feat: Support web-based LMS OAuth.

Authorization/Authorization/Presentation/AuthorizationAnalytics.swift

@@ -10,13 +10,16 @@ import Foundation
 public enum AuthMethod: Equatable {
     case password
     case socailAuth(SocialAuthMethod)
+    case webAuth
 
     public var analyticsValue: String {
         switch self {
         case .password:
             "Password"
         case .socailAuth(let socialAuthMethod):
             socialAuthMethod.rawValue
+        case .webAuth:
+            "WebAuth View"
         }
     }
 }

Authorization/Authorization/Presentation/Login/SignInViewModel.swift

@@ -13,12 +13,36 @@ import AuthenticationServices
 import FacebookLogin
 import GoogleSignIn
 import MSAL
+import OAuthSwift
+import SafariServices
+
+private class WebLoginSafariDelegate: NSObject, SFSafariViewControllerDelegate {
+    private let viewModel: SignInViewModel
+    public init(viewModel: SignInViewModel) {
+        self.viewModel = viewModel
+    }
+    func safariViewControllerDidFinish(_ controller: SFSafariViewController) {
+        /* Called when the 'Done' button is hit on the Safari Web view. In this case,
+        authentication would neither have failed nor succeeded, but we'd be back
+        at the SignInView. So, we make sure we mark it as attempted so the UI
+        renders. */
+        self.viewModel.markAttempted()
+    }
+}
 
 public class SignInViewModel: ObservableObject {
 
     @Published private(set) var isShowProgress = false
     @Published private(set) var showError: Bool = false
     @Published private(set) var showAlert: Bool = false
+    @Published private(set) var webLoginAttempted: Bool = false
+
+    var useWebLogin: Bool {
+        return config.webLogin
+    }
+    var forceWebLogin: Bool {
+        return config.webLogin && !webLoginAttempted
+    }
     var errorMessage: String? {
         didSet {
             withAnimation {
@@ -33,13 +57,16 @@ public class SignInViewModel: ObservableObject {
             }
         }
     }
+    var oauthswift: OAuth2Swift?
 
     let router: AuthorizationRouter
     let config: ConfigProtocol
     private let interactor: AuthInteractorProtocol
     private let analytics: AuthorizationAnalytics
     private let validator: Validator
 
+    private var safariDelegate: WebLoginSafariDelegate?
+
     public init(
         interactor: AuthInteractorProtocol,
         router: AuthorizationRouter,
@@ -61,6 +88,56 @@ public class SignInViewModel: ObservableObject {
         config.google.enabled
     }
 
+    @MainActor
+    func login(viewController: UIViewController) async {
+        /* OAuth web login. Used when we cannot use the built-in login form,
+        but need to let the LMS redirect us to the authentication provider.
+        
+        An example service where this is needed is something like Auth0, which
+        redirects from the LMS to its own login page. That login page then redirects
+        back to the LMS for the issuance of a token that can be used for making
+        requests to the LMS, and then back to the redirect URL for the app. */
+        self.safariDelegate = WebLoginSafariDelegate(viewModel: self)
+        oauthswift = OAuth2Swift(
+            consumerKey: config.oAuthClientId,
+            consumerSecret: "", // No secret required
+            authorizeUrl: "\(config.baseURL)/oauth2/authorize/",
+            accessTokenUrl: "\(config.baseURL)/oauth2/access_token/",
+            responseType: "code"
+        )
+
+        oauthswift!.allowMissingStateCheck = true
+        let handler = SafariURLHandler(
+            viewController: viewController, oauthSwift: oauthswift!
+        )
+        handler.delegate = self.safariDelegate
+        oauthswift!.authorizeURLHandler = handler
+
+        // Trigger OAuth2 dance
+        guard let rwURL = URL(string: "\(Bundle.main.bundleIdentifier ?? "")://oauth2Callback") else { return }
+        oauthswift!.authorize(withCallbackURL: rwURL, scope: "", state: "") { result in
+            switch result {
+            case .success(let thing):
+                Task {
+                    self.webLoginAttempted = true
+                    let user = try await self.interactor.login(credential: thing.credential)
+                    self.analytics.setUserID("\(user.id)")
+                    self.analytics.userLogin(method: .webAuth)
+                    self.router.showMainOrWhatsNewScreen()
+                }
+                // Do your request
+            case .failure(let error):
+                self.webLoginAttempted = true
+                self.isShowProgress = false
+                self.errorMessage = error.localizedDescription
+            }
+        }
+    }
+
+    public func markAttempted() {
+        self.webLoginAttempted = true
+    }
+
     @MainActor
     func login(username: String, password: String) async {
         guard validator.isValidUsername(username) else {

