Support for Pre and Post request delegate functionality to support Shape

Question

Support for Pre and Post request delegate functionality to support Shape

seanvancity opened this issue 4 years ago · 6 comments

Both Shape and Okta have SDKs that are opaque to us.

Okta has a standard SDK where we ask for something at a high level, and the requests are carried out behind the scenes.

Shape has an SDK where it wants to be given the low-level request object prior to it being sent, and be handed the response for further processing after it has been received.

In order to integrate Okta with Shape, we need to grant Shape access to the requests and responses that Okta is generating.

Approach
We ask for two new callbacks to be added to the Okta SDK.

Example:

protocol OktaHttpDelegate {
    
    /// Called after request creation, just before send.
    func willSend(request: NSMutableURLRequest)
    
    /// Called after response received, just after receipt.
    func didReceive(response: HTTPURLResponse)
    
}

Will be repeating this issue for the iOS OIDC library and similar approach on the equivalent Android SDKs

Answer 1 · 2020-07-09T06:32:20.000Z

Hi @seanvancity ,

Similar to okta/okta-oidc-ios#226, you can inject your custom URLSession into the SDK.
Example:

let unauthenticatedStatus = OktaAuthStatusUnauthenticated(oktaDomain: {YourOktaURL})
unauthenticatedStatus.restApi = OktaAPI(oktaDomain: {YourOktaURL}, urlSession: {YourCustomURLSession})
unauthenticatedStatus.authenticate(username: username,
                                           password: password ?? "",
                                           onStatusChange: onStatusChange,
                                           onError: onError)

Ildar

Answer 2 · 2020-07-17T15:40:41.000Z

Hi @IldarAbdullin-okta ,

As stated above:

Shape has an SDK where it wants to be given the low-level **request** object prior to it being sent, and be handed the **response** for further processing after it has been received.

I can't find any properties on URLSession or URLSessionConfiguration, that would allow us to call a function to update each URLRequest just before it is sent and pull information off of the response just after it is received. The response capabilities are present on URLSessionTaskDelegate and similar, but URLSession doesn't allow us to assign or control those from what I see.

Do you have some ideas on how updating a request, and immediately reading from a response, might be accomplished using a custom URLSession?

Thanks,
Chris

Answer 3 · 2020-07-17T18:23:05.000Z

Hi @chriswrightlulu ,

There is a way to intercept request during SSL handshake, you can fetch all active URLSessionTask objects from the current session. However if you need to modify original URLRequest this approach will not work.
Just want to double check, does Shape SDK require modification of the original request? If not then suggestion above might work

Ildar

Answer 4 · 2020-07-17T19:33:02.000Z

Hi @IldarAbdullin-okta ,

Yes the Shape SDK requires modifying the request before it is sent, as the last step before send.

So it sounds like we need to try a different path.

Thanks,
Chris

Answer 5 · 2020-07-17T21:30:46.000Z

Hi @chriswrightlulu ,

Looks like in that case we need to provide a way how you can inject custom HTTP client so you will be able to send requests and receive response on Application side. I will create ticket in our internal bug tracking system. I will estimate with the team and include in the plan. I will update you with the time frames

Ildar

Answer 6 · 2020-10-07T23:21:43.000Z

Fixed in 2.4.0