From 8b108731759d438f78d4e5ca3d29a9b90eb3f00a Mon Sep 17 00:00:00 2001 From: Mike Nachbaur Date: Fri, 23 Feb 2024 12:48:51 -0800 Subject: [PATCH 1/2] Bump version number to 1.6.0 --- OktaAuthFoundation.podspec | 2 +- OktaDirectAuth.podspec | 2 +- OktaOAuth2.podspec | 2 +- OktaWebAuthenticationUI.podspec | 2 +- README.md | 2 +- Sources/AuthFoundation/Version.swift | 2 +- Sources/OktaDirectAuth/Version.swift | 2 +- Sources/OktaOAuth2/Version.swift | 2 +- Sources/WebAuthenticationUI/Version.swift | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/OktaAuthFoundation.podspec b/OktaAuthFoundation.podspec index 8ad4611cf..7c3ef1a16 100644 --- a/OktaAuthFoundation.podspec +++ b/OktaAuthFoundation.podspec @@ -1,7 +1,7 @@ Pod::Spec.new do |s| s.name = "OktaAuthFoundation" s.module_name = "AuthFoundation" - s.version = "1.5.0" + s.version = "1.6.0" s.summary = "Okta Authentication Foundation" s.description = <<-DESC Provides the foundation and common features used to authenticate users, managing the lifecycle and storage of tokens and credentials, and provide a base for other Okta SDKs to build upon. diff --git a/OktaDirectAuth.podspec b/OktaDirectAuth.podspec index 4601fa8a4..9c20cada8 100644 --- a/OktaDirectAuth.podspec +++ b/OktaDirectAuth.podspec @@ -1,6 +1,6 @@ Pod::Spec.new do |s| s.name = "OktaDirectAuth" - s.version = "1.5.0" + s.version = "1.6.0" s.summary = "Okta Direct Authentication" s.description = <<-DESC Enables application developers to build native sign in experiences using the Okta Direct Authentication API. diff --git a/OktaOAuth2.podspec b/OktaOAuth2.podspec index 250018296..061fb16da 100644 --- a/OktaOAuth2.podspec +++ b/OktaOAuth2.podspec @@ -1,6 +1,6 @@ Pod::Spec.new do |s| s.name = "OktaOAuth2" - s.version = "1.5.0" + s.version = "1.6.0" s.summary = "Okta OAuth2 Authentication" s.description = <<-DESC Enables application developers to authenticate users utilizing a variety of OAuth2 authentication flows. diff --git a/OktaWebAuthenticationUI.podspec b/OktaWebAuthenticationUI.podspec index de4c6c856..45fa0404d 100644 --- a/OktaWebAuthenticationUI.podspec +++ b/OktaWebAuthenticationUI.podspec @@ -1,7 +1,7 @@ Pod::Spec.new do |s| s.name = "OktaWebAuthenticationUI" s.module_name = "WebAuthenticationUI" - s.version = "1.5.0" + s.version = "1.6.0" s.summary = "Okta Web Authentication UI" s.description = <<-DESC Authenticate users using web-based OIDC. diff --git a/README.md b/README.md index 2a5e5a1e7..d5db5bf1a 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ This library uses semantic versioning and follows Okta's [Library Version Policy | Version | Status | | ------- | ---------------------------------- | -| 1.5.0 | ✔️ Stable | +| 1.6.0 | ✔️ Stable | The latest release can always be found on the [releases page][github-releases]. diff --git a/Sources/AuthFoundation/Version.swift b/Sources/AuthFoundation/Version.swift index c021e3422..706844387 100644 --- a/Sources/AuthFoundation/Version.swift +++ b/Sources/AuthFoundation/Version.swift @@ -13,5 +13,5 @@ import Foundation // swiftlint:disable identifier_name -public let Version = SDKVersion(sdk: "okta-authfoundation-swift", version: "1.5.0") +public let Version = SDKVersion(sdk: "okta-authfoundation-swift", version: "1.6.0") // swiftlint:enable identifier_name diff --git a/Sources/OktaDirectAuth/Version.swift b/Sources/OktaDirectAuth/Version.swift index efcc21244..ec2a162c6 100644 --- a/Sources/OktaDirectAuth/Version.swift +++ b/Sources/OktaDirectAuth/Version.swift @@ -13,5 +13,5 @@ @_exported import AuthFoundation // swiftlint:disable identifier_name -public let Version = SDKVersion(sdk: "okta-directauth-swift", version: "1.5.0") +public let Version = SDKVersion(sdk: "okta-directauth-swift", version: "1.6.0") // swiftlint:enable identifier_name diff --git a/Sources/OktaOAuth2/Version.swift b/Sources/OktaOAuth2/Version.swift index 0b9cef69d..7e7a8c466 100644 --- a/Sources/OktaOAuth2/Version.swift +++ b/Sources/OktaOAuth2/Version.swift @@ -13,5 +13,5 @@ @_exported import AuthFoundation // swiftlint:disable identifier_name -public let Version = SDKVersion(sdk: "okta-oauth2-swift", version: "1.5.0") +public let Version = SDKVersion(sdk: "okta-oauth2-swift", version: "1.6.0") // swiftlint:enable identifier_name diff --git a/Sources/WebAuthenticationUI/Version.swift b/Sources/WebAuthenticationUI/Version.swift index 57af85d48..eb1353c6d 100644 --- a/Sources/WebAuthenticationUI/Version.swift +++ b/Sources/WebAuthenticationUI/Version.swift @@ -14,5 +14,5 @@ import Foundation import AuthFoundation // swiftlint:disable identifier_name -public let Version = SDKVersion(sdk: "okta-webauthenticationui-swift", version: "1.5.0") +public let Version = SDKVersion(sdk: "okta-webauthenticationui-swift", version: "1.6.0") // swiftlint:enable identifier_name From 95affb301da56f95dc483c865352d1c80cf311c0 Mon Sep 17 00:00:00 2001 From: Mike Nachbaur Date: Fri, 23 Feb 2024 13:06:16 -0800 Subject: [PATCH 2/2] Update API docs to include error messages otherwise included in the localization strings --- Sources/AuthFoundation/JWT/JWTError.swift | 35 +++++++++++++++++++ .../Network/APIClientError.swift | 21 +++++++++++ .../AuthFoundation/OAuth2/OAuth2Error.swift | 25 +++++++++++++ .../Resources/en.lproj/AuthFoundation.strings | 4 +-- .../Security/KeychainError.swift | 23 ++++++++++++ .../Token Management/TokenError.swift | 9 +++++ 6 files changed, 115 insertions(+), 2 deletions(-) diff --git a/Sources/AuthFoundation/JWT/JWTError.swift b/Sources/AuthFoundation/JWT/JWTError.swift index e50b8a5f8..0e8d7dcf1 100644 --- a/Sources/AuthFoundation/JWT/JWTError.swift +++ b/Sources/AuthFoundation/JWT/JWTError.swift @@ -14,23 +14,58 @@ import Foundation /// Describes errors that may occur with parsing or validating JWT tokens. public enum JWTError: Error, Equatable { + /// The token is invalid (incorrect Base64 encoding). case invalidBase64Encoding + + /// The token is not structured correctly. case badTokenStructure + + /// The token's issuer is either not well-formed, or does not match. case invalidIssuer + + /// The token's audience does not match. case invalidAudience + + /// The token's subject is missing or is invalid. case invalidSubject + + /// The token's authentication time is missing or is invalid. case invalidAuthenticationTime + + /// Token issuer addresses must use HTTPS. case issuerRequiresHTTPS + + /// The token's signing algorithm is invalid or unsupported. case invalidSigningAlgorithm + + /// The token has expired. case expired + + /// This token was issued at a time that exceeds the allowed grace interval. case issuedAtTimeExceedsGraceInterval + + /// The nonce value does not match the value expected. case nonceMismatch + + /// Cannot create a public key with the information supplied from the server. case cannotCreateKey(code: OSStatus, description: String?) + + /// Invalid key data. case invalidKey + + /// The indicated signing algorithm is unsupported. case unsupportedAlgorithm(_ algorithm: JWK.Algorithm) + + /// Cannot generate hash signature. case cannotGenerateHash + + /// Signature verification is unavailable on this platform, e.g. Linux. case signatureVerificationUnavailable + + /// Token signature is invalid. case signatureInvalid + + /// The given token exceeds the supplied maximum age. case exceedsMaxAge } diff --git a/Sources/AuthFoundation/Network/APIClientError.swift