Question about storing authorised session

Question

Question about storing authorised session

toothbrush opened this issue 4 years ago · 2 comments

Hello again! Way back when i created my first prototype application, i was able to follow https://github.com/Peter-Schorn/SpotifyAPI/wiki/Saving-authorization-information-to-persistent-storage to authorise my app once, then subsequently rely on the authorisation data stored in the keychain.

Now that i want to make it possible for others to download my app, it seemed good to switch to using AuthorizationCodeFlowPKCEManager so that i needn't distribute the clientSecret value with my app.

However, having adapted the code from https://github.com/Peter-Schorn/SpotifyAPI/wiki/Saving-authorization-information-to-persistent-storage to use AuthorizationCodeFlowPKCEManager, it appears my app is unable to reuse stored authorisation info from the Keychain between runs. I would guess it's because i should also store the corresponding random-generated codeVerifier and codeChallenge, but i don't see anywhere they're being used in this bit:

                // Try to decode the data.
                let authorizationManager = try JSONDecoder().decode(
                    AuthorizationCodeFlowPKCEManager.self,
                    from: authManagerData.data(using: .utf8)!
                )

Is it possible to restore a saved session when i'm avoiding using clientSecret?

Answer 1 · 2021-06-16T09:04:51.000Z

You know what, i don't know what i was doing wrong, but it works as it should. Closing this issue – apologies for the noise.

Answer 2 · 2021-06-16T17:16:23.000Z

You don't need to store the code verifier and code challenge in persistent storage. You regenerate those values before each authorization request.