Add support for debug logging

Author: dcaunt

Sources/OpenPass/DeviceAuthorizationFlow.swift

@@ -25,6 +25,7 @@
 //
 
 import Foundation
+import OSLog
 
 /// A client for Device Authorization, a two-step flow where an input constrained device such as a TV requests a code
 /// and another device inputs this code and provides authorization.
@@ -63,17 +64,22 @@ public final class DeviceAuthorizationFlow {
     private let tokenValidator: IDTokenValidation
     private let tokensObserver: ((OpenPassTokens) async -> Void)
     private let dateGenerator: DateGenerator
+    private let log: OSLog
     private let clock: Clock
 
     internal init(
         openPassClient: OpenPassClient,
         tokenValidator: IDTokenValidation,
+        isLoggingEnabled: Bool,
         dateGenerator: DateGenerator = .init { Date() },
         clock: Clock = RealClock(),
         tokensObserver: @escaping ((OpenPassTokens) async -> Void)
     ) {
         self.openPassClient = openPassClient
         self.tokenValidator = tokenValidator
+        self.log = isLoggingEnabled
+            ? .init(subsystem: "com.myopenpass", category: "DeviceAuthorizationFlow")
+            : .disabled
         self.dateGenerator = dateGenerator
         self.clock = clock
         self.tokensObserver = tokensObserver
@@ -165,8 +171,13 @@ public final class DeviceAuthorizationFlow {
     /// - Parameter idToken: ID Token To Verify
     /// - Returns: true if valid, false if invalid
     private func verify(_ idToken: IDToken) async throws -> Bool {
-        let jwks = try await openPassClient.fetchJWKS()
-        return try tokenValidator.validate(idToken, jwks: jwks)
+        do {
+            let jwks = try await openPassClient.fetchJWKS()
+            return try tokenValidator.validate(idToken, jwks: jwks)
+        } catch {
+            os_log("Error verifying tokens from flow", log: log, type: .error)
+            throw error
+        }
     }
 }
 

Sources/OpenPass/OpenPassClient.swift

@@ -26,6 +26,7 @@
 
 import CryptoKit
 import Foundation
+import OSLog
 
 /// Networking layer for OpenPass API Server
 @available(iOS 13.0, tvOS 16.0, *)
@@ -40,25 +41,31 @@ internal final class OpenPassClient {
 
     let clientId: String
     private let session = URLSession.shared
+    private let log: OSLog
 
     convenience init(configuration: OpenPassConfiguration) {
         self.init(
             baseURL: configuration.baseURL,
             sdkName: configuration.sdkName,
             sdkVersion: configuration.sdkVersion,
-            clientId: configuration.clientId
+            clientId: configuration.clientId,
+            isLoggingEnabled: configuration.isLoggingEnabled
         )
     }
 
     init(
         baseURL: String,
         sdkName: String,
         sdkVersion: String = openPassSdkVersion,
-        clientId: String
+        clientId: String,
+        isLoggingEnabled: Bool
     ) {
         self.baseURL = baseURL
         self.baseRequestParameters = BaseRequestParameters(sdkName: sdkName, sdkVersion: sdkVersion)
         self.clientId = clientId
+        self.log = isLoggingEnabled
+            ? .init(subsystem: "com.myopenpass", category: "OpenPassClient")
+            : .disabled
     }
 
     // MARK: - Tokens
@@ -75,25 +82,29 @@ internal final class OpenPassClient {
         codeVerifier: String,
         redirectUri: String
     ) async throws -> OpenPassTokensResponse {
+        let logTag: StaticString = "Updating Tokens"
+        os_log(logTag, log: log, type: .debug)
         let request = Request.authorizationCode(
             clientId: clientId,
             code: code,
             codeVerifier: codeVerifier,
             redirectUri: redirectUri
         )
-        return try await execute(request)
+        return try await execute(request, String(logTag))
     }
 
     /// Refresh tokens using an existing `refreshToken`
     /// - Parameters:
     ///   - refreshToken: A refresh token
     /// - Returns: Refreshed ``OpenPassTokensResponse``
     func refreshTokens(_ refreshToken: String) async throws -> OpenPassTokensResponse {
+        let logTag: StaticString = "Refreshing token"
+        os_log(logTag, log: log, type: .debug)
         let request = Request.refresh(
             clientId: clientId,
             refreshToken: refreshToken
         )
-        return try await execute(request)
+        return try await execute(request, String(logTag))
     }
 
     // MARK: - Device Authorization Flow
@@ -102,8 +113,10 @@ internal final class OpenPassClient {
     /// `/v1/api/authorize-device`
     /// - Returns: ``DeviceAuthorizationResponse`` transfer object
     func getDeviceCode() async throws -> DeviceAuthorizationResponse {
+        let logTag: StaticString = "Fetching device code"
+        os_log(logTag, log: log, type: .debug)
         let request = Request.authorizeDevice(clientId: clientId)
-        return try await execute(request)
+        return try await execute(request, String(logTag))
     }
 
