* Podfile */; };
-		56FC88DB202D1846008F7642 /* KeycloakAPI.swift in Sources */ = {isa = PBXBuildFile; fileRef = 56FC88CB202D1845008F7642 /* KeycloakAPI.swift */; };
 		56FC88DC202D1846008F7642 /* Constants.swift in Sources */ = {isa = PBXBuildFile; fileRef = 56FC88CC202D1845008F7642 /* Constants.swift */; };
 		56FC88DD202D1846008F7642 /* AuthViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 56FC88CE202D1845008F7642 /* AuthViewController.swift */; };
 		56FC88DE202D1846008F7642 /* Media.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 56FC88CF202D1845008F7642 /* Media.xcassets */; };
@@ -26,6 +25,8 @@
 		56FC88E8202D1871008F7642 /* README.md in Resources */ = {isa = PBXBuildFile; fileRef = 56FC88E7202D1871008F7642 /* README.md */; };
 		56FC88EA202E0E04008F7642 /* SingleSignOn.podspec in Resources */ = {isa = PBXBuildFile; fileRef = 56FC88E9202E0E04008F7642 /* SingleSignOn.podspec */; };
 		BBF776BE94BDB4E00ABA2247 /* Pods_SingleSignOn.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 133211EAD64B6E7010491C5B /* Pods_SingleSignOn.framework */; };
+		DA2D1D8B2965E3FC000FC010 /* OIDTokenResponseExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = DA2D1D8A2965E3FC000FC010 /* OIDTokenResponseExtension.swift */; };
+		DA2D1D912971D219000FC010 /* Endpoint.swift in Sources */ = {isa = PBXBuildFile; fileRef = DA2D1D902971D219000FC010 /* Endpoint.swift */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -46,8 +47,7 @@
 		5610F06E202D13E7004CD2AC /* SingleSignOnTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SingleSignOnTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
 		5610F073202D13E7004CD2AC /* SingleSignOnTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SingleSignOnTests.swift; sourceTree = "<group>"; };
 		5610F075202D13E7004CD2AC /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
-		5610F07F202D14E3004CD2AC /* Podfile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Podfile; sourceTree = SOURCE_ROOT; };
-		56FC88CB202D1845008F7642 /* KeycloakAPI.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KeycloakAPI.swift; sourceTree = "<group>"; };
+		5610F07F202D14E3004CD2AC /* Podfile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Podfile; sourceTree = SOURCE_ROOT; xcLanguageSpecificationIdentifier = xcode.lang.ruby; };
 		56FC88CC202D1845008F7642 /* Constants.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Constants.swift; sourceTree = "<group>"; };
 		56FC88CE202D1845008F7642 /* AuthViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AuthViewController.swift; sourceTree = "<group>"; };
 		56FC88CF202D1845008F7642 /* Media.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Media.xcassets; sourceTree = "<group>"; };
@@ -62,6 +62,8 @@
 		56FC88E7202D1871008F7642 /* README.md */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = net.daringfireball.markdown; path = README.md; sourceTree = "<group>"; };
 		56FC88E9202E0E04008F7642 /* SingleSignOn.podspec */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = SingleSignOn.podspec; sourceTree = SOURCE_ROOT; };
 		9DBB25529445D12D3C9FEEA5 /* Pods-SingleSignOn.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-SingleSignOn.debug.xcconfig"; path = "Pods/Target Support Files/Pods-SingleSignOn/Pods-SingleSignOn.debug.xcconfig"; sourceTree = "<group>"; };
+		DA2D1D8A2965E3FC000FC010 /* OIDTokenResponseExtension.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OIDTokenResponseExtension.swift; sourceTree = "<group>"; };
+		DA2D1D902971D219000FC010 /* Endpoint.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Endpoint.swift; sourceTree = "<group>"; };
 		EBE0D3BF6EC9DFD049322169 /* Pods-SingleSignOn.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-SingleSignOn.release.xcconfig"; path = "Pods/Target Support Files/Pods-SingleSignOn/Pods-SingleSignOn.release.xcconfig"; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
@@ -124,7 +126,8 @@
 				5610F069202D13E7004CD2AC /* Info.plist */,
 				5610F07F202D14E3004CD2AC /* Podfile */,
 				56FC88E9202E0E04008F7642 /* SingleSignOn.podspec */,
-				56FC88CA202D1845008F7642 /* API */,
+				DA2D1D8F2971D1E2000FC010 /* API */,
+				DA2D1D8E2971CE68000FC010 /* Extensions */,
 				56FC88D6202D1845008F7642 /* Model */,
 				56FC88D8202D1845008F7642 /* Services */,
 				56FC88CD202D1845008F7642 /* UI */,
@@ -141,14 +144,6 @@
 			path = SingleSignOnTests;
 			sourceTree = "<group>";
 		};
-		56FC88CA202D1845008F7642 /* API */ = {
-			isa = PBXGroup;
-			children = (
-				56FC88CB202D1845008F7642 /* KeycloakAPI.swift */,
-			);
-			path = API;
-			sourceTree = "<group>";
-		};
 		56FC88CD202D1845008F7642 /* UI */ = {
 			isa = PBXGroup;
 			children = (
@@ -195,6 +190,22 @@
 			name = Frameworks;
 			sourceTree = "<group>";
 		};
+		DA2D1D8E2971CE68000FC010 /* Extensions */ = {
+			isa = PBXGroup;
+			children = (
+				DA2D1D8A2965E3FC000FC010 /* OIDTokenResponseExtension.swift */,
+			);
+			path = Extensions;
+			sourceTree = "<group>";
+		};
+		DA2D1D8F2971D1E2000FC010 /* API */ = {
+			isa = PBXGroup;
+			children = (
+				DA2D1D902971D219000FC010 /* Endpoint.swift */,
+			);
+			path = API;
+			sourceTree = "<group>";
+		};
 /* End PBXGroup section */
 
