iOS: OAuth handler in Swift using Alamofire + AlamofireObjectMapper
The purpose of this post is to explain how we handle the authentication flow in our authentication framework.
Our auth framework uses Alamofire for HTTP networking, AlamofireObjectMapper for serialize the HTTP responses and our web services are behind an OAuth authentication system.
If you’re familiar with Alamofire advanced usage, we use a custom Alamofire SessionManager
class (+info), called AuthenticationSessionManager, that implements Alamofire RequestAdapter
and RequestRetrier
protocols (+info).
Basically, RequestAdapter
allows you to append an Authorization
header to each request made with your custom SessionManager
class. And RequestRetrier
gives you the opportunity to handle a request that encountered an Error
to be retried, for example, for refresh session token and launch the request again.
Both working together are a powerful and quite easy way to handler our session token.
Using only RequestRetrier
to refresh session token implies that the only way to refresh session token is to get a 401
error from web server. If your app is being used by hundred of thousands users that means lot of HTTP requests returning an error. Obviously it’s not the best performance ever… 😅
Fortunately, session token usually comes with an expiration date, so, in order to prevent this scenario, let’s use this parameter to actively refresh token. 💪
The idea is to create a layer over Alamofire request method to check the validity of the session token before execute the request. If token is valid, launch request, else, refresh token and then launch request. Following this flow chart:
As much as I searched on Internet a sample implementation in Swift about this flow, I found nothing accurate or specific enough that helped me. Honestly, this is the post a would have liked to read when I faced this feature.
Here my proposal: we’re going to implement a custom request method in our SessionManager
custom class: AuthenticationSessionManager. This way we’ll only need use this new method for future requests instead of Alamofire method and done! ✨
Let’s see how an Alamofire regular request with AlamofireObjectMapper looks like (+info):
Alamofire
is aSessionManager
with a default configuration.request
method is aSessionManager
method that receives anURLRequestConvertible
and returns aDataRequest
:
responseObject
method is aDataRequest
method that receives a completion handler closure and returns aDataRequest
:
So, our method will need to receive an URLRequestConvertible
and a closure with an (Alamofire.DataResponse<T> -> Void)
, where T : BaseMappable
, and will return an Alamofire.DataRequest
.
Let’s see the interface of our method:
Inside this method, as we defined in the chart, we will check the session token validity.
Here the implementation:
The refreshToken
method is a private method that uses a regular Alamofire request and returns an Alamofire.DataRequest
. In case the refreshToken
method returns an error (line 6 in snippet), we create a custom DataResponse
with that error.
From here on
The given implementation is for a single object response case. If we want to map an array of objects, or we want a JSON response, or even a flat string response, we’ll create a new method for each case:
The implementation for each method would be more or less the same as we’ve already seen in snippet.
Hope you found this post interesting and useful for your projects. Any question or comment will be welcome!
Thanks and good luck!!!
One Step Beyond
If you’re a testaholic and you want to know how we tested this implementation, have a look to other of my post. 😉