There's a big change to the AeroGear iOS OAuth2 library: it's now been
migrated to Swift 3! 🎉🎉🎉 It still needs to be published to the main
CocoaPods Specs repo for wider adoption (all 65 GitHub stars' worth), so if
you want to use it, for now point your Podfile to the AeroGear repo. There
are also three pending pull requests that I'd appreciate a review on:
* #64 Update Podspec - A simple PR to update the version of the AeroGear
iOS Http library that is required by the library
* #63 Add audience and server code - This allows developers to validate the
refresh/access token request being made as well as do cross-client auth so
a mobile app and server backend are essentially viewed as one application
to be authorized
* #62 Add ID token to auth response - Many OAuth2 providers now send a JWT
ID token along with the other usual tokens that provides extra information
about a user, e.g., user ID, address, phone number, etc.
These PRs are pretty small, but I think add some good functionality to the
library! My next planned pieces of work are:
* Switch Google to use SFSafariViewController - Per a post on the Google
dev blog (
they will soon be disallowing embedded web views to do the OAuth2 dance.
The solution is to use SFSafariViewController (or just the regular Safari
browser). This already exists in the library, but Google needs to be
special-cased to never accept an embedded web view as an option.
* Better cookie management to support multiple accounts - Some services
(like Google) provide an account picker for a user to choose from. This is
a much better UX. However, not all OAuth2 providers are as cool as Google.
For these providers, you cannot currently sign into multiple accounts using
the OAuth2 library unless you clear cookies before the embedded web view is
presented. Will be working on a solution to do this.