 /* Begin PBXHeadersBuildPhase section */
@@ -336,10 +347,11 @@
 			buildActionMask = 2147483647;
 			files = (
 				56FC88E6202D1846008F7642 /* Theme.swift in Sources */,
-				56FC88DB202D1846008F7642 /* KeycloakAPI.swift in Sources */,
 				56FC88DD202D1846008F7642 /* AuthViewController.swift in Sources */,
+				DA2D1D912971D219000FC010 /* Endpoint.swift in Sources */,
 				56FC88E1202D1846008F7642 /* AuthenticationDelegate.swift in Sources */,
 				56FC88E5202D1846008F7642 /* AuthServices.swift in Sources */,
+				DA2D1D8B2965E3FC000FC010 /* OIDTokenResponseExtension.swift in Sources */,
 				56FC88E4202D1846008F7642 /* Credentials.swift in Sources */,
 				56FC88DF202D1846008F7642 /* AuthenticationError.swift in Sources */,
 				56FC88E2202D1846008F7642 /* WebHeaderView.swift in Sources */,
@@ -399,7 +411,7 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 1;
+				CURRENT_PROJECT_VERSION = 2;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
@@ -417,7 +429,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 11.2;
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
 				MTL_ENABLE_DEBUG_INFO = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = iphoneos;
@@ -461,7 +473,7 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 1;
+				CURRENT_PROJECT_VERSION = 2;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -473,7 +485,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 11.2;
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = iphoneos;
 				SWIFT_OPTIMIZATION_LEVEL = "-Owholemodule";

SingleSignOn/API/Endpoint.swift

@@ -0,0 +1,61 @@
+//
+//  EndpointInfo.swift
+//  SingleSignOn
+//
+//  Created by Scharien, Todd SDPR:EX on 2023-01-13.
+//  Copyright © 2023 Jason Leach. All rights reserved.
+//
+
+import Foundation
+
+public struct Endpoint {
+    public let realmName: String
+    public let clientId: String
+    public let redirectUri: String
+    public let baseUrl: String
+    public let responseType: String
+
+    public let hint: String?
+
+    var baseOidcUrl: String {
+        return baseUrl + "/auth/realms/\(realmName)/protocol/openid-connect"
+    }
+
+    public var authUrl: String {
+        return baseOidcUrl + "/auth"
+    }
+
+    public var tokenUrl: String {
+        return baseOidcUrl + "/token"
+    }
+
+    public var logoutUrl: String {
+        return baseOidcUrl + "/logout"
+    }
+
+    public var oidcQuery: String {
+        var query = "response_type=\(responseType)&client_id=\(clientId)&redirect_uri=\(redirectUri)"
+
+        if let hint = hint {
+            query += "&kc_idp_hint=\(hint)"
+        }
+
+        return query
+    }
+
+    init(realmName: String,
+         clientId: String,
+         redirectUri: String,
+         baseUrl: String,
+         responseType: String = Constants.API.authenticationResponseType,
+         hint: String? = nil) {
+
+        self.realmName = realmName
+        self.clientId = clientId
+        self.redirectUri = redirectUri
+        self.baseUrl = baseUrl
+        self.responseType = responseType
+
+        self.hint = hint
+    }
+}

SingleSignOn/Constants.swift

@@ -32,15 +32,9 @@ struct Constants {
     }
 
     struct API {
-        // The token {{REALM_NAME}} will be replaced with the correct value
-        // as needed.
-        static let auth = "/auth/realms/{{REALM_NAME}}/protocol/openid-connect/auth"
-        static let token = "/auth/realms/{{REALM_NAME}}/protocol/openid-connect/token"
-        static let logout = "/auth/realms/{{REALM_NAME}}/protocol/openid-connect/logout"
         static let authenticationResponseType = "code"
         static let allowedWebDomain = "gov.bc.ca"
         static let secureScheme = "https"
-        static let realmToken = "{{REALM_NAME}}"
     }
 
     enum GrantType: String {

SingleSignOn/Extensions/CredentialsExtensions.swift

@@ -0,0 +1,34 @@
+//
+//  CredentialsExtensions.swift
+//  SingleSignOn
+//
+//  Created by Scharien, Todd SDPR:EX on 2023-01-04.
+//  Copyright © 2023 Jason Leach. All rights reserved.
+//
+
+import Foundation
+import AppAuth
+
+extension OIDTokenResponse {
+
+    func toCredentials() -> Credentials {
+        let currentDate = Date()
+        let expiresIn = accessTokenExpirationDate!.timeIntervalSince(currentDate) // in seconds
+        let refreshExpiresIn = additionalParameters?[Credentials.Key.RefreshExpiresIn] as! Double // in seconds
+        let refreshExpiresAt = currentDate.addingTimeInterval(refreshExpiresIn)
+
+        return Credentials(withJSON: [
+            Credentials.Key.TokenType: tokenType!,
+            Credentials.Key.RefreshToken: refreshToken!,
+            Credentials.Key.AccessToken: accessToken!,
+            Credentials.Key.SessionState: String(describing: additionalParameters?[Credentials.Key.SessionState]),
+            Credentials.Key.RefreshExpiresIn: Int(refreshExpiresIn),
+            Credentials.Key.RefreshExpiresAt: refreshExpiresAt,
+            Credentials.Key.NotBeforePolicy: additionalParameters?[Credentials.Key.NotBeforePolicy] as! Int,
+            Credentials.Key.ExpiresIn: Int(expiresIn),
+            Credentials.Key.ExpiresAt: accessTokenExpirationDate!
+        ])
+
+    }
+
+}