Version numbering represents the Swift version, plus a running number representing updates, fixes and new features at the same time. You can also refer to commit logs to get details on what was implemented, fixed and improved.
- Add the device authorization grant flow PS-17876
- Fix
ASWebAuthenticationSession
implementation.
james-rantmedia #327 - Various fixes and improvements.
- Separate setting for
refresh_uri
.
fotiDim #330 - Add Mac Catalyst support.
telipskiy #328 - Add PKCE support.
larrybrunet #324
- Update Swift package configuration for use with XCode 11.
- Swift 4.2 support.
djbe #273 - Fix crash due to memory ownership.
foldericon #271 - Added an Auth2 implicit grant variation for requests that return parameters in the query instead of the fragment.
tschmitz #262 - Fix some Swift 4 warnings.
everlof #251 - Pass back a strongly typed
OAuth2Error
when possible (along witherror_description
). Also added aninvalidGrant
error.
sebskuse #248 - You can now implement your own custom loggers.
p2 #236 - Fixed parsing errors with empty descriptions.
p2 #247 - Fix the appearance and location of the
Cancel
button on macOS.
kengruven #246
- Correct the ACL for
updateFromKeychainItems
toopen
.
JohnTheBastard #239 - Fixed unauthorized error when refreshing a token.
amaurydavid #237 - Fixed an exception due to the web policy completion handler being called twice.
Kashkovsky #235 - Bubble errors up from a token fetch to the client.
dhardiman #232 #234
- Update to Swift 4.
paulw11 #228 - Fix an assertion error in Xcode 9.
markmarkswell #227 - Remove the dependency on the system
sharedApplication
property to support use in extensions.
robertbarclay #212 - Changed the ACL of
customAuthorizer
frominternal
toopen
.
amaurydavid #203 - Corrected some typos in the codebase and documentation.
Lutzifer #199 - Fixed some warnings with String interpolation.
paulw11 jakepetroules #195 #204
- Allow more UI customization via
authConfig.UI
and makingOAuth2Authorizer
friendlier to subclassing - Implement custom authorization UIs for password grants (thanks @amaurydavid !)
- Optionally allow
DataLoader
to follow 302 redirects automatically (on same host) - Fix a bug with data loader not using refresh tokens (#184)
- Move
secretInBody
andcustomParameters
fromauthConfig
toclientConfig
, where they belong - Allow to override default UTF-8 encoding of the Basic authorization header
- Improvements to embedded authorization
- Remove
onAuthorize
andonFailure
callbacks, which have been deprecated with 3.0 (now handled in the callback toauthorize()
)
- Add Azure flow (thanks @everlof)
- Add
keychain_account_*
settings (thanks @aidzz) - Workaround for Safari issue (thanks @everlof)
- Rewrite in Swift 3
- New DataLoader, meaning you don't have to do authorization yourself (and helps with Alamofire use)
- Broad API redesign, you should now use
authorize(params:callback:)
if you still authorize manually - All errors returned by OAuth2 are now
OAuth2Error
types - Add
Package.swift
for the Swift package manager - Expose
keychainAccessGroup
(keychain_access_group
in settings; thanks @damienrambout !) - Some new errors (like
.forbidden
and.missingState
)
- Use Swift 2.3
- Allow to add custom authorization headers (thanks @SpectralDragon)
- Fix: add
client_id
to password grant even if there is no secret (thanks Criss!)
- Make keychain store name programmer-settable (fixes #111 and #119)
- More public methods to support subclassing
- Allow resource owner password grant without client_id
- Use a simple logger for logging purposes (inspired by @tompson and @ChrisInIssaquah)
- Make
parseAccessTokenResponseData()
public for non-conformant OAuth2 providers (like Facebook) - Add overrideable
normalizeAccessTokenResponseKeys()
andnormalizeRefreshTokenResponseKeys()
(inspired by @ChrisTitos)
- Make sure extra params are passed to refresh token requests (fixes #105)
- The convenience
request(forURL:)
method by default no longer uses locally cached data
- Use ephemeral NSURLSession by default; fixes #96
- Build fix to enable Carthage builds (thanks @davidpeckham !)
- Fix: add optional auth parameters to the authorize URL
- Refactor authorization request creation
- Add
OAuth2ClientCredentialsReddit
to deal with Reddit installed apps special flow - Rename clashing method definitions to fix #99
- Add tvOS build (thanks @davidkraus and @ddengler !)
- Update SwiftKeychain integration (thanks @davidkraus and @ddengler !)
- Expose
keychainAccessMode
(keychain_access_mode
in settings; thanks @tompson !)
- Better error parsing when handling redirect URL in code grants
- Remove implicit web view unwrapping to fix issue #88
- Add capability to abort ongoing authorization with
abortAuthorization()
- Implement embedded auth for OS X 10.10 and newer (thanks @insidegui !)
- Move
autoDismiss
param fromauthorize()
into theauthConfig
struct - Change
openAuthorizeURLInBrowser()
to throw instead of returning a Bool (throwingUnableToOpenAuthorizeURL
instead of returning false) - Add
RequestCancelled
Error - Add
OAuth2CodeGrantLinkedIn
to deal with LinkedIn - Add
OAuth2CodeGrantNoTokenType
to deal with Instagram, Bitly and all others not returningtoken_type
- Add
UTF8DecodeError
- Fix issue #76 (dismissing built-in web view controller in a more robust way)
- Fix issue #75 (refresh tokens not saved to keychain)
- Fix issue #72 (refresh token SNAFU from 2.1)
- Refresh tokens now work for all grants
- Rewrite most parts of the code to use
OAuth2Error
instead ofNSError
- Improvements to password grant
- Properly implement dynamic client registration
- Fix issues #47, #59, #61, #66 and improve behavior in several scenarios
- Fix issue #53, not detecting canceling the
SFSafariViewController
by the user
- Use
SFSafariViewController
for embedded authorization if used on iOS 9+
- Uses Swift 2.0
- Add flag to force client registration
- Last planned release for Swift 1.2
- Allow to customize the Back button in iOS' login web view.
- Fix “wrong password” detection in password grant, thanks Tim!
- Add
accessTokenAssumeUnexpired
variable to allow storing of access tokens even if "expires_in" is not supplied. You may need to intercept 401s and re-authorize when performing REST requests. - Add
OAuth2DynReg
class to help with dynamic client registration (preliminary/incomplete). - Code refactoring
- Add
OAuth2PasswordGrant
for password grant flow, courtesy of Tim Sneed.
- Add
OAuth2ClientCredentials
for client_credentials flow. - Fix bug where custom authorize parameters would not appear in the embedded iOS view controller (thanks Nate!).
- Make
OAuth2CodeGrant
auto-decide whether to use an “Authorization: Basic ...” header (if the client has a clientSecret) or omit it. The optionsecretInBody
(calledsecret_in_body
in the settings dict) allows to force putting the secret into the request body.
- Client uses refresh-tokens automatically, if available. Use the new
authorize()
method to take advantage of this. - System keychain integration for token storage. Use
keychain
= false to turn this off.
- Support detecting Google's
urn:ietf:wg:oauth:2.0:oob
callback URLs - Improvements when detecting and intercepting callback URLs
- Swift compiler improvements (via use of
final
keyword)
- Swift 1.2 support
- Improve embedded web view controller (iOS only)
- Correctly use www-form-urlencoded parameter strings
- Initial release supporting Swift 1.1