CLASS

HaapiTokenManager

Contents

• Properties
  • dpop

@objcMembers public final class HaapiTokenManager: NSObject

HaapiTokenManager instances manage HAAPI tokens and facilitate interacting with the HAAPI service. If needed, the HaapiTokenManager performs the attestation flow, by using the Device Check services on the iOS device.

The HaapiTokenManager is created by using the HaapiTokenManagerBuilder, like

   haapiTokenManager = HaapiTokenManagerBuilder(
       tokenEndpoint: "https://curity.example.com/oauth/token"
       clientId: "my-oauth-client-id"
   ).build()

The HaapiTokenManager internally relies on an URLSession instance with default configuration to perform HTTP requests. However, it is possible to provide an initialized URLSession-instance to the Builder upon instantiation, which ensures custom connection-related configuration can be supported.

There cannot be more than one active HaapiTokenManager instance using the same key entry alias. An [HaapiError.haapiTokenManagerAlreadyExists] error is thrown when a HaapiTokenManager instance is created and there is already one active instance with the same key entry alias. The used alias can be configured when creating the instance. The property name provides visibility on the configured alias.

A HaapiTokenManager instance can be closed via the HaapiTokenManager.close method. This will remove the lock to underlying resources and allow other instances to use the same alias. When trying to use the access token of a closed HaapiTokenManager an HaapiError.haapiTokenManagerIsClosed is thrown. Note that a call to HaapiTokenManager.close may block if the instance is being used.

Once an instance of the HaapiTokenManager is created, it can be used to obtain a HAAPI token. Once a HAAPI token is obtained, the HaapiTokenManager can provide a client through the createClient() method. This client can be instructed to use a provided URLSession to make its requests, or use an internal URLSession instead.

For example, create a default HaapiClient using the HaapiTokenManager is done like

let haapiClient = haapiTokenManager.createClient()

Alternatively, creating it with a custom URLSession is done like

let haapiClient = haapiTokenManager.createClient(
    urlSession: URLSession(
        configuration: URLSessionConfiguration.default,
        delegate: urlSessionDelegate,
        delegateQueue: nil
    )

Once a HaapiTokenManager is created, the HaapiClient that it can provide can be used to perform operations according to the HAAPI specifications. An example request made using the HaapiClient looks like

var authorizationRequest = URLRequest(url: FlowTests.authorizationUrl)
authorizationRequest.httpMethod = "GET"

haapiClient.performDataTask(for: authorizationRequest) { result in
    switch result {
    case .success(let responseAndData):
        let response = responseAndData.response
        let data = responseAndData.data
        ...
        break
    case .failure(let error):
        ...
    }
}

The above example attempts to make a GET request to the authorization endpoint and provides a completing function for further processing of the results.

Properties

dpop

public var dpop: Dpop?

Return the Dpop that was used.