okta · mikenachbaur-okta · Feb 13, 2025 · Dec 10, 2024 · Dec 11, 2024 · Dec 11, 2024
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,6 +1,7 @@
 version: 2.1
 
 orbs:
+  platform-helpers: okta/platform-helpers@1
   general-platform-helpers: okta/general-platform-helpers@1.9
   macos: circleci/macos@2
 
@@ -203,7 +204,6 @@ jobs:
       - run:
           name: run swift package show dependencies
           command: swift package show-dependencies
-      - general-platform-helpers/step-load-dependencies
       - general-platform-helpers/step-run-snyk-monitor:
           scan-all-projects: true
           skip-unresolved: false
@@ -234,9 +234,8 @@ workflows:
 
   semgrep:
     jobs:
-      - general-platform-helpers/job-semgrep-scan:
+      - platform-helpers/job-semgrep-scan:
           name: semgrep-scan
-          resource-class: medium
           context:
             - static-analysis
 

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -30,7 +30,7 @@ jobs:
     strategy:
       matrix:
         os: [macos-latest-large, ubuntu-latest]
-        swift_version: ["5.9", "5.10"]
+        swift_version: ["5.10"]
     runs-on: ${{ matrix.os }}
     timeout-minutes: 10
     steps:

diff --git a/OktaAuthFoundation.podspec b/OktaAuthFoundation.podspec
@@ -25,5 +25,5 @@ Provides the foundation and common features used to authenticate users, managing
     s.source        = { :git => "https://github.com/okta/okta-mobile-swift.git", :tag => s.version.to_s }
     s.source_files  = "Sources/AuthFoundation/**/*.swift"
     s.resource_bundles = { "AuthFoundation" => "Sources/AuthFoundation/Resources/**/*" }
-    s.swift_version = "5.9"
+    s.swift_version = "5.10"
 end
diff --git a/OktaDirectAuth.podspec b/OktaDirectAuth.podspec
@@ -24,7 +24,7 @@ Enables application developers to build native sign in experiences using the Okt
     s.source        = { :git => "https://github.com/okta/okta-mobile-swift.git", :tag => s.version.to_s }
     s.source_files  = "Sources/OktaDirectAuth/**/*.swift"
     s.resource_bundles = { "OktaDirectAuth" => "Sources/OktaDirectAuth/Resources/**/*" }
-    s.swift_version = "5.9"
+    s.swift_version = "5.10"
 
     s.dependency "OktaAuthFoundation", "#{s.version.to_s}"
 end
diff --git a/OktaOAuth2.podspec b/OktaOAuth2.podspec
@@ -24,7 +24,7 @@ Enables application developers to authenticate users utilizing a variety of OAut
     s.source        = { :git => "https://github.com/okta/okta-mobile-swift.git", :tag => s.version.to_s }
     s.source_files  = "Sources/OktaOAuth2/**/*.swift"
     s.resource_bundles = { "OktaOAuth2" => "Sources/OktaOAuth2/Resources/**/*" }
-    s.swift_version = "5.9"
+    s.swift_version = "5.10"
 
     s.dependency "OktaAuthFoundation", "#{s.version.to_s}"
 end
diff --git a/OktaWebAuthenticationUI.podspec b/OktaWebAuthenticationUI.podspec
@@ -21,7 +21,7 @@ Authenticate users using web-based OIDC.
     s.source        = { :git => "https://github.com/okta/okta-mobile-swift.git", :tag => s.version.to_s }
     s.source_files  = "Sources/WebAuthenticationUI/**/*.swift"
     s.resource_bundles = { "WebAuthenticationUI" => "Sources/WebAuthenticationUI/Resources/**/*" }
-    s.swift_version = "5.9"
+    s.swift_version = "5.10"
 
     s.dependency "OktaAuthFoundation", "#{s.version.to_s}"
     s.dependency "OktaOAuth2", "#{s.version.to_s}"

diff --git a/Package.swift b/Package.swift
@@ -1,4 +1,4 @@
-// swift-tools-version:5.9
+// swift-tools-version:5.10
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
@@ -48,7 +48,10 @@ var package = Package(
                 path: "Tests/TestCommon"),
         .testTarget(name: "AuthFoundationTests",
                     dependencies: ["AuthFoundation", "TestCommon"],
-                    resources: [ .copy("MockResponses") ]),
+                    resources: [
+                        .copy("MockResponses"),
+                        .copy("ConfigResources"),
+                    ]),
         .testTarget(name: "OktaOAuth2Tests",
                     dependencies: ["OktaOAuth2", "TestCommon"],
                     resources: [ .copy("MockResponses") ]),

diff --git a/Samples/AuthenticationFlows.swift b/Samples/AuthenticationFlows.swift
@@ -32,9 +32,9 @@ func signInWithWebUsingCustomConfiguration() async throws {
         throw SampleError.invalidUrl
     }
 