     /// Get Device Token from Endpoint
@@ -112,14 +125,16 @@ internal final class OpenPassClient {
     ///     - deviceCode: Device Code retrieved from `/v1/api/authorize-device`
     /// - Returns: ``OpenPassTokens`` or an error if the request was not successful.
     func getTokenFromDeviceCode(deviceCode: String) async throws -> OpenPassTokensResponse {
+        let logTag: StaticString = "Fetching token from device code"
+        os_log(logTag, log: log, type: .debug)
         let request = Request.deviceToken(clientId: clientId, deviceCode: deviceCode)
-        return try await execute(request)
+        return try await execute(request, String(logTag))
     }
 
     // MARK: - JWKS
 
     func fetchJWKS() async throws -> JWKS {
-        try await execute(Request<JWKS>(path: "/.well-known/jwks"))
+        try await execute(Request<JWKS>(path: "/.well-known/jwks"), "Fetching JWKS")
     }
 
     // MARK: - Request Execution
@@ -152,14 +167,40 @@ internal final class OpenPassClient {
         return Data(query.utf8)
     }
 
-    private func execute<ResponseType: Decodable>(_ request: Request<ResponseType>) async throws -> ResponseType {
+    private func execute<ResponseType: Decodable>(
+        _ request: Request<ResponseType>,
+        _ logTag: String
+    ) async throws -> ResponseType {
         let urlRequest = urlRequest(
             request
         )
-        let data = try await session.data(for: urlRequest).0
+        let data: Data
+        let response: HTTPURLResponse
+        do {
+            (data, response) = try await self.data(for: urlRequest)
+        } catch {
+            os_log("Client request error %@", log: log, type: .error, logTag)
+            throw error
+        }
+        if response.statusCode != 200 {
+            os_log("Client request error (%d) %@", log: log, type: .error, response.statusCode, logTag)
+        }
         let decoder = JSONDecoder()
         decoder.keyDecodingStrategy = .convertFromSnakeCase
-        return try decoder.decode(ResponseType.self, from: data)
+        do {
+            return try decoder.decode(ResponseType.self, from: data)
+        } catch {
+            os_log("Error parsing response %@", log: log, type: .error, logTag)
+            throw error
+        }
+    }
+
+    private func data(for request: URLRequest) async throws -> (Data, HTTPURLResponse) {
+        let (data, response) = try await session.data(for: request)
+        // `URLResponse` is always `HTTPURLResponse` for HTTP requests
+        // https://developer.apple.com/documentation/foundation/urlresponse
+        // swiftlint:disable:next force_cast
+        return (data, response as! HTTPURLResponse)
     }
 }
 
@@ -205,3 +246,12 @@ private func generateCodeChallengeFromVerifierCode(verifier: String) -> String {
 
     return base64UrlEncodedHashed
 }
+
+private extension String {
+    init(_ string: StaticString) {
+        self = string.withUTF8Buffer {
+            // swiftlint:disable:next optional_data_string_conversion
+            String(decoding: $0, as: UTF8.self)
+        }
+    }
+}

Sources/OpenPass/OpenPassConfiguration.swift

@@ -43,12 +43,14 @@ struct OpenPassConfiguration: Hashable, Sendable {
         baseURL: String = defaultBaseURL,
         clientId: String,
         redirectHost: String,
+        isLoggingEnabled: Bool,
         sdkNameSuffix: String = "",
         sdkVersion: String = openPassSdkVersion
     ) {
         self.baseURL = baseURL
         self.clientId = clientId
         self.redirectHost = redirectHost
+        self.isLoggingEnabled = isLoggingEnabled
         self.sdkName = Self.defaultSdkName.appending(sdkNameSuffix)
         self.sdkVersion = sdkVersion
     }
@@ -83,6 +85,7 @@ struct OpenPassConfiguration: Hashable, Sendable {
                     ""
                 }
             }(),
+            isLoggingEnabled: OpenPassSettings.shared.isLoggingEnabled,
             sdkNameSuffix: OpenPassSettings.shared.sdkNameSuffix ?? ""
         )
     }
@@ -92,4 +95,5 @@ struct OpenPassConfiguration: Hashable, Sendable {
     var redirectHost: String
     var sdkName: String
     var sdkVersion: String
+    var isLoggingEnabled: Bool
 }

Sources/OpenPass/OpenPassManager.swift

@@ -26,6 +26,7 @@
 
 import AuthenticationServices
 import Foundation
+import OSLog
 import Security
 
 /// Primary app interface for integrating with OpenPass SDK.
@@ -66,6 +67,9 @@ public final class OpenPassManager {
 
     private let tokenValidator: IDTokenValidation
 
+    private let isLoggingEnabled: Bool
+    private let log: OSLog
+
     /// Internal dependency
     private let clock: Clock
 
@@ -84,6 +88,7 @@ public final class OpenPassManager {
         assert(!configuration.redirectHost.isEmpty, "Missing `OpenPassRedirectHost` in Info.plist")
         self.clientId = configuration.clientId
         self.redirectHost = configuration.redirectHost
+        self.isLoggingEnabled = configuration.isLoggingEnabled
 
         self.openPassClient = OpenPassClient(
             configuration: configuration
@@ -93,6 +98,9 @@ public final class OpenPassManager {
             clientID: clientId,
             issuerID: configuration.baseURL.trimmingTrailing("/")
         )
+        self.log = isLoggingEnabled
+            ? OSLog(subsystem: "com.myopenpass", category: "OpenPassManager")
+            : .disabled
         self.clock = clock
         // Check for cached signin
         self.openPassTokens = KeychainManager.main.getOpenPassTokensFromKeychain()
@@ -101,6 +109,8 @@ public final class OpenPassManager {
     /// Signs user out by clearing all sign-in data currently in SDK.  This includes keychain and in-memory data.
     /// - Returns: True if signed out, False if still signed in.
     public func signOut() -> Bool {
+        os_log("Signing Out", log: log, type: .debug)
+        os_log("Clearing Tokens", log: log, type: .debug)
         if KeychainManager.main.deleteOpenPassTokensFromKeychain() {
             self.openPassTokens = nil
             return true
@@ -132,7 +142,8 @@ public final class OpenPassManager {
         SignInFlow(
             openPassClient: openPassClient,
             tokenValidator: tokenValidator,
-            redirectHost: redirectHost
+            redirectHost: redirectHost,
+            isLoggingEnabled: isLoggingEnabled
         ) { [weak self] tokens in
             guard let self else {
                 return
@@ -153,7 +164,8 @@ public final class OpenPassManager {
         RefreshTokenFlow(
             openPassClient: openPassClient,
             clientId: clientId,
-            tokenValidator: tokenValidator
+            tokenValidator: tokenValidator,
+            isLoggingEnabled: isLoggingEnabled
         ) { [weak self] tokens in
             guard let self else {
                 return
@@ -168,6 +180,7 @@ public final class OpenPassManager {
         DeviceAuthorizationFlow(
             openPassClient: openPassClient,
             tokenValidator: tokenValidator,
+            isLoggingEnabled: isLoggingEnabled,
             clock: clock
         ) { [weak self] tokens in
             guard let self else {
@@ -179,8 +192,10 @@ public final class OpenPassManager {
 
     /// Utility function for persisting OpenPassTokens data after its been loaded from the API Server.
     internal func setOpenPassTokens(_ openPassTokens: OpenPassTokens) {
+        os_log("Updating Tokens", log: log, type: .debug)
         assert(openPassTokens.idToken != nil, "ID Token must not be nil")
         self.openPassTokens = openPassTokens
+        os_log("Saving Tokens", log: log, type: .debug)
         KeychainManager.main.saveOpenPassTokensToKeychain(openPassTokens)
     }
 }

Sources/OpenPass/OpenPassSettings.swift

@@ -109,6 +109,23 @@ public final class OpenPassSettings: NSObject, @unchecked Sendable {
         }
     }
 
+    private var _isLoggingEnabled = false
+
+    /// Enable OS logging. The default value is `false`.
+    @objc
+    public var isLoggingEnabled: Bool {
+        get {
+            queue.sync {
+                _isLoggingEnabled
+            }
+        }
+        set {
+            queue.sync {
+                _isLoggingEnabled = newValue
+            }
+        }
+    }
+
     @objc
     public static let shared = OpenPassSettings()
 }

Sources/OpenPass/RefreshTokenFlow.swift

@@ -25,6 +25,7 @@
 //
 
 import Foundation
+import OSLog
 
 @MainActor
 public final class RefreshTokenFlow {
@@ -33,15 +34,21 @@ public final class RefreshTokenFlow {
     private let tokenValidator: IDTokenValidation
     private let tokensObserver: ((OpenPassTokens) async -> Void)
 
+    private let log: OSLog
+    
     init(
         openPassClient: OpenPassClient,
         clientId: String,
         tokenValidator: IDTokenValidation,
+        isLoggingEnabled: Bool,
         tokensObserver: @escaping ((OpenPassTokens) async -> Void)
     ) {
         self.openPassClient = openPassClient
         self.clientId = clientId
         self.tokenValidator = tokenValidator
+        self.log = isLoggingEnabled
+            ? .init(subsystem: "com.myopenpass", category: "RefreshTokenFlow")
+            : .disabled
         self.tokensObserver = tokensObserver
     }
 
@@ -62,7 +69,12 @@ public final class RefreshTokenFlow {
     /// - Parameter idToken: ID Token To Verify
     /// - Returns: true if valid, false if invalid
     private func verify(_ idToken: IDToken) async throws -> Bool {
-        let jwks = try await openPassClient.fetchJWKS()
-        return try tokenValidator.validate(idToken, jwks: jwks)
+        do {
+            let jwks = try await openPassClient.fetchJWKS()
+            return try tokenValidator.validate(idToken, jwks: jwks)
+        } catch {
+            os_log("Error verifying tokens from flow", log: log, type: .error)
+            throw error
+        }
     }
 }