webviewLogin

AppDelegate.reachfive().webviewLogin(WebviewLoginRequest(
    presentationContextProvider
    // optional
    state,
    nonce,
    scope, (1)

))

1	Scope isn’t explicitly required. If not provided here, it defaults to the scopes set up in the client configuration which is picked up when you initiliaze the iOS SDK.

Description

Opens a secure webview through the authorization endpoint.

You must have configured a Login URL and enabled request orchestration tokens for your identity client.

Orchestrated flows are supported from version 1.24.0 for the Core SDK and version 1.16.0 for the UI SDK.

If end-users have an active web SSO session, then the authorization endpoint immediately redirects to the application.
If end-users do not have an active web SSO session, they are redirected to the client’s Login URL for authentication.

When logging in with secure webview, a dialog pops up where you must select Continue and acknowledge that by continuing "This allows the app and the website to exchange information about you".

Usage

Because of the presentationContextProvider property, you must ensure that your UIViewController implements the ASWebAuthenticationPresentationContextProviding protocol.

To do this, add the following to your UIViewController:

func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
    view.window!
}

Examples

AppDelegate
    .reachfive()
    .webviewLogin(WebviewLoginRequest(
        state: "zf3ifjfmdkj",
        nonce: "n-0S6_PzA3Ze",
        scope: ["openid", "profile", "email"],
        presentationContextProvider: self
    ))
    .onSuccess{ authToken in
        // Get the profile's authentication token
    }
    .onFailure { error in
        // Return a ReachFive error
    }

Parameters

Parameter Description

presentationContextProvider string

A delegate that provides a display context whereby the system is able to present an authentication session to the user.

For more, see here.

state string

The OAuth2 state value.

This is a random string sent to the auth server. The auth server sends the state parameter back. If they match, you’re good to go. If they don’t match, someone (or something) else initiated the auth request.

nonce string

An OIDC nonce value.

This binds the tokens with the client and serves as a token validation parameter.

scope string[]

The scopes granted to the profile. Make sure they are allowed by the client.

Default scopes are the allowed scopes set up in the client’s configuration.

Response

Type: Future<AuthToken, ReachFiveError>

AuthToken

The authentication token.

idToken

The ID token JSON Web Token (JWT) that contains the profile’s information.

accessToken

The authorization credential JSON Web Token (JWT) used to access the ReachFive API.

refreshToken

The refresh token JSON Web Token (JWT) used to obtain new access tokens once they expire. This is only available when the offline_access scope is requested.

tokenType

The type of token. Always equal to Bearer.

expiresIn

The lifetime in seconds of the access token.

If expiresIn is less than or equal to 0, the AuthToken is expired.

user OpenIDUser

The user’s information contained in the ID token.

id string

The identifier of the user.

name string

The full name of the user in displayable form including all name parts, possibly including titles and suffixes, ordered according to the user’s locale and preferences.

preferredUsername string

The shorthand name by which the user wishes to be referred to.

givenName string

The given name or first name of the user.

familyName string

The surname or last name of the user.

middleName string

The middle name of the user.

nickname string

The casual name of the user that may or may not be the same as the givenName

picture string

The URL of the user’s profile picture.

website string

The URL of the user’s web page or blog.

email string

The user’s preferred e-mail address.

emailVerified boolean

True if the user’s e-mail address has been verified; otherwise false.

gender string

The user’s gender.

zoneinfo string

The string from zoneinfo time zone database representing the user’s time zone.

locale string

The user’s language code in lowercase and country code in uppercase, separated by a dash.

phoneNumber string

The user’s preferred telephone number.

phoneNumberVerified boolean

true if the user’s phone number has been verified; otherwise false.

address string

The user’s preferred postal address.

ReachFiveError

Based on the problem, the ReachFiveError will be:

RequestError(requestErrors: RequestErrors) if it’s a bad request error.

error string

The main error message.

errorId string

The identifier of the error.

errorUserMsg string

The user-friendly error message.

This property is translated according to the user’s browser settings. Currently supported languages:

Currently supported languages

ar - العربية Arabic
de - Deutsch German
en - English
es - Español Spanish
fr - Français French
hu - Magyar Hungarian
it - Italiano Italian
jp - 日本 Japanese
ko - 한국인 Korean
nl - Nederlands Dutch
pt - Portuguese
ru - Ру́сский Russian
sk - Slovenský Slovak
zh-CN - People’s Republic of China Simplified Chinese
zh-Hans - Simplified Chinese
zh-Hant - Traditional Chinese
zh-HK - Hong Kong Traditional Chinese
zh-MO - Macao Traditional Chinese
zh-SG - Singapore Simplified Chinese
zh-TW - Taiwan Traditional Chinese

errorMessageKey string

The error message key.

errorDescription string

The technical error message.

errorDetails FieldError[]

field string

The field concerned by the error.

message string

The message error returned for the field.

code string

The code error returned for the field.

AuthFailure(reason: String) if the authentication has failed.
AuthCanceled if the authentication was cancelled.
TechnicalError(reason: String) if it’s an internal server error.