-    let auth = WebAuthentication(issuer: issuerUrl,
+    let auth = WebAuthentication(issuerURL: issuerUrl,
                                  clientId: clientId,
-                                 scopes: "openid profile email offline_access device_sso",
+                                 scope: "openid profile email offline_access device_sso",
                                  redirectUri: redirectUrl)
 
     // Sign in using the above configuration
@@ -51,9 +51,9 @@ func signInUsingAuthorizationCode() async throws {
         throw SampleError.invalidUrl
     }
 
-    let flow = AuthorizationCodeFlow(issuer: issuerUrl,
+    let flow = AuthorizationCodeFlow(issuerURL: issuerUrl,
                                      clientId: clientId,
-                                     scopes: "openid profile email offline_access",
+                                     scope: "openid profile email offline_access",
                                      redirectUri: redirectUrl)
 
     // Initiate the auth flow, and get the URL to present to the user
@@ -74,9 +74,9 @@ func signInUsingResourceOwner(username: String, password: String) async throws {
         throw SampleError.invalidUrl
     }
 
-    let flow = ResourceOwnerFlow(issuer: issuerUrl,
+    let flow = ResourceOwnerFlow(issuerURL: issuerUrl,
                                  clientId: clientId,
-                                 scopes: "openid profile email offline_access")
+                                 scope: "openid profile email offline_access")
 
     // Sign in using a username & password
     let token = try await flow.start(username: username, password: password)
@@ -91,9 +91,9 @@ func signInUsingDeviceSSO(deviceToken: String, idToken: String) async throws {
     }
 
     // Create the flow
-    let flow = TokenExchangeFlow(issuer: issuerUrl,
+    let flow = TokenExchangeFlow(issuerURL: issuerUrl,
                                  clientId: clientId,
-                                 scopes: "openid profile offline_access",
+                                 scope: "openid profile offline_access",
                                  audience: .default)
 
     // Exchange the ID and Device tokens for access tokens.

diff --git a/Samples/ClassicNativeAuth/ClassicNativeAuth (iOS)/SignInViewController.swift b/Samples/ClassicNativeAuth/ClassicNativeAuth (iOS)/SignInViewController.swift
@@ -72,7 +72,7 @@ class NativeSignInViewController: UIViewController {
     @IBAction func signIn(_ sender: Any) {
         guard let username = usernameField.text,
               let password = passwordField.text,
-              let issuer = config?.issuer
+              let issuer = config?.issuerURL
         else {
             show("Invalid username or password")
             return

diff --git a/Samples/DeviceAuthSignIn/DeviceAuthSignIn (iOS)/ViewController+iOSExtension.swift b/Samples/DeviceAuthSignIn/DeviceAuthSignIn (iOS)/ViewController+iOSExtension.swift
@@ -15,7 +15,7 @@ import SafariServices
 
 extension ViewController {
     @IBAction func openBrowser(_ sender: Any) {
-        guard let url = flow?.context?.verificationUriComplete else { return }
+        guard let url = flow?.context?.verification?.verificationUriComplete else { return }
         let browser = SFSafariViewController(url: url)
         present(browser, animated: true)
     }

diff --git a/Samples/DeviceAuthSignIn/DeviceAuthSignIn (tvOS)/DeviceAuthSignIn/ViewController.swift b/Samples/DeviceAuthSignIn/DeviceAuthSignIn (tvOS)/DeviceAuthSignIn/ViewController.swift
@@ -38,9 +38,9 @@ class ViewController: UIViewController {
         if !domain.isEmpty,
            let issuerUrl = URL(string: "https://\(domain)")
         {
-            flow = DeviceAuthorizationFlow(issuer: issuerUrl,
+            flow = DeviceAuthorizationFlow(issuerURL: issuerUrl,
                                            clientId: clientId,
-                                           scopes: "openid profile email offline_access")
+                                           scope: "openid profile email offline_access")
         } else {
             DispatchQueue.main.async {
                 let alert = UIAlertController(title: "Client not configured", message: "Please update ViewController.swift", preferredStyle: .alert)
@@ -83,7 +83,7 @@ class ViewController: UIViewController {
         present(alert, animated: true)
     }
 
-    func show(_ context: DeviceAuthorizationFlow.Context) {
+    func show(_ context: DeviceAuthorizationFlow.Verification) {
         update(prompt: context.verificationUri)
         update(qrCode: context.verificationUriComplete)
         update(code: context.userCode)
@@ -94,7 +94,7 @@ class ViewController: UIViewController {
             openAuthenticationButton?.isHidden = false
         }
 
-        flow?.resume(with: context) { result in
+        flow?.resume { result in
             DispatchQueue.main.async {
                 switch result {
                 case .failure(let error):

diff --git a/Samples/DirectAuthSignIn/DirectAuthSignIn/ContinuationView.swift b/Samples/DirectAuthSignIn/DirectAuthSignIn/ContinuationView.swift
@@ -11,7 +11,7 @@
 //
 
 import SwiftUI
-import OktaDirectAuth
+@testable import OktaDirectAuth
 
 extension SignInView {
     struct ContinuationView: View {
@@ -30,40 +30,41 @@ extension SignInView {
             }
         }
 
+        var continuationType: DirectAuthenticationFlow.ContinuationType? {
+            guard case let .continuation(continuationType) = status else {
+                return nil
+            }
+
+            return continuationType
+        }
+
         @Binding var error: Error?
         @Binding var hasError: Bool
 
         var body: some View {
-            VStack {
-                Text("Please continue authenticating.")
-                    .padding(25)
-
-                VStack(alignment: .leading, spacing: 1) {
-                    Picker(selection: $selectedFactor, label: EmptyView()) {
-                        ForEach(SignInView.Factor.continuationFactors, id: \.self) {
-                            Text($0.title)
-                        }
-                    }.pickerStyle(.menu)
-                        .accessibilityIdentifier("factor_type_button")
-                        .padding(.horizontal, -10)
-                        .padding(.vertical, -4)
-
-                    if selectedFactor == .code {
-                        TextField("123456", text: $verificationCode)
-                            .textContentType(.oneTimeCode)
-                            .accessibilityIdentifier("verification_code_button")
-                            .padding(10)
-                            .overlay {
-                                RoundedRectangle(cornerRadius: 6)
-                                    .stroke(.secondary, lineWidth: 1)
-                            }
+            switch continuationType {
+            case .webAuthn(_):
+                Text("Ignoring WebAuthn type")
+                    .padding()
+            case .transfer(_, let code):
+                VStack(alignment: .center, spacing: 8) {
+                    Text("Use the verification code")
+                        .font(.headline)
+                        .multilineTextAlignment(.center)
+                    if #available(iOS 16.0, *) {
+                        Text(code)
+                            .font(.system(.largeTitle, design: .monospaced, weight: .black))
+                            .multilineTextAlignment(.center)
+                    } else {
+                        Text(code)
+                            .font(.largeTitle)
+                            .multilineTextAlignment(.center)
                     }
-
-                    if let factor = factor {
-                        Button("Continue") {
+                    ProgressView()
+                        .onAppear {
                             Task {
                                 do {
-                                    status = try await flow.resume(status, with: factor)
+                                    status = try await flow.resume(with: .transfer)
                                     if case let .success(token) = status {
                                         Credential.default = try Credential.store(token)
                                     }
@@ -73,12 +74,72 @@ extension SignInView {
                                 }
                             }
                         }
-                        .accessibilityIdentifier("signin_button")
+                }
+            case .prompt(_):
+                VStack(alignment: .leading, spacing: 8) {
+                    Text("Verification code:")
                         .font(.headline)
-                        .buttonStyle(.borderedProminent)
+                        .multilineTextAlignment(.center)
+                    TextField("123456", text: $verificationCode)
+                        .textContentType(.oneTimeCode)
+                        .accessibilityIdentifier("verification_code_button")
+                        .padding(10)
+                        .overlay {
+                            RoundedRectangle(cornerRadius: 6)
+                                .stroke(.secondary, lineWidth: 1)
+                        }
+
+                    Button("Continue") {
+                        Task {
+                            do {
+                                status = try await flow.resume(with: .prompt(code: verificationCode))
+                                if case let .success(token) = status {
+                                    Credential.default = try Credential.store(token)
+                                }
+                            } catch {
+                                self.error = error
+                                self.hasError = true
+                            }
+                        }
                     }
+                    .accessibilityIdentifier("signin_button")
+                    .font(.headline)
+                    .buttonStyle(.borderedProminent)
                 }.padding()
+            case nil:
+                Text("Invalid status type")
+                    .padding()
             }
         }
     }
 }
+
+extension DirectAuthenticationFlow.ContinuationType {
+    static let previewTransfer: Self = .transfer(
+        .init(oobResponse: .init(oobCode: "OOBCODE", expiresIn: 600, interval: 10, channel: .push, bindingMethod: .transfer), mfaContext: nil),
+        code: "73")
+    static let previewPrompt: Self = .prompt(.init(oobResponse: .init(oobCode: "OOBCODE", expiresIn: 600, interval: 10, channel: .push, bindingMethod: .transfer), mfaContext: nil))
+}
+
+#Preview {
+    struct Preview: View {
+        var flow = DirectAuthenticationFlow(
+            // swiftlint:disable:next force_unwrapping
+            issuerURL: URL(string: "https://example.com/")!,
+            clientId: "clientid",
+            scope: "scopes")
+        @State var error: Error?
+        @State var hasError: Bool = false
+        @State var continuationType: DirectAuthenticationFlow.ContinuationType = .previewPrompt
+
+        var body: some View {
+            SignInView.ContinuationView(
+                flow: flow,
+                status: .continuation(continuationType),
+                error: $error,
+                hasError: $hasError)
+        }
+    }
+
+    return Preview()
+}
diff --git a/Samples/DirectAuthSignIn/DirectAuthSignIn/SecondaryView.swift b/Samples/DirectAuthSignIn/DirectAuthSignIn/SecondaryView.swift
@@ -71,7 +71,7 @@ extension SignInView {
                         Button("Continue") {
                             Task {
                                 do {
-                                    status = try await flow.resume(status, with: factor)
+                                    status = try await flow.resume(with: factor)
                                     if case let .success(token) = status {
                                         Credential.default = try Credential.store(token)
                                     }