b/Sources/AuthFoundation/Network/APIClientError.swift index f9e6be32c..298315b1d 100644 --- a/Sources/AuthFoundation/Network/APIClientError.swift +++ b/Sources/AuthFoundation/Network/APIClientError.swift @@ -14,16 +14,37 @@ import Foundation /// Errors that may occur at the API or network level. public enum APIClientError: Error { + /// Could not create an invalid URL. This typically means the string passed to `URL` was malformed. case invalidUrl + + /// No response received from the server. case missingResponse + + /// Did not receive an HTTP response. case invalidResponse + + /// An error occurred while parsing the server response. case cannotParseResponse(error: Error) + + /// Cannot send invalid request data to the server. case invalidRequestData + + /// Cannot refresh a token since it is missing refresh information. case missingRefreshSettings + + /// Request does not support the given content type. case unsupportedContentType(_ type: APIContentType) + + /// Received the given HTTP error from the server. case serverError(_ error: Error) + + /// Received the given HTTP response status code. case statusCode(_ statusCode: Int) + + /// Could not validate the received token. case validation(error: Error) + + /// An unknown HTTP error was encountered. case unknown } diff --git a/Sources/AuthFoundation/OAuth2/OAuth2Error.swift b/Sources/AuthFoundation/OAuth2/OAuth2Error.swift index fcaa4b3f4..bd5be679c 100644 --- a/Sources/AuthFoundation/OAuth2/OAuth2Error.swift +++ b/Sources/AuthFoundation/OAuth2/OAuth2Error.swift @@ -14,18 +14,43 @@ import Foundation /// Errors that may occur when interacting with OAuth2 endpoints. public enum OAuth2Error: Error { + /// Could not create an invalid URL. This typically means the string passed to `URL` was malformed. case invalidUrl + + /// Cannot compose a URL to authenticate with. case cannotComposeUrl + + /// An OAuth2 server error was reported, with the given values. case oauth2Error(code: String, description: String?, additionalKeys: [String: String]? = nil) + + /// A network error was encountered, encapsulating a ``APIClientError`` type describing the underlying error. case network(error: APIClientError) + + /// The given token type is missing. case missingToken(type: Token.Kind) + + /// Cannot perform an operation since the token is missing its client configuration. case missingClientConfiguration + + /// Could not verify the token's signature. case signatureInvalid + + /// Missing location header for token redirect. case missingLocationHeader + + /// Missing the given required response key in the OAuth2 redirect. case missingOAuth2ResponseKey(_ name: String) + + /// The given OpenID configuration attribute is missing. case missingOpenIdConfiguration(attribute: String) + + /// The given nested error was thrown. case error(_ error: Error) + + /// Cannot revoke the given token type. case cannotRevoke(type: Token.RevokeType) + + /// Multiple nested ``OAuth2Error`` errors were reported. case multiple(errors: [OAuth2Error]) } diff --git a/Sources/AuthFoundation/Resources/en.lproj/AuthFoundation.strings b/Sources/AuthFoundation/Resources/en.lproj/AuthFoundation.strings index da4407043..48eedb160 100644 --- a/Sources/AuthFoundation/Resources/en.lproj/AuthFoundation.strings +++ b/Sources/AuthFoundation/Resources/en.lproj/AuthFoundation.strings @@ -6,7 +6,6 @@ "cannot_parse_response_description" = "Cannot parse server response: %@"; "invalid_request_data_description" = "Cannot send invalid request data to the server."; "missing_refresh_settings_description" = "Cannot refresh a token since it is missing refresh information."; -"missing_client_configuration_description" = "Cannot revoke a token