OAuth2 auth components

.gitignore

@@ -1,6 +1,9 @@
 # OS X
 .DS_Store
 
+# Auth0
+Auth0.plist
+
 # Xcode
 build/
 *.pbxuser

Auth0.xcodeproj/xcshareddata/xcschemes/OAuth2.iOS.xcscheme

@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+   LastUpgradeVersion = "0730"
+   version = "1.3">
+   <BuildAction
+      parallelizeBuildables = "YES"
+      buildImplicitDependencies = "YES">
+      <BuildActionEntries>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "5F3965C61CF67DD800CDE7C0"
+               BuildableName = "OAuth2.app"
+               BlueprintName = "OAuth2"
+               ReferencedContainer = "container:Auth0.xcodeproj">
+            </BuildableReference>
+         </BuildActionEntry>
+      </BuildActionEntries>
+   </BuildAction>
+   <TestAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      shouldUseLaunchSchemeArgsEnv = "YES">
+      <Testables>
+         <TestableReference
+            skipped = "NO">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "5F3965D91CF67DD800CDE7C0"
+               BuildableName = "OAuth2Tests.xctest"
+               BlueprintName = "OAuth2Tests"
+               ReferencedContainer = "container:Auth0.xcodeproj">
+            </BuildableReference>
+         </TestableReference>
+      </Testables>
+      <MacroExpansion>
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "5F3965C61CF67DD800CDE7C0"
+            BuildableName = "OAuth2.app"
+            BlueprintName = "OAuth2"
+            ReferencedContainer = "container:Auth0.xcodeproj">
+         </BuildableReference>
+      </MacroExpansion>
+      <AdditionalOptions>
+      </AdditionalOptions>
+   </TestAction>
+   <LaunchAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      launchStyle = "0"
+      useCustomWorkingDirectory = "NO"
+      ignoresPersistentStateOnLaunch = "NO"
+      debugDocumentVersioning = "YES"
+      debugServiceExtension = "internal"
+      allowLocationSimulation = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "5F3965C61CF67DD800CDE7C0"
+            BuildableName = "OAuth2.app"
+            BlueprintName = "OAuth2"
+            ReferencedContainer = "container:Auth0.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+      <AdditionalOptions>
+      </AdditionalOptions>
+   </LaunchAction>
+   <ProfileAction
+      buildConfiguration = "Release"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      savedToolIdentifier = ""
+      useCustomWorkingDirectory = "NO"
+      debugDocumentVersioning = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "5F3965C61CF67DD800CDE7C0"
+            BuildableName = "OAuth2.app"
+            BlueprintName = "OAuth2"
+            ReferencedContainer = "container:Auth0.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </ProfileAction>
+   <AnalyzeAction
+      buildConfiguration = "Debug">
+   </AnalyzeAction>
+   <ArchiveAction
+      buildConfiguration = "Release"
+      revealArchiveInOrganizer = "YES">
+   </ArchiveAction>
+</Scheme>

Auth0/Auth0.h

@@ -16,4 +16,4 @@ FOUNDATION_EXPORT const unsigned char Auth0VersionString[];
 
 // In this header, you should import all the public headers of your framework using statements like #import <Auth0/PublicHeader.h>
 
-
+#import <Auth0/A0ChallengeGenerator.h>

Auth0/Auth0.swift

@@ -26,12 +26,12 @@ import Foundation
  Auth0 Authentication API to authenticate your user using a Database, Social, Enterprise or Passwordless connections
 
  ```
- Auth0.authentication(clientId, domain: "samples.auth0.com")
+ Auth0.authentication(clientId: clientId, domain: "samples.auth0.com")
  ```
 
- - parameter clientId: of your Auth0 client/application
- - parameter domain:   of your Auth0 account. e.g.: 'samples.auth0.com'
- - parameter session:  of NSURLSession used for networking. By default it will used the shared session
+ - parameter clientId: clientId of your Auth0 client/application
+ - parameter domain:   domain of your Auth0 account. e.g.: 'samples.auth0.com'
+ - parameter session:  instance of NSURLSession used for networking. By default it will use the shared NSURLSession
 
  - returns: Auth0 Authentication API
  */
@@ -43,12 +43,12 @@ public func authentication(clientId clientId: String, domain: String, session: N
  Auth0 Management API v2 to perform CRUD operation against your Users, Clients, Connections, etc.
 