diff --git a/Samples/DirectAuthSignIn/DirectAuthSignIn/SignInView.swift b/Samples/DirectAuthSignIn/DirectAuthSignIn/SignInView.swift
@@ -11,7 +11,7 @@
 //
 
 import SwiftUI
-import OktaDirectAuth
+@testable import OktaDirectAuth
 
 struct SignInView: View {
     let flow: DirectAuthenticationFlow?
@@ -99,17 +99,17 @@ struct SignInView: View {
 // swiftlint:disable force_unwrapping
 struct SignInViewPrimary_Previews: PreviewProvider {
     static var previews: some View {
-        SignInView(flow: .init(issuer: URL(string: "https://example.com")!,
+        SignInView(flow: .init(issuerURL: URL(string: "https://example.com")!,
                                clientId: "abcd123",
-                               scopes: "openid profile"))
+                               scope: "openid profile"))
     }
 }
 
 struct SignInViewSecondary_Previews: PreviewProvider {
     static var previews: some View {
-        SignInView(flow: .init(issuer: URL(string: "https://example.com")!,
+        SignInView(flow: .init(issuerURL: URL(string: "https://example.com")!,
                                clientId: "abcd123",
-                               scopes: "openid profile"),
+                               scope: "openid profile"),
                    status: .mfaRequired(.init(supportedChallengeTypes: [],
                                               mfaToken: "abcd1234")))
     }

diff --git a/Samples/DirectAuthSignIn/DirectAuthSignIn/SignInViewController.swift b/Samples/DirectAuthSignIn/DirectAuthSignIn/SignInViewController.swift
@@ -21,14 +21,14 @@ class SignInViewController: UIHostingController<SignInView> {
 
         // Workaround to remove the `device_sso` scope, when included in the property list.
         if let configuration = try? OAuth2Client.PropertyListConfiguration(),
-           let ssoRange = configuration.scopes.range(of: "device_sso")
+           let ssoRange = configuration.scope.range(of: "device_sso")
         {
-            var scopes = configuration.scopes
-            scopes.removeSubrange(ssoRange)
+            var scope = configuration.scope
+            scope.removeSubrange(ssoRange)
 
-            flow = DirectAuthenticationFlow(issuer: configuration.issuer,
+            flow = DirectAuthenticationFlow(issuerURL: configuration.issuerURL,
                                             clientId: configuration.clientId,
-                                            scopes: scopes)
+                                            scope: scope)
         } else {
             flow = try? DirectAuthenticationFlow()
         }