Release 1.6.0

OktaAuthFoundation.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
     s.name             = "OktaAuthFoundation"
     s.module_name      = "AuthFoundation"
-    s.version          = "1.5.0"
+    s.version          = "1.6.0"
     s.summary          = "Okta Authentication Foundation"
     s.description      = <<-DESC
 Provides the foundation and common features used to authenticate users, managing the lifecycle and storage of tokens and credentials, and provide a base for other Okta SDKs to build upon.

OktaDirectAuth.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
     s.name             = "OktaDirectAuth"
-    s.version          = "1.5.0"
+    s.version          = "1.6.0"
     s.summary          = "Okta Direct Authentication"
     s.description      = <<-DESC
 Enables application developers to build native sign in experiences using the Okta Direct Authentication API.

OktaOAuth2.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
     s.name             = "OktaOAuth2"
-    s.version          = "1.5.0"
+    s.version          = "1.6.0"
     s.summary          = "Okta OAuth2 Authentication"
     s.description      = <<-DESC
 Enables application developers to authenticate users utilizing a variety of OAuth2 authentication flows.

OktaWebAuthenticationUI.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
     s.name             = "OktaWebAuthenticationUI"
     s.module_name      = "WebAuthenticationUI"
-    s.version          = "1.5.0"
+    s.version          = "1.6.0"
     s.summary          = "Okta Web Authentication UI"
     s.description      = <<-DESC
 Authenticate users using web-based OIDC.

README.md

@@ -26,7 +26,7 @@ This library uses semantic versioning and follows Okta's [Library Version Policy
 
 | Version | Status                             |
 | ------- | ---------------------------------- |
-| 1.5.0   | ✔️ Stable                             |
+| 1.6.0   | ✔️ Stable                             |
 
 The latest release can always be found on the [releases page][github-releases].
 

Sources/AuthFoundation/JWT/JWTError.swift

@@ -14,23 +14,58 @@ import Foundation
 
 /// Describes errors that may occur with parsing or validating JWT tokens.
 public enum JWTError: Error, Equatable {
+    /// The token is invalid (incorrect Base64 encoding).
     case invalidBase64Encoding
+
+    /// The token is not structured correctly.
     case badTokenStructure
+
+    /// The token's issuer is either not well-formed, or does not match.
     case invalidIssuer
+
+    /// The token's audience does not match.
     case invalidAudience
+
+    /// The token's subject is missing or is invalid.
     case invalidSubject
+
+    /// The token's authentication time is missing or is invalid.
     case invalidAuthenticationTime
+
+    /// Token issuer addresses must use HTTPS.
     case issuerRequiresHTTPS
+
+    /// The token's signing algorithm is invalid or unsupported.
     case invalidSigningAlgorithm
+
+    /// The token has expired.
     case expired
+
+    /// This token was issued at a time that exceeds the allowed grace interval.
     case issuedAtTimeExceedsGraceInterval
+
+    /// The nonce value does not match the value expected.
     case nonceMismatch
+
+    /// Cannot create a public key with the information supplied from the server.
     case cannotCreateKey(code: OSStatus, description: String?)
+
+    /// Invalid key data.
     case invalidKey
+
+    /// The indicated signing algorithm is unsupported.
     case unsupportedAlgorithm(_ algorithm: JWK.Algorithm)
+
+    /// Cannot generate hash signature.
     case cannotGenerateHash
+
+    /// Signature verification is unavailable on this platform, e.g. Linux.
     case signatureVerificationUnavailable
+
+    /// Token signature is invalid.
     case signatureInvalid
+
+    /// The given token exceeds the supplied maximum age.
     case exceedsMaxAge
 }
 