Core/Core/Configuration/Config/Config.swift

@@ -11,6 +11,7 @@ public protocol ConfigProtocol {
     var baseURL: URL { get }
     var oAuthClientId: String { get }
     var tokenType: TokenType { get }
+    var webLogin: Bool { get }
     var feedbackEmail: String { get }
     var appStoreLink: String { get }
     var platformName: String { get }
@@ -33,6 +34,7 @@ private enum ConfigKeys: String {
     case baseURL = "API_HOST_URL"
     case oAuthClientID = "OAUTH_CLIENT_ID"
     case tokenType = "TOKEN_TYPE"
+    case webLogin = "WEB_LOGIN"
     case feedbackEmailAddress = "FEEDBACK_EMAIL_ADDRESS"
     case environmentDisplayName = "ENVIRONMENT_DISPLAY_NAME"
     case platformName = "PLATFORM_NAME"
@@ -122,6 +124,10 @@ extension Config: ConfigProtocol {
         return tokenType
     }
 
+    public var webLogin: Bool {
+        return bool(for: ConfigKeys.webLogin.rawValue)
+    }
+
     public var feedbackEmail: String {
         return string(for: ConfigKeys.feedbackEmailAddress.rawValue) ?? ""
     }

Core/Core/Data/Repository/AuthRepository.swift

@@ -6,8 +6,10 @@
 //
 
 import Foundation
+import OAuthSwift
 
 public protocol AuthRepositoryProtocol {
+    func login(credential: OAuthSwiftCredential) async throws -> User
     func login(username: String, password: String) async throws -> User
     func login(externalToken: String, backend: String) async throws -> User
     func getCookies(force: Bool) async throws
@@ -29,6 +31,17 @@ public class AuthRepository: AuthRepositoryProtocol {
         self.config = config
     }
 
+    public func login(credential: OAuthSwiftCredential) async throws -> User {
+        // Login for when we have the accessToken and refreshToken directly, like from web-view
+        // OAuth logins.
+        appStorage.cookiesDate = nil
+        appStorage.accessToken = credential.oauthToken
+        appStorage.refreshToken = credential.oauthRefreshToken
+        let user = try await api.requestData(AuthEndpoint.getUserInfo).mapResponse(DataLayer.User.self)
+        appStorage.user = user
+        return user.domain
+    }
+
     public func login(username: String, password: String) async throws -> User {
         appStorage.cookiesDate = nil
         let endPoint = AuthEndpoint.getAccessToken(
@@ -130,6 +143,11 @@ public class AuthRepository: AuthRepositoryProtocol {
 // Mark - For testing and SwiftUI preview
 #if DEBUG
 class AuthRepositoryMock: AuthRepositoryProtocol {
+
+    func login(credential: OAuthSwiftCredential) async throws -> User {
+        User(id: 1, username: "User", email: "[email protected]", name: "User Name", userAvatar: "")
+    }
+
     func login(username: String, password: String) async throws -> User {
         User(id: 1, username: "User", email: "[email protected]", name: "User Name", userAvatar: "")
     }

Core/Core/Domain/AuthInteractor.swift

@@ -6,10 +6,12 @@
 //
 
 import Foundation
+import OAuthSwift
 
 //sourcery: AutoMockable
 public protocol AuthInteractorProtocol {
     @discardableResult
+    func login(credential: OAuthSwiftCredential) async throws -> User
     func login(username: String, password: String) async throws -> User
     @discardableResult
     func login(externalToken: String, backend: String) async throws -> User
@@ -27,6 +29,11 @@ public class AuthInteractor: AuthInteractorProtocol {
         self.repository = repository
     }
 
+    @discardableResult
+    public func login(credential: OAuthSwiftCredential) async throws -> User {
+        return try await repository.login(credential: credential)
+    }
+
     @discardableResult
     public func login(username: String, password: String) async throws -> User {
         return try await repository.login(username: username, password: password)

