ValidationManager
class ValidationManager : IValidationManager
Manages the id token validation.
-
object that parses id token string
Declaration
Swift
private let idTokenParser: ITokenParser
-
object that manages jwks url data
Declaration
Swift
private let jwksUrlDataManager: IJwksUrlDataManager
-
object handles public key creation
Declaration
Swift
private let publicKeyCreator: IPublicKeyCreator
-
Initialises with objects that help to validate the id token string.
Declaration
Swift
init(tokenParser: ITokenParser = IdTokenParser(), jwksUrlDataManager: IJwksUrlDataManager = JwksUrlDataManager(), publicKeyCreator: IPublicKeyCreator = PublicKeyCreator())
Parameters
tokenParser
object that parses id token string
jwksUrlDataManager
object that manages jwks url data
publicKeyCreator
object handles public key creation
-
Validates the id token string
Declaration
Swift
func validate(idTokenString: String?, authorizationCode: String?, clientId: String, nonce: String, jwksUrl: URL, config: Config, error: inout NSError?) -> Bool
Parameters
idTokenString
String value obtained using AppAuth framework and passed for validation.
authorizationCode
String value obtained using AppAuth framework and passed for validation.
clientId
used for id token validation.
nonce
used for id token validation.
config
used for id token validation.
jwksUrl
URL which contains data needed for validation process.
error
An error which can occur during the validation, (it is passed as inout parameter so, its value can be set inside the function).
Return Value
Boolean value is returned, true on success or false on failure.
-
Validates the [IdTokenHeader] object.
Declaration
Swift
private func validateIdTokenHeader(_ header: IdTokenHeader, keyId: String) -> Bool
Parameters
header
[IdTokenHeader] object which is under validation.
keyId
String value which is obtained from jwks url. The header can be treated as valid if it’s keyId property is equal to the keyId property obtained from jwks url.
Return Value
Boolean value, true on success, false on failure.
-
Validates the [IdTokenPayload] object. The payload can be treated as valid if:
- it’s client id and audience properties are equal to the client id obtained from OIDAuthorizationResponse object;
- it’s nonce property is equal to the property obtained from OIDAuthorizationResponse object;
- it’s issuer property is equal to the domain value stored in config;
it’s expiration time property has the time which is after the current time.
Declaration
Swift
private func validateIdTokenPayload(_ payload: IdTokenPayload, clientId: String, nonce: String, config: Config) -> Bool
Parameters
payload
[IdTokenPayload] object which is under validation.
clientId
obtained from the OIDAuthorizationRequest object which contained inside the OIDAuthorizationResponse object.
nonce
obtained from the OIDAuthorizationRequest object which contained inside the OIDAuthorizationResponse object.
config
[Config] object that contains information required for the authentication.
Return Value
Boolean value, true on success, false on failure.
-
Validates the authorization code, The authorization code can be treated as valid if base64 encoded string of the first 16 bits of the hash value of it’s ASCII encoded data is equal to base64 encoded cHash string.
Declaration
Swift
private func validateAuthCode(_ authCode: String, cHash: String) -> Bool
Parameters
authCode
String value which is under validation.
cHash
String value which is obtained from [IdTokenPayload] object.
Return Value
Boolean value, true on success, false on failure.