feat: Support web-based LMS OAuth.

Author: Kelketek

Authorization/Authorization/Presentation/AuthorizationAnalytics.swift

@@ -12,6 +12,7 @@ public enum LoginMethod: String {
     case facebook = "Facebook"
     case google = "Google"
     case microsoft = "Microsoft"
+    case oauth2 = "Custom OAuth2"
 }
 
 //sourcery: AutoMockable

Authorization/Authorization/Presentation/Login/SignInView.swift

@@ -9,12 +9,33 @@ import Foundation
 import Core
 import SwiftUI
 import Alamofire
+import OAuthSwift
+import SafariServices
+
+private class WebLoginSafariDelegate: NSObject, SFSafariViewControllerDelegate {
+    private let viewModel: SignInViewModel
+    public init(viewModel: SignInViewModel) {
+        self.viewModel = viewModel
+    }
+    func safariViewControllerDidFinish(_ controller: SFSafariViewController) {
+        /* Called when the 'Done' button is hit on the Safari Web view. In this case,
+        authentication would neither have failed nor succeeded, but we'd be back
+        at the SignInView. So, we make sure we mark it as attempted so the UI
+        renders. */
+        self.viewModel.markAttempted()
+    }
+}
 
 public class SignInViewModel: ObservableObject {
 
     @Published private(set) var isShowProgress = false
     @Published private(set) var showError: Bool = false
     @Published private(set) var showAlert: Bool = false
+    @Published private(set) var webLoginAttempted: Bool = false
+    
+    var forceWebLogin: Bool {
+        return config.webLogin && !webLoginAttempted
+    }
     var errorMessage: String? {
         didSet {
             withAnimation {
@@ -29,20 +50,78 @@ public class SignInViewModel: ObservableObject {
             }
         }
     }
+    var oauthswift: OAuth2Swift?
 
     private let interactor: AuthInteractorProtocol
     let router: AuthorizationRouter
+    let config: Config
     let analytics: AuthorizationAnalytics
     private let validator: Validator
+    private var safariDelegate: WebLoginSafariDelegate?
 
     public init(interactor: AuthInteractorProtocol,
                 router: AuthorizationRouter,
                 analytics: AuthorizationAnalytics,
+                config: Config,
                 validator: Validator) {
         self.interactor = interactor
         self.router = router
         self.analytics = analytics
+        self.config = config
         self.validator = validator
+        self.webLoginAttempted = false
+    }
+    
+    @MainActor
+    func login(viewController: UIViewController) async {
+        /* OAuth web login. Used when we cannot use the built-in login form,
+        but need to let the LMS redirect us to the authentication provider.
+        
+        An example service where this is needed is something like Auth0, which
+        redirects from the LMS to its own login page. That login page then redirects
+        back to the LMS for the issuance of a token that can be used for making
+        requests to the LMS, and then back to the redirect URL for the app. */
+        self.safariDelegate = WebLoginSafariDelegate(viewModel: self)
+        oauthswift = OAuth2Swift(
+            consumerKey: config.oAuthClientId,
+            consumerSecret: "", // No secret required
+            authorizeUrl: "\(config.baseURL)/oauth2/authorize/",
+            accessTokenUrl: "\(config.baseURL)/oauth2/access_token/",
+            responseType: "code"
+        )
+        
+        oauthswift!.allowMissingStateCheck = true
+        let handler = SafariURLHandler(
+            viewController: viewController, oauthSwift: oauthswift!
+        )
+        handler.delegate = self.safariDelegate
+        oauthswift!.authorizeURLHandler = handler
+
+        // Trigger OAuth2 dance
+        guard let rwURL = URL(string: "\(Bundle.main.bundleIdentifier ?? "")://oauth2Callback") else { return }
+        oauthswift!.authorize(withCallbackURL: rwURL, scope: "", state: "") { result in
+            switch result {
+            case .success(let (credential, _, _)):
+                Task {
+                    self.webLoginAttempted = true
+                    let user = try await self.interactor.login(credential: credential)
+                    self.analytics.setUserID("\(user.id)")
+                    self.analytics.userLogin(method: .oauth2)
+                    self.router.showMainScreen()
+                }
+                // Do your request
+            case .failure(let error):
+                self.webLoginAttempted = true
+                self.isShowProgress = false
+                self.errorMessage = error.localizedDescription
+            }
+        }
+    }
+    
+    public func markAttempted() {
+        // Hack to get around published observables limitation when handing this model over
+        // to an outside object. Is there a better way to do this?
+        self.webLoginAttempted = true
     }
 
     @MainActor

Authorization/Authorization/Presentation/Login/SignInViewModel.swift

@@ -11,6 +11,7 @@ public class Config {
 
     public let baseURL: URL
     public let oAuthClientId: String
+    public let webLogin: Bool
 
     public lazy var termsOfUse: URL? = {
         URL(string: "\(baseURL.description)/tos")
@@ -22,20 +23,21 @@ public class Config {
 
     public let feedbackEmail = "support@example.com"
 