Sources/AuthFoundation/Network/APIClientError.swift

@@ -14,16 +14,37 @@ import Foundation
 
 /// Errors that may occur at the API or network level.
 public enum APIClientError: Error {
+    /// Could not create an invalid URL. This typically means the string passed to `URL` was malformed.
     case invalidUrl
+
+    /// No response received from the server.
     case missingResponse
+
+    /// Did not receive an HTTP response.
     case invalidResponse
+
+    /// An error occurred while parsing the server response.
     case cannotParseResponse(error: Error)
+
+    /// Cannot send invalid request data to the server.
     case invalidRequestData
+
+    /// Cannot refresh a token since it is missing refresh information.
     case missingRefreshSettings
+
+    /// Request does not support the given content type.
     case unsupportedContentType(_ type: APIContentType)
+
+    /// Received the given HTTP error from the server.
     case serverError(_ error: Error)
+
+    /// Received the given HTTP response status code.
     case statusCode(_ statusCode: Int)
+
+    /// Could not validate the received token.
     case validation(error: Error)
+
+    /// An unknown HTTP error was encountered.
     case unknown
 }
 

Sources/AuthFoundation/OAuth2/OAuth2Error.swift

@@ -14,18 +14,43 @@ import Foundation
 
 /// Errors that may occur when interacting with OAuth2 endpoints.
 public enum OAuth2Error: Error {
+    /// Could not create an invalid URL. This typically means the string passed to `URL` was malformed.
     case invalidUrl
+
+    /// Cannot compose a URL to authenticate with.
     case cannotComposeUrl
+
+    /// An OAuth2 server error was reported, with the given values.
     case oauth2Error(code: String, description: String?, additionalKeys: [String: String]? = nil)
+
+    /// A network error was encountered, encapsulating a ``APIClientError`` type describing the underlying error.
     case network(error: APIClientError)
+
+    /// The given token type is missing.
     case missingToken(type: Token.Kind)
+
+    /// Cannot perform an operation since the token is missing its client configuration.
     case missingClientConfiguration
+
+    /// Could not verify the token's signature.
     case signatureInvalid
+
+    /// Missing location header for token redirect.
     case missingLocationHeader
+
+    /// Missing the given required response key in the OAuth2 redirect.
     case missingOAuth2ResponseKey(_ name: String)
+
+    /// The given OpenID configuration attribute is missing.
     case missingOpenIdConfiguration(attribute: String)
+
+    /// The given nested error was thrown.
     case error(_ error: Error)
+
+    /// Cannot revoke the given token type.
     case cannotRevoke(type: Token.RevokeType)
+
+    /// Multiple nested ``OAuth2Error`` errors were reported.
     case multiple(errors: [OAuth2Error])
 }
 

Sources/AuthFoundation/Resources/en.lproj/AuthFoundation.strings

@@ -6,14 +6,14 @@
 "cannot_parse_response_description" = "Cannot parse server response: %@";
 "invalid_request_data_description" = "Cannot send invalid request data to the server.";
 "missing_refresh_settings_description" = "Cannot refresh a token since it is missing refresh information.";
-"missing_client_configuration_description" = "Cannot revoke a token since it is missing its client configuration.";
 "unsupported_content_type_description" = "Request does not support %@ content.";
 "server_error_description" = "Received an error from the server: %@";
 "status_code_description" = "Received HTTP %d response code.";
 "unknown_description" = "An unknown error was encountered.";
 "validation_error" = "Could not validate the received token.";
 
 /* OAuth2Error */
+"missing_client_configuration_description" = "Cannot perform an operation since the token is missing its client configuration.";
 "cannot_compose_url_description" = "Cannot compose a URL to authenticate with.";
 "oauth2_error_description" = "Authentication error: %@ (code %d).";
 "oauth2_error_code_description" = "Authentication error code %@.";
@@ -44,7 +44,7 @@
 "jwt_signature_verification_unavailable" = "Signature verification is unavailable on this platform.";
 "jwt_unsupported_algorithm" = "Signing algorithm \"%@\" is unsupported.";
 "jwt_cannot_generate_hash" = "Cannot generate hash signature.";
-"jwt_exceeds_max_age" = "Cannot generate hash signature.";
+"jwt_exceeds_max_age" = "The token exceeds the supplied maximum age.";
 
 /* KeychainError */
 "keychain_cannot_get" = "There was a failure getting a keychain item (%d).";

Sources/AuthFoundation/Security/KeychainError.swift

@@ -16,17 +16,40 @@ import Foundation
 
 /// Describes errors that may occur when interacting with the keychain.
 public enum KeychainError: Error {
+    /// There was a failure getting a keychain item.
     case cannotGet(code: OSStatus)
+
+    /// There was a failure getting a list of keychain items.
     case cannotList(code: OSStatus)
+
+    /// There was a failure saving a keychain item.
     case cannotSave(code: OSStatus)
+
+    /// There was a failure deleting a keychain item.
     case cannotDelete(code: OSStatus)
+
+    /// There was a failure updating a keychain item.
     case cannotUpdate(code: OSStatus)
+
+    /// The access control settings for this keychain item are invalid.
     case accessControlInvalid(code: OSStatus, description: String?)
+
+    /// Could not find a keychain item.
     case notFound
+
+    /// The returned keychain item is in an invalid format.
     case invalidFormat
+
+    /// The keychain item has an invalid accessibility option set.
     case invalidAccessibilityOption
+
+    /// The keychain item is missing an account name.
     case missingAccount
+
+    /// The keychain item is missing its value data.
     case missingValueData
+
+    /// The keychain item is missing required attributes.
     case missingAttribute
 }
 

Sources/AuthFoundation/Token Management/TokenError.swift

@@ -14,10 +14,19 @@ import Foundation
 
 /// Describes errors that may occur when working with tokens.
 public enum TokenError: Error {
+    /// Context information related to this token is missing. This information is used to construct a ``OAuth2Client`` instance that could be used for this token.
     case contextMissing
+
+    /// The token with the requested ID was not found.
     case tokenNotFound(id: String)
+
+    /// Could not replace the token with its updated value.
     case cannotReplaceToken
+
+    /// Could not add a new token, since a duplicate was found.
     case duplicateTokenAdded
+
+    /// This token does not match the client configuration. This can only occur when a token's context does not match the ``OAuth2Client`` it is used with.
     case invalidConfiguration
 }
 

Sources/AuthFoundation/Version.swift

@@ -13,5 +13,5 @@
 import Foundation
 
 // swiftlint:disable identifier_name
-public let Version = SDKVersion(sdk: "okta-authfoundation-swift", version: "1.5.0")
+public let Version = SDKVersion(sdk: "okta-authfoundation-swift", version: "1.6.0")
 // swiftlint:enable identifier_name

Sources/OktaDirectAuth/Version.swift

@@ -13,5 +13,5 @@
 @_exported import AuthFoundation
 
 // swiftlint:disable identifier_name
-public let Version = SDKVersion(sdk: "okta-directauth-swift", version: "1.5.0")
+public let Version = SDKVersion(sdk: "okta-directauth-swift", version: "1.6.0")
 // swiftlint:enable identifier_name

Sources/OktaOAuth2/Version.swift

@@ -13,5 +13,5 @@
 @_exported import AuthFoundation
 
 // swiftlint:disable identifier_name
-public let Version = SDKVersion(sdk: "okta-oauth2-swift", version: "1.5.0")
+public let Version = SDKVersion(sdk: "okta-oauth2-swift", version: "1.6.0")
 // swiftlint:enable identifier_name

Sources/WebAuthenticationUI/Version.swift

@@ -14,5 +14,5 @@ import Foundation
 import AuthFoundation
 
 // swiftlint:disable identifier_name
-public let Version = SDKVersion(sdk: "okta-webauthenticationui-swift", version: "1.5.0")
+public let Version = SDKVersion(sdk: "okta-webauthenticationui-swift", version: "1.6.0")
 // swiftlint:enable identifier_name