Core/Core/SwiftGen/Assets.swift

@@ -81,6 +81,7 @@ public enum CoreAssets {
   public static let rotateDevice = ImageAsset(name: "rotateDevice")
   public static let sub = ImageAsset(name: "sub")
   public static let alarm = ImageAsset(name: "alarm")
+  public static let appLogo = ImageAsset(name: "appLogo")
   public static let arrowLeft = ImageAsset(name: "arrowLeft")
   public static let arrowRight16 = ImageAsset(name: "arrowRight16")
   public static let certificate = ImageAsset(name: "certificate")

OpenEdX/AppDelegate.swift

@@ -16,6 +16,7 @@ import GoogleSignIn
 import FacebookCore
 import MSAL
 import Theme
+import OAuthSwift
 
 @UIApplicationMain
 class AppDelegate: UIResponder, UIApplicationDelegate {
@@ -69,6 +70,10 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
         _ app: UIApplication,
         open url: URL, options: [UIApplication.OpenURLOptionsKey: Any] = [:]
     ) -> Bool {
+        if url.host == "oauth2Callback" {
+          // TODO: Update to better match the other OAuth redirect behaviors
+          OAuthSwift.handle(url: url)
+        }
         if let config = Container.shared.resolve(ConfigProtocol.self) {
             if config.facebook.enabled {
                 ApplicationDelegate.shared.application(

OpenEdX/Info.plist

@@ -2,6 +2,19 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>CFBundleURLTypes</key>
+	<array>
+		<dict>
+			<key>CFBundleTypeRole</key>
+			<string>Editor</string>
+			<key>CFBundleURLName</key>
+			<string></string>
+			<key>CFBundleURLSchemes</key>
+			<array>
+				<string>${PRODUCT_BUNDLE_IDENTIFIER}</string>
+			</array>
+		</dict>
+	</array>
 	<key>Configuration</key>
 	<string>$(CONFIGURATION)</string>
 	<key>FirebaseAppDelegateProxyEnabled</key>

OpenEdX/RouteController.swift

@@ -49,12 +49,20 @@ class RouteController: UIViewController {
             present(navigation, animated: false)
         } else {
             let controller = UIHostingController(
-                rootView: SignInView(viewModel: diContainer.resolve(SignInViewModel.self)!)
+                rootView: SignInView(viewModel: diContainer.resolve(SignInViewModel.self)!, navigationController: self.navigation)
             )
             navigation.viewControllers = [controller]
             present(navigation, animated: false)
         }
     }
+
+    private func showAuthorization() {
+        let controller = UIHostingController(
+            rootView: SignInView(viewModel: diContainer.resolve(SignInViewModel.self)!, navigationController: self.navigation)
+        )
+        navigation.viewControllers = [controller]
+        present(navigation, animated: false)
+    }
 
     private func showMainOrWhatsNewScreen() {
         var storage = Container.shared.resolve(WhatsNewStorage.self)!

OpenEdX/Router.swift

@@ -83,7 +83,10 @@ public class Router: AuthorizationRouter,
     }
 
     public func showLoginScreen() {
-        let view = SignInView(viewModel: Container.shared.resolve(SignInViewModel.self)!)
+        let view = SignInView(
+            viewModel: Container.shared.resolve(SignInViewModel.self)!,
+            navigationController: self.navigationController
+        )
         let controller = UIHostingController(rootView: view)
         navigationController.pushViewController(controller, animated: true)
     }
@@ -94,7 +97,10 @@ public class Router: AuthorizationRouter,
             let controller = UIHostingController(rootView: view)
             navigationController.setViewControllers([controller], animated: true)
         } else {
-            let view = SignInView(viewModel: Container.shared.resolve(SignInViewModel.self)!)
+            let view = SignInView(
+                viewModel: Container.shared.resolve(SignInViewModel.self)!,
+                navigationController: navigationController
+            )
             let controller = UIHostingController(rootView: view)
             navigationController.setViewControllers([controller], animated: false)
         }

Podfile

@@ -28,6 +28,7 @@ abstract_target "App" do
     pod 'SwiftUIIntrospect', '~> 0.8'
     pod 'Kingfisher', '~> 7.8'
     pod 'Swinject', '2.8.3'
+    pod 'OAuthSwift', '~> 2.2.0'
   end
 
   target "Authorization" do