  ```
- Auth0.management(token, domain: "samples.auth0.com")
+ Auth0.management(token: token, domain: "samples.auth0.com")
  ```
 
- - parameter token:   of Management API v2 with the correct allowed scopes to perform the desired action
- - parameter domain:  of your Auth0 account. e.g.: 'samples.auth0.com'
- - parameter session:  of NSURLSession used for networking. By default it will used the shared session
+ - parameter token:     token of Management API v2 with the correct allowed scopes to perform the desired action
+ - parameter domain:    domain of your Auth0 account. e.g.: 'samples.auth0.com'
+ - parameter session:   instance of NSURLSession used for networking. By default it will use the shared NSURLSession
 
  - returns: Auth0 Management API v2
  - important: Auth0.swift has yet to implement all endpoints. Now you can only perform some CRUD operations against Users
@@ -61,7 +61,7 @@ public func management(token: String, domain: String, session: NSURLSession = .s
  Auth0 Management Users API v2 that allows CRUD operations with the users endpoint.
 
  ```
- Auth0.users(token, domain: "samples.auth0.com")
+ Auth0.users(token: token, domain: "samples.auth0.com")
  ```
 
  Currently you can only perform the following operations:
@@ -71,9 +71,9 @@ public func management(token: String, domain: String, session: NSURLSession = .s
  * Link users
  * Unlink users
 
- - parameter token:   of Management API v2 with the correct allowed scopes to perform the desired action
- - parameter domain:  of your Auth0 account. e.g.: 'samples.auth0.com'
- - parameter session:  of NSURLSession used for networking. By default it will used the shared session
+ - parameter token:     token of Management API v2 with the correct allowed scopes to perform the desired action
+ - parameter domain:    domain of your Auth0 account. e.g.: 'samples.auth0.com'
+ - parameter session:   instance of NSURLSession used for networking. By default it will use the shared NSURLSession
 
  - returns: Auth0 Management API v2
  */

Auth0/Auth0PKCE/A0ChallengeGenerator.h

@@ -0,0 +1,35 @@
+// A0ChallengeGenerator.h
+//
+// Copyright (c) 2016 Auth0 (http://auth0.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+@interface A0SHA256ChallengeGenerator : NSObject
+@property (readonly, strong, nonatomic) NSString *verifier;
+@property (readonly, strong, nonatomic) NSString *challenge;
+@property (readonly, strong, nonatomic) NSString *method;
+
+- (instancetype)init;
+- (instancetype)initWithVerifier:(NSData *)verifier;
+
+@end
+NS_ASSUME_NONNULL_END

Auth0/Auth0PKCE/A0ChallengeGenerator.m

@@ -0,0 +1,66 @@
+// A0ChallengeGenerator.m
+//
+// Copyright (c) 2016 Auth0 (http://auth0.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import "A0ChallengeGenerator.h"
+#import <CommonCrypto/CommonCrypto.h>
+#import <Auth0/Auth0-Swift.h>
+
+const NSUInteger kVerifierSize = 32;
+
+@implementation A0SHA256ChallengeGenerator
+
+- (instancetype)init {
+    NSMutableData *data = [NSMutableData dataWithLength:kVerifierSize];
+    SecRandomCopyBytes(kSecRandomDefault, kVerifierSize, data.mutableBytes);
+    return [self initWithVerifier:data];
+}
+
+- (instancetype)initWithVerifier:(NSData *)verifier {
+    self = [super init];
+    if (self) {
+        _verifier = [verifier a0_encodeBase64URLSafe];
+        _method = @"S256";
+    }
+    return self;
+}
+
+- (NSString *)challenge {
+    CC_SHA256_CTX ctx;
+
+    uint8_t * hashBytes = malloc(CC_SHA256_DIGEST_LENGTH * sizeof(uint8_t));
+    memset(hashBytes, 0x0, CC_SHA256_DIGEST_LENGTH);
+
+    NSData *valueData = [self.verifier dataUsingEncoding:NSUTF8StringEncoding];
+
+    CC_SHA256_Init(&ctx);
+    CC_SHA256_Update(&ctx, [valueData bytes], (CC_LONG)[valueData length]);
+    CC_SHA256_Final(hashBytes, &ctx);
+
+    NSData *hash = [NSData dataWithBytes:hashBytes length:CC_SHA256_DIGEST_LENGTH];
+
+    if (hashBytes) {
+        free(hashBytes);
+    }
+
+    return [hash a0_encodeBase64URLSafe];
+}
+@end

Auth0/Authentication/Authentication.swift

@@ -43,14 +43,16 @@ public struct Authentication {
     /**
      Types of errors that can be returned by Auth API
 
-     - Response:        the request was not successful and Auth0 returned an error response with the reeason it failed
-     - InvalidResponse: the response returned by Auth0 was not valid
-     - RequestFailed:   the request failed
+     - Response:        the request was not successful and Auth0 returned an error response with a code and description. If the error has a `name` attribute it will be available too, any additional attribute will be in `extras`.
+     - InvalidResponse: the response returned by Auth0 was not valid. It will include the JSON payload or the complete redirect URL when OAuth2 authorize was used, as NSData. It's recommended to just convert it to String.
+     - RequestFailed:   the request failed to complete by an unexpected cause, e.g.: request timed out. The associated value has the cause of failure
+     - Cancelled:       the request was cancelled before it could be completed. e.g.: during OAuth2 authentication
      */
     public enum Error: ErrorType {
-        case Response(code: String, description: String)
+        case Response(code: String, description: String, name: String?, extras: [String: AnyObject]?)
         case InvalidResponse(response: NSData?)
         case RequestFailed(cause: ErrorType)
+        case Cancelled
     }
 
     /**
@@ -386,9 +388,9 @@ public struct Authentication {
      - parameter token:      token obtained from a social IdP
      - parameter connection: name of the social connection. Only works with 'google-oauth2', 'facebook' and 'twitter'
      - parameter scope:      requested scope value when authenticating the user. By default is 'openid'
-     - parameter parameters: addition parameters sent during authentication
+     - parameter parameters: additional parameters sent during authentication
 
-     - returns: a request that will yield Auth0 users credentials
+     - returns: a request that will yield Auth0 user's credentials
      */
     public func loginSocial(token: String, connection: String, scope: String = "openid", parameters: [String: AnyObject] = [:]) -> Request<Credentials, Error> {
         var payload: [String: AnyObject] = [
@@ -403,6 +405,58 @@ public struct Authentication {
     }
 
 
+    /**
+     Perform a OAuth2 token request against Auth0.
+
+     ```
+     Auth0
+        .authentication(clientId, domain: "samples.auth0.com")
+        .token(["key": "value"])
+        .start { print($0) }
+     ```
+
+     - parameter parameters: request parameters
+
+     - returns: a request that will yield Auth0 user's credentials
+     - seeAlso: Authentication#exchangeCode(codeVerifier:redirectURI:) for PKCE
+     */
+    public func token(parameters: [String: AnyObject]) -> Request<Credentials, Error> {
+        var payload: [String: AnyObject] = [
+            "client_id": self.clientId
+        ]
+        parameters.forEach { payload[$0] = $1 }
+        let token = NSURL(string: "/oauth/token", relativeToURL: self.url)!
+        return Request(session: session, url: token, method: "POST", handle: authenticationObject, payload: payload)
+    }
+
+    /**
+     Performs the last step of Proof Key for Code Exchange [RFC 7636](https://tools.ietf.org/html/rfc7636).
+
+     This will request User's token using the code and it's verifier after a request to `/oauth/authorize`
+
+     ```
+     Auth0
+        .authentication(clientId, domain: "samples.auth0.com")
+        .exchangeCode("a code", codeVerifier: "code verifier", redirectURI: "https://samples.auth0.com/callback")
+        .start { print($0) }
+     ```
+
+     - parameter code:         code returned after an `/oauth/authorize` request
+     - parameter codeVerifier: verifier used to generate the challenge sent in `/oauth/authorize` request
+     - parameter redirectURI:  redirect uri sent in `/oauth/authorize` request
+
+     - returns: a request that will yield Auth0 user's credentials
+     - seeAlso: https://tools.ietf.org/html/rfc7636
+     */
+    public func exchangeCode(code: String, codeVerifier: String, redirectURI: String) -> Request<Credentials, Error> {
+        return self.token([
+                "code": code,
+                "code_verifier": codeVerifier,
+                "redirect_uri": redirectURI,
+                "grant_type": "authorization_code"
+            ])
+    }
+
     /**
      Types of passwordless authentication
 

Auth0/Authentication/Handlers.swift

@@ -78,11 +78,14 @@ private func authenticationError(data: NSData?, cause: Response.Error) -> Authen
 
 private func payloadError(payload: [String: AnyObject], cause: ErrorType) -> Authentication.Error {
     if let code = payload["error"] as? String, let description = payload["error_description"] as? String {
-        return .Response(code: code, description: description)
+        return .Response(code: code, description: description, name: nil, extras: nil)
     }
 
     if let code = payload["code"] as? String, let description = payload["description"] as? String {
-        return .Response(code: code, description: description)
+        let name = payload["name"] as? String
+        var extras = payload
+        ["code", "description", "name"].forEach { extras.removeValueForKey($0) }
+        return .Response(code: code, description: description, name: name, extras: extras)
     }
 
     return .RequestFailed(cause: cause)