HomeProductsDocsPlayground
Develop
Web Applications
SPAs
Native Applications
API
Do it yourself
iOS Applications
CYM-Identity tries to follow oAuth and OpenID Connect specifications and therefore is unopinionated when it comes to libraries.
In order to get you started with your iOS app, we recommend that you use AppAuth-iOS

Set up an iOS Application

If you haven't done it yet, you need to create an Application following the documentation
We strongly recommend that you only use the authorization_code grant.

Set up your API

By design, an iOS app will consume APIs hosted by a Resource Server.
Follow the instructions in the documentation to create your Resource Server and Protected Resources.

Add the library to your environment

We believe that the documentation provided by the AppAuth-iOS team is quite clear on setting up your environment. Once you have completed the initial setup you can continue the following sections.
We recommend that you use the OpenID discovery service instead of a hard coded configuration
Objective C
1NSURL *issuer = [NSURL URLWithString:@"https://${realm.url}/oauth/${realm.name}"];
2
3[OIDAuthorizationService discoverServiceConfigurationForIssuer:issuer
4    completion:^(OIDServiceConfiguration *_Nullable configuration,
5                 NSError *_Nullable error) {
6
7  if (!configuration) {
8    NSLog(@"Error retrieving discovery document: %@",
9          [error localizedDescription]);
10    return;
11  }
12
13  // perform the auth request...
14}];

Swift
1let issuer = URL(string: "https://${realm.url}/oauth/${realm.name}")!
2// discovers endpoints
3OIDAuthorizationService.discoverConfiguration(forIssuer: issuer) { configuration, error in
4  guard let config = configuration else {
5    print("Error retrieving discovery document: \(error?.localizedDescription ?? "Unknown error")")
6    return
7  }
8
9  // perform the auth request...
10}

Authenticate your users

Now that everything is set up, you can start authenticating your users.
When your users are ready to authenticate, you can trigger an authentication request.
Each logged in user (employee, customer, partner, ...) needs to hold a CYM-Identity License. Add it as part of mass assignment or through your registration flow.
Once again, you can follow the documentation from AppAuth-iOS
During the authorization_code exchange, you can specify the audience or the resource your application need to access
Objective C
1// builds authentication request
2OIDAuthorizationRequest *request =
3    [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
4                                                  clientId:kClientID
5                                                    scopes:@[OIDScopeOpenID, OIDScopeProfile, @"pictures"]
6                                               redirectURL:kRedirectURI
7                                              responseType:OIDResponseTypeCode
8                                      additionalParameters:nil];
9
10// performs authentication request
11AppDelegate *appDelegate =
12    (AppDelegate *)[UIApplication sharedApplication].delegate;
13appDelegate.currentAuthorizationFlow =
14    [OIDAuthState authStateByPresentingAuthorizationRequest:request
15        presentingViewController:self
16                        callback:^(OIDAuthState *_Nullable authState,
17                                   NSError *_Nullable error) {
18  if (authState) {
19    NSLog(@"Got authorization tokens. Access token: %@",
20          authState.lastTokenResponse.accessToken);
21    [self setAuthState:authState];
22  } else {
23    NSLog(@"Authorization error: %@", [error localizedDescription]);
24    [self setAuthState:nil];
25  }
26}];

Swift
1// builds authentication request
2let request = OIDAuthorizationRequest(configuration: configuration,
3                                      clientId: clientID,
4                                      clientSecret: clientSecret,
5                                      scopes: [OIDScopeOpenID, OIDScopeProfile, "pictures"],
6                                      redirectURL: redirectURI,
7                                      responseType: OIDResponseTypeCode,
8                                      additionalParameters: nil)
9
10// performs authentication request
11print("Initiating authorization request with scope: \(request.scope ?? "nil")")
12
13let appDelegate = UIApplication.shared.delegate as! AppDelegate
14
15appDelegate.currentAuthorizationFlow =
16    OIDAuthState.authState(byPresenting: request, presenting: self) { authState, error in
17  if let authState = authState {
18    self.setAuthState(authState)
19    print("Got authorization tokens. Access token: " +
20          "\(authState.lastTokenResponse?.accessToken ?? "nil")")
21  } else {
22    print("Authorization error: \(error?.localizedDescription ?? "Unknown error")")
23    self.setAuthState(nil)
24  }
25}

Keeping your users authenticated

The access_tokens generated initially have a short lifetime, and you'll need new ones to keep accessing APIs on behalf of the user. Once an access_token has expired, you'll get a 401 response from an API.
Objective C
1NSMutableDictionary<NSString *, NSString *>  *additionalParameters = [[NSMutableDictionary alloc] init];
2[additionalParameters setValue:@"RESOURCE_SERVER_CLIENT_ID" forKey:@"audience"];
3OIDTokenRequest *tokenExchangeRequest = [_authState.lastAuthorizationResponse tokenExchangeRequestWithAdditionalParameters:additionalParameters];
4[OIDAuthorizationService performTokenRequest:tokenExchangeRequest
5                                    callback:^(OIDTokenResponse *_Nullable tokenResponse,
6                                                NSError *_Nullable error) {
7
8  if (!tokenResponse) {
9    [self logMessage:@"Token exchange error: %@", [error localizedDescription]];
10  } else {
11    [self logMessage:@"Received token response with accessToken: %@", tokenResponse.accessToken];
12  }
13
14  [_authState updateWithTokenResponse:tokenResponse error:error];
15}];

Accessing more APIs

When you made the previous request, you chose a specific ResourceServer to which you needed access. If you need an access_token scoped to a different Resource Or ResourceServer, you can request for it

Audience

1NSMutableDictionary<NSString *, NSString *>  *additionalParameters = [[NSMutableDictionary alloc] init];
2[additionalParameters setValue:@"DIFFERENT_RESOURCE_SERVER_CLIENT_ID" forKey:@"audience"];
3OIDTokenRequest *tokenExchangeRequest = [_authState tokenRefreshRequestWithAdditionalParameters:additionalParameters];
4[OIDAuthorizationService performTokenRequest:tokenExchangeRequest
5                                    callback:^(OIDTokenResponse *_Nullable tokenResponse,
6                                                NSError *_Nullable error) {
7
8  if (!tokenResponse) {
9    [self logMessage:@"Token exchange error: %@", [error localizedDescription]];
10  } else {
11    [self logMessage:@"Received token response with accessToken: %@", tokenResponse.accessToken];
12  }
13
14  [_authState updateWithTokenResponse:tokenResponse error:error];
15}];

Resource

1NSMutableDictionary<NSString *, NSString *>  *additionalParameters = [[NSMutableDictionary alloc] init];
2[additionalParameters setValue:@"https://resource.url" forKey:@"resource"];
3OIDTokenRequest *tokenExchangeRequest = [_authState tokenRefreshRequestWithAdditionalParameters:additionalParameters];
4[OIDAuthorizationService performTokenRequest:tokenExchangeRequest
5                                    callback:^(OIDTokenResponse *_Nullable tokenResponse,
6                                                NSError *_Nullable error) {
7
8  if (!tokenResponse) {
9    [self logMessage:@"Token exchange error: %@", [error localizedDescription]];
10  } else {
11    [self logMessage:@"Received token response with accessToken: %@", tokenResponse.accessToken];
12  }
13
14  [_authState updateWithTokenResponse:tokenResponse error:error];
15}];

Products

AuthenticationMultifactor AuthenticationBrandingApplication ManagementAPI Management

Documentation

FundamentalsGuidesDevelopObject ReferenceClass Reference