To run the example project, clone the repo, and run pod install
from the Example directory first.
Okta is available through CocoaPods. To install it, simply add the following line to your Podfile:
pod "OktaAuth"
This library currently supports:
You can create an Okta developer account at https://developer.okta.com/.
- After login, navigate to
https://{yourOrg}-admin.oktapreview.com/admin/apps/add-app
and select Create New App - Choose Native as the platform, Sign on method as OpenID Connect then select Create.
- Populate your new OpenID Connect application with values similar to:
Setting | Value |
---|---|
Application Name | Native OpenId Connect App (must be unique) |
Redirect URIs | com.okta.yoursubdomain:/callback |
Allowed grant types | Authorization Code, Refresh Token (recommended) |
- Click Finish to redirect back to the General Settings of your application.
- Copy the Client ID, as it will be needed for the client configuration.
Note: As with any Okta application, make sure you assign Users or Groups to the OpenID Connect Client. Otherwise, no one can use it.
If using the Resource Owner Password Grant, make sure to select it in the Allowed Grant Types and select Client authentication.
Create an Okta.plist
file in your application's bundle with the following fields:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>issuer</key>
<string>{oktaOrg}</string>
<key>clientId</key>
<string>{clientIdValue}</string>
<key>redirectUri</key>
<string>{redirectUrlValue}</string>
<key>scopes</key>
<array>
<string>offline_access</string>
<string>openid</string>
<string>profile</string>
</array>
</dict>
</plist>
Note: To receive a refresh_token, you must include the offline_access
scope.
In order to redirect back to your application from a web browser, you must specify a unique URI to your app. To do this, open Info.plist
in your application bundle and set a URL Scheme to the scheme of the redirect URI.
For example, if your Redirect URI is com.okta.example:/callback
, the URL Scheme will be com.okta.example
.
If using the Resource Owner Password Grant, you must specify the clientSecret
in Okta.plist
:
<key>clientSecret</key>
<string>{clientSecret}</string>
IMPORTANT: It is strongly discouraged to store a clientSecret
on a distributed app. Please refer to OAuth 2.0 for Native Apps for more information.
First, update your AppDelegate
to include the following function to allow the redirect to occur:
// AppDelegate.swift
import OktaAuth
func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any]) -> Bool {
return OktaAuth.resume(url: url, options: options)
}
Then, you can start the authorization flow by simply calling login
:
OktaAuth
.login()
.start(view: self) {
response, error in
if error != nil { print(error!) }
// Success
if let authResponse = response {
// authResponse.accessToken
// authResponse.idToken
}
}
To login using username
and password
:
OktaAuth
.login(username: "user@example.com", password: "password")
.start(view: self) {
response, error in
if error != nil { print(error!) }
// Success
if let authResponse = response {
// authResponse.accessToken
// authResponse.idToken
}
}
Calls the OIDC userInfo endpoint to return user information.
OktaAuth.userinfo() {
response, error in
if error != nil { print("Error: \(error!)") }
if let userinfo = response {
userinfo.forEach { print("\($0): \($1)") }
}
}
Calls the introspection endpoint to inspect the validity of the specified token.
OktaAuth
.introspect()
.validate(token: token) {
response, error in
if error != nil { print("Error: \(error!)") }
if let isActive = response { print("Is token valid? \(isActive)") }
}
Calls the revocation endpoint to revoke the specified token.
OktaAuth.revoke(token: token) {
response, error in
if error != nil { print("Error: \(error!)") }
if let _ = response { print("Token was revoked") }
}
Refreshes the accessToken
if the refreshToken
is provided.
OktaAuth.refresh()
Tokens are securely stored in the Keychain. They can be easily be set and retrieved with the helper methods set
and get
.
OktaAuth
.login()
.start(self) { response, error in
if error != nil { print(error!) }
if let authResponse = response {
// Store tokens in keychain
tokens?.set(value: authResponse.accessToken!, forKey: "accessToken")
tokens?.set(value: authResponse.idToken!, forKey: "idToken")
self.buildTokenTextView()
}
}
// OktaAuth.tokens.get(forKey: "accessToken")
// OktaAuth.tokens.get(forKey: "idToken")
Okta is available under the MIT license. See the LICENSE file for more info.