iOS: OAuth handler in Swift using Alamofire + AlamofireObjectMapper
The purpose of this post is to explain how we handle the authentication flow in our authentication framework.
Our auth framework uses Alamofire for HTTP networking, AlamofireObjectMapper for serialize the HTTP responses and our web services are behind an OAuth authentication system.
If you’re familiar with Alamofire advanced usage, we use a custom Alamofire
SessionManager class (+info), called AuthenticationSessionManager, that implements Alamofire
RequestRetrier protocols (+info).
RequestAdapter allows you to append an
Authorization header to each request made with your custom
SessionManager class. And
RequestRetrier gives you the opportunity to handle a request that encountered an
Error to be retried, for example, for refresh session token and launch the request again.
Both working together are a powerful and quite easy way to handler our session token.
RequestRetrier to refresh session token implies that the only way to refresh session token is to get a
401 error from web server. If your app is being used by hundred of thousands users that means lot of HTTP requests returning an error. Obviously it’s not the best performance ever… 😅
Fortunately, session token usually comes with an expiration date, so, in order to prevent this scenario, let’s use this parameter to actively refresh token. 💪
The idea is to create a layer over Alamofire request method to check the validity of the session token before execute the request. If token is valid, launch request, else, refresh token and then launch request. Following this flow chart:
As much as I searched on Internet a sample implementation in Swift about this flow, I found nothing accurate or specific enough that helped me. Honestly, this is the post a would have liked to read when I faced this feature.
Here my proposal: we’re going to implement a custom request method in our
SessionManager custom class: AuthenticationSessionManager. This way we’ll only need use this new method for future requests instead of Alamofire method and done! ✨
Let’s see how an Alamofire regular request with AlamofireObjectMapper looks like (+info):
SessionManagerwith a default configuration.
requestmethod is a
SessionManagermethod that receives an
URLRequestConvertibleand returns a
responseObjectmethod is a
DataRequestmethod that receives a completion handler closure and returns a
So, our method will need to receive an
URLRequestConvertible and a closure with an
(Alamofire.DataResponse<T> -> Void), where
T : BaseMappable, and will return an
Let’s see the interface of our method:
Inside this method, how we defined in the chart, we will check the session token validity.
Here the implementation:
refreshToken method is a private method that uses a regular Alamofire request and returns an
Alamofire.DataRequest. In case the
refreshToken method returns an error (line 6 in snippet), we create a custom
DataResponse with that error.
From here on
The given implementation is for a single object response case. If we want to map an array of objects, or we want a JSON response, or even a flat string response, we’ll create a new method for each case:
The implementation for each method would be more or less the same as we’ve already seen in snippet.
Hope you found this post interesting and useful for your projects. Any question or comment will be welcome!
Thanks and good luck!!!
One Step Beyond
If you’re a testaholic and you want to know how we tested this implementation, have a look to other of my post. 😉