since it is missing its client configuration."; "unsupported_content_type_description" = "Request does not support %@ content."; "server_error_description" = "Received an error from the server: %@"; "status_code_description" = "Received HTTP %d response code."; @@ -14,6 +13,7 @@ "validation_error" = "Could not validate the received token."; /* OAuth2Error */ +"missing_client_configuration_description" = "Cannot perform an operation since the token is missing its client configuration."; "cannot_compose_url_description" = "Cannot compose a URL to authenticate with."; "oauth2_error_description" = "Authentication error: %@ (code %d)."; "oauth2_error_code_description" = "Authentication error code %@."; @@ -44,7 +44,7 @@ "jwt_signature_verification_unavailable" = "Signature verification is unavailable on this platform."; "jwt_unsupported_algorithm" = "Signing algorithm \"%@\" is unsupported."; "jwt_cannot_generate_hash" = "Cannot generate hash signature."; -"jwt_exceeds_max_age" = "Cannot generate hash signature."; +"jwt_exceeds_max_age" = "The token exceeds the supplied maximum age."; /* KeychainError */ "keychain_cannot_get" = "There was a failure getting a keychain item (%d)."; diff --git a/Sources/AuthFoundation/Security/KeychainError.swift b/Sources/AuthFoundation/Security/KeychainError.swift index a14c1fd03..12e18d839 100644 --- a/Sources/AuthFoundation/Security/KeychainError.swift +++ b/Sources/AuthFoundation/Security/KeychainError.swift @@ -16,17 +16,40 @@ import Foundation /// Describes errors that may occur when interacting with the keychain. public enum KeychainError: Error { + /// There was a failure getting a keychain item. case cannotGet(code: OSStatus) + + /// There was a failure getting a list of keychain items. case cannotList(code: OSStatus) + + /// There was a failure saving a keychain item. case cannotSave(code: OSStatus) + + /// There was a failure deleting a keychain item. case cannotDelete(code: OSStatus) + + /// There was a failure updating a keychain item. case cannotUpdate(code: OSStatus) + + /// The access control settings for this keychain item are invalid. case accessControlInvalid(code: OSStatus, description: String?) + + /// Could not find a keychain item. case notFound + + /// The returned keychain item is in an invalid format. case invalidFormat + + /// The keychain item has an invalid accessibility option set. case invalidAccessibilityOption + + /// The keychain item is missing an account name. case missingAccount + + /// The keychain item is missing its value data. case missingValueData + + /// The keychain item is missing required attributes. case missingAttribute } diff --git a/Sources/AuthFoundation/Token Management/TokenError.swift b/Sources/AuthFoundation/Token Management/TokenError.swift index ffb108696..d93ef17a5 100644 --- a/Sources/AuthFoundation/Token Management/TokenError.swift +++ b/Sources/AuthFoundation/Token Management/TokenError.swift @@ -14,10 +14,19 @@ import Foundation /// Describes errors that may occur when working with tokens. public enum TokenError: Error { + /// Context information related to this token is missing. This information is used to construct a ``OAuth2Client`` instance that could be used for this token. case contextMissing + + /// The token with the requested ID was not found. case tokenNotFound(id: String) + + /// Could not replace the token with its updated value. case cannotReplaceToken + + /// Could not add a new token, since a duplicate was found. case duplicateTokenAdded + + /// This token does not match the client configuration. This can only occur when a token's context does not match the ``OAuth2Client`` it is used with. case invalidConfiguration }