-    public init(baseURL: String, oAuthClientId: String) {
+    public init(baseURL: String, oAuthClientId: String, webLogin: Bool) {
         guard let url = URL(string: baseURL) else {
             fatalError("Ivalid baseURL")
         }
         self.baseURL = url
         self.oAuthClientId = oAuthClientId
+        self.webLogin = webLogin
     }
 }
 
 // Mark - For testing and SwiftUI preview
 #if DEBUG
 public class ConfigMock: Config {
     public convenience init() {
-        self.init(baseURL: "https://google.com/", oAuthClientId: "client_id")
+        self.init(baseURL: "https://google.com/", oAuthClientId: "client_id", webLogin: false)
     }
 }
 #endif

Core/Core/Configuration/Config.swift

@@ -6,8 +6,10 @@
 //
 
 import Foundation
+import OAuthSwift
 
 public protocol AuthRepositoryProtocol {
+    func login(credential: OAuthSwiftCredential) async throws -> User
     func login(username: String, password: String) async throws -> User
     func getCookies(force: Bool) async throws
     func getRegistrationFields() async throws -> [PickerFields]
@@ -28,6 +30,17 @@ public class AuthRepository: AuthRepositoryProtocol {
         self.config = config
     }
 
+    public func login(credential: OAuthSwiftCredential) async throws -> User {
+        // Login for when we have the accessToken and refreshToken directly, like from web-view
+        // OAuth logins.
+        appStorage.cookiesDate = nil
+        appStorage.accessToken = credential.oauthToken
+        appStorage.refreshToken = credential.oauthRefreshToken
+        let user = try await api.requestData(AuthEndpoint.getUserInfo).mapResponse(DataLayer.User.self)
+        appStorage.user = user
+        return user.domain
+    }
+    
     public func login(username: String, password: String) async throws -> User {
         appStorage.cookiesDate = nil
         let endPoint = AuthEndpoint.getAccessToken(
@@ -100,6 +113,11 @@ public class AuthRepository: AuthRepositoryProtocol {
 // Mark - For testing and SwiftUI preview
 #if DEBUG
 class AuthRepositoryMock: AuthRepositoryProtocol {
+    
+    func login(credential: OAuthSwiftCredential) async throws -> User {
+        User(id: 1, username: "User", email: "email@gmail.com", name: "User Name", userAvatar: "")
+    }
+    
     func login(username: String, password: String) async throws -> User {
         User(id: 1, username: "User", email: "email@gmail.com", name: "User Name", userAvatar: "")
     }

Core/Core/Data/Repository/AuthRepository.swift

@@ -6,10 +6,12 @@
 //
 
 import Foundation
+import OAuthSwift
 
 //sourcery: AutoMockable
 public protocol AuthInteractorProtocol {
     @discardableResult
+    func login(credential: OAuthSwiftCredential) async throws -> User
     func login(username: String, password: String) async throws -> User
     func resetPassword(email: String) async throws -> ResetPassword
     func getCookies(force: Bool) async throws
@@ -26,6 +28,11 @@ public class AuthInteractor: AuthInteractorProtocol {
         self.repository = repository
     }
 
+    @discardableResult
+    public func login(credential: OAuthSwiftCredential) async throws -> User {
+        return try await repository.login(credential: credential)
+    }
+    
     @discardableResult
     public func login(username: String, password: String) async throws -> User {
         return try await repository.login(username: username, password: password)

Core/Core/Domain/AuthInteractor.swift

@@ -12,6 +12,7 @@ import FirebaseCore
 import FirebaseAnalytics
 import FirebaseCrashlytics
 import Profile
+import OAuthSwift
 
 @UIApplicationMain
 class AppDelegate: UIResponder, UIApplicationDelegate {
@@ -55,6 +56,15 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
         return true
     }
 
+    func application(
+        _ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey: Any] = [:]
+    ) -> Bool {
+      if url.host == "oauth2Callback" {
+        OAuthSwift.handle(url: url)
+      }
+      return true
+    }
+    
     func application(
         _ application: UIApplication,
         supportedInterfaceOrientationsFor window: UIWindow?

OpenEdX/AppDelegate.swift

@@ -105,7 +105,11 @@ class AppAssembly: Assembly {
         }.inObjectScope(.container)
 
         container.register(Config.self) { _ in
-            Config(baseURL: BuildConfiguration.shared.baseURL, oAuthClientId: BuildConfiguration.shared.clientId)
+            Config(
+                baseURL: BuildConfiguration.shared.baseURL,
+                oAuthClientId: BuildConfiguration.shared.clientId,
+                webLogin: BuildConfiguration.shared.webLogin
+            )
         }.inObjectScope(.container)
 
         container.register(CSSInjector.self) { _ in

OpenEdX/DI/AppAssembly.swift

@@ -48,6 +48,7 @@ class ScreenAssembly: Assembly {
                 interactