Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for debug logging #69

Merged
merged 1 commit into from
Mar 10, 2025
Merged

Add support for debug logging #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions Sources/OpenPass/DeviceAuthorizationFlow.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
//

import Foundation
import OSLog

/// A client for Device Authorization, a two-step flow where an input constrained device such as a TV requests a code
/// and another device inputs this code and provides authorization.
Expand Down Expand Up @@ -63,17 +64,22 @@ public final class DeviceAuthorizationFlow {
private let tokenValidator: IDTokenValidation
private let tokensObserver: ((OpenPassTokens) async -> Void)
private let dateGenerator: DateGenerator
private let log: OSLog
private let clock: Clock

internal init(
openPassClient: OpenPassClient,
tokenValidator: IDTokenValidation,
isLoggingEnabled: Bool,
dateGenerator: DateGenerator = .init { Date() },
clock: Clock = RealClock(),
tokensObserver: @escaping ((OpenPassTokens) async -> Void)
) {
self.openPassClient = openPassClient
self.tokenValidator = tokenValidator
self.log = isLoggingEnabled
? .init(subsystem: "com.myopenpass", category: "DeviceAuthorizationFlow")
: .disabled
self.dateGenerator = dateGenerator
self.clock = clock
self.tokensObserver = tokensObserver
Expand Down Expand Up @@ -165,8 +171,13 @@ public final class DeviceAuthorizationFlow {
/// - Parameter idToken: ID Token To Verify
/// - Returns: true if valid, false if invalid
private func verify(_ idToken: IDToken) async throws -> Bool {
let jwks = try await openPassClient.fetchJWKS()
return try tokenValidator.validate(idToken, jwks: jwks)
do {
let jwks = try await openPassClient.fetchJWKS()
return try tokenValidator.validate(idToken, jwks: jwks)
} catch {
os_log("Error verifying tokens from flow", log: log, type: .error)
throw error
}
}
}

Expand Down
70 changes: 60 additions & 10 deletions Sources/OpenPass/OpenPassClient.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

import CryptoKit
import Foundation
import OSLog

/// Networking layer for OpenPass API Server
@available(iOS 13.0, tvOS 16.0, *)
Expand All @@ -40,25 +41,31 @@ internal final class OpenPassClient {

let clientId: String
private let session = URLSession.shared
private let log: OSLog

convenience init(configuration: OpenPassConfiguration) {
self.init(
baseURL: configuration.baseURL,
sdkName: configuration.sdkName,
sdkVersion: configuration.sdkVersion,
clientId: configuration.clientId
clientId: configuration.clientId,
isLoggingEnabled: configuration.isLoggingEnabled
)
}

init(
baseURL: String,
sdkName: String,
sdkVersion: String = openPassSdkVersion,
clientId: String
clientId: String,
isLoggingEnabled: Bool
) {
self.baseURL = baseURL
self.baseRequestParameters = BaseRequestParameters(sdkName: sdkName, sdkVersion: sdkVersion)
self.clientId = clientId
self.log = isLoggingEnabled
? .init(subsystem: "com.myopenpass", category: "OpenPassClient")
: .disabled
}

// MARK: - Tokens
Expand All @@ -75,25 +82,29 @@ internal final class OpenPassClient {
codeVerifier: String,
redirectUri: String
) async throws -> OpenPassTokensResponse {
let logTag: StaticString = "Updating Tokens"
os_log(logTag, log: log, type: .debug)
let request = Request.authorizationCode(
clientId: clientId,
code: code,
codeVerifier: codeVerifier,
redirectUri: redirectUri
)
return try await execute(request)
return try await execute(request, String(logTag))
}

/// Refresh tokens using an existing `refreshToken`
/// - Parameters:
/// - refreshToken: A refresh token
/// - Returns: Refreshed ``OpenPassTokensResponse``
func refreshTokens(_ refreshToken: String) async throws -> OpenPassTokensResponse {
let logTag: StaticString = "Refreshing token"
os_log(logTag, log: log, type: .debug)
let request = Request.refresh(
clientId: clientId,
refreshToken: refreshToken
)
return try await execute(request)
return try await execute(request, String(logTag))
}

// MARK: - Device Authorization Flow
Expand All @@ -102,8 +113,10 @@ internal final class OpenPassClient {
/// `/v1/api/authorize-device`
/// - Returns: ``DeviceAuthorizationResponse`` transfer object
func getDeviceCode() async throws -> DeviceAuthorizationResponse {
let logTag: StaticString = "Fetching device code"
os_log(logTag, log: log, type: .debug)
let request = Request.authorizeDevice(clientId: clientId)
return try await execute(request)
return try await execute(request, String(logTag))
}

/// Get Device Token from Endpoint
Expand All @@ -112,14 +125,16 @@ internal final class OpenPassClient {
/// - deviceCode: Device Code retrieved from `/v1/api/authorize-device`
/// - Returns: ``OpenPassTokens`` or an error if the request was not successful.
func getTokenFromDeviceCode(deviceCode: String) async throws -> OpenPassTokensResponse {
let logTag: StaticString = "Fetching token from device code"
os_log(logTag, log: log, type: .debug)
let request = Request.deviceToken(clientId: clientId, deviceCode: deviceCode)
return try await execute(request)
return try await execute(request, String(logTag))
}

// MARK: - JWKS

func fetchJWKS() async throws -> JWKS {
try await execute(Request<JWKS>(path: "/.well-known/jwks"))
try await execute(Request<JWKS>(path: "/.well-known/jwks"), "Fetching JWKS")
}

// MARK: - Request Execution
Expand Down Expand Up @@ -152,14 +167,40 @@ internal final class OpenPassClient {
return Data(query.utf8)
}

private func execute<ResponseType: Decodable>(_ request: Request<ResponseType>) async throws -> ResponseType {
private func execute<ResponseType: Decodable>(
_ request: Request<ResponseType>,
_ logTag: String
) async throws -> ResponseType {
let urlRequest = urlRequest(
request
)
let data = try await session.data(for: urlRequest).0
let data: Data
let response: HTTPURLResponse
do {
(data, response) = try await self.data(for: urlRequest)
} catch {
os_log("Client request error %@", log: log, type: .error, logTag)
throw error
}
if response.statusCode != 200 {
os_log("Client request error (%d) %@", log: log, type: .error, response.statusCode, logTag)
}
let decoder = JSONDecoder()
decoder.keyDecodingStrategy = .convertFromSnakeCase
return try decoder.decode(ResponseType.self, from: data)
do {
return try decoder.decode(ResponseType.self, from: data)
} catch {
os_log("Error parsing response %@", log: log, type: .error, logTag)
throw error
}
}

private func data(for request: URLRequest) async throws -> (Data, HTTPURLResponse) {
let (data, response) = try await session.data(for: request)
// `URLResponse` is always `HTTPURLResponse` for HTTP requests
// https://developer.apple.com/documentation/foundation/urlresponse
// swiftlint:disable:next force_cast
return (data, response as! HTTPURLResponse)
}
}

Expand Down Expand Up @@ -205,3 +246,12 @@ private func generateCodeChallengeFromVerifierCode(verifier: String) -> String {

return base64UrlEncodedHashed
}

private extension String {
init(_ string: StaticString) {
self = string.withUTF8Buffer {
// swiftlint:disable:next optional_data_string_conversion
String(decoding: $0, as: UTF8.self)
}
}
}
4 changes: 4 additions & 0 deletions Sources/OpenPass/OpenPassConfiguration.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,14 @@ struct OpenPassConfiguration: Hashable, Sendable {
baseURL: String = defaultBaseURL,
clientId: String,
redirectHost: String,
isLoggingEnabled: Bool,
sdkNameSuffix: String = "",
sdkVersion: String = openPassSdkVersion
) {
self.baseURL = baseURL
self.clientId = clientId
self.redirectHost = redirectHost
self.isLoggingEnabled = isLoggingEnabled
self.sdkName = Self.defaultSdkName.appending(sdkNameSuffix)
self.sdkVersion = sdkVersion
}
Expand Down Expand Up @@ -83,6 +85,7 @@ struct OpenPassConfiguration: Hashable, Sendable {
""
}
}(),
isLoggingEnabled: OpenPassSettings.shared.isLoggingEnabled,
sdkNameSuffix: OpenPassSettings.shared.sdkNameSuffix ?? ""
)
}
Expand All @@ -92,4 +95,5 @@ struct OpenPassConfiguration: Hashable, Sendable {
var redirectHost: String
var sdkName: String
var sdkVersion: String
var isLoggingEnabled: Bool
}
19 changes: 17 additions & 2 deletions Sources/OpenPass/OpenPassManager.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

import AuthenticationServices
import Foundation
import OSLog
import Security

/// Primary app interface for integrating with OpenPass SDK.
Expand Down Expand Up @@ -66,6 +67,9 @@ public final class OpenPassManager {

private let tokenValidator: IDTokenValidation

private let isLoggingEnabled: Bool
private let log: OSLog

/// Internal dependency
private let clock: Clock

Expand All @@ -84,6 +88,7 @@ public final class OpenPassManager {
assert(!configuration.redirectHost.isEmpty, "Missing `OpenPassRedirectHost` in Info.plist")
self.clientId = configuration.clientId
self.redirectHost = configuration.redirectHost
self.isLoggingEnabled = configuration.isLoggingEnabled

self.openPassClient = OpenPassClient(
configuration: configuration
Expand All @@ -93,6 +98,9 @@ public final class OpenPassManager {
clientID: clientId,
issuerID: configuration.baseURL.trimmingTrailing("/")
)
self.log = isLoggingEnabled
? OSLog(subsystem: "com.myopenpass", category: "OpenPassManager")
: .disabled
self.clock = clock
// Check for cached signin
self.openPassTokens = KeychainManager.main.getOpenPassTokensFromKeychain()
Expand All @@ -101,6 +109,8 @@ public final class OpenPassManager {
/// Signs user out by clearing all sign-in data currently in SDK. This includes keychain and in-memory data.
/// - Returns: True if signed out, False if still signed in.
public func signOut() -> Bool {
os_log("Signing Out", log: log, type: .debug)
os_log("Clearing Tokens", log: log, type: .debug)
if KeychainManager.main.deleteOpenPassTokensFromKeychain() {
self.openPassTokens = nil
return true
Expand Down Expand Up @@ -132,7 +142,8 @@ public final class OpenPassManager {
SignInFlow(
openPassClient: openPassClient,
tokenValidator: tokenValidator,
redirectHost: redirectHost
redirectHost: redirectHost,
isLoggingEnabled: isLoggingEnabled
) { [weak self] tokens in
guard let self else {
return
Expand All @@ -153,7 +164,8 @@ public final class OpenPassManager {
RefreshTokenFlow(
openPassClient: openPassClient,
clientId: clientId,
tokenValidator: tokenValidator
tokenValidator: tokenValidator,
isLoggingEnabled: isLoggingEnabled
) { [weak self] tokens in
guard let self else {
return
Expand All @@ -168,6 +180,7 @@ public final class OpenPassManager {
DeviceAuthorizationFlow(
openPassClient: openPassClient,
tokenValidator: tokenValidator,
isLoggingEnabled: isLoggingEnabled,
clock: clock
) { [weak self] tokens in
guard let self else {
Expand All @@ -179,8 +192,10 @@ public final class OpenPassManager {

/// Utility function for persisting OpenPassTokens data after its been loaded from the API Server.
internal func setOpenPassTokens(_ openPassTokens: OpenPassTokens) {
os_log("Updating Tokens", log: log, type: .debug)
assert(openPassTokens.idToken != nil, "ID Token must not be nil")
self.openPassTokens = openPassTokens
os_log("Saving Tokens", log: log, type: .debug)
KeychainManager.main.saveOpenPassTokensToKeychain(openPassTokens)
}
}
17 changes: 17 additions & 0 deletions Sources/OpenPass/OpenPassSettings.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,23 @@ public final class OpenPassSettings: NSObject, @unchecked Sendable {
}
}

private var _isLoggingEnabled = false

/// Enable OS logging. The default value is `false`.
@objc
public var isLoggingEnabled: Bool {
get {
queue.sync {
_isLoggingEnabled
}
}
set {
queue.sync {
_isLoggingEnabled = newValue
}
}
}

@objc
public static let shared = OpenPassSettings()
}
16 changes: 14 additions & 2 deletions Sources/OpenPass/RefreshTokenFlow.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
//

import Foundation
import OSLog

@MainActor
public final class RefreshTokenFlow {
Expand All @@ -33,15 +34,21 @@ public final class RefreshTokenFlow {
private let tokenValidator: IDTokenValidation
private let tokensObserver: ((OpenPassTokens) async -> Void)

private let log: OSLog

init(
openPassClient: OpenPassClient,
clientId: String,
tokenValidator: IDTokenValidation,
isLoggingEnabled: Bool,
tokensObserver: @escaping ((OpenPassTokens) async -> Void)
) {
self.openPassClient = openPassClient
self.clientId = clientId
self.tokenValidator = tokenValidator
self.log = isLoggingEnabled
? .init(subsystem: "com.myopenpass", category: "RefreshTokenFlow")
: .disabled
self.tokensObserver = tokensObserver
}

Expand All @@ -62,7 +69,12 @@ public final class RefreshTokenFlow {
/// - Parameter idToken: ID Token To Verify
/// - Returns: true if valid, false if invalid
private func verify(_ idToken: IDToken) async throws -> Bool {
let jwks = try await openPassClient.fetchJWKS()
return try tokenValidator.validate(idToken, jwks: jwks)
do {
let jwks = try await openPassClient.fetchJWKS()
return try tokenValidator.validate(idToken, jwks: jwks)
} catch {
os_log("Error verifying tokens from flow", log: log, type: .error)
throw error
}
}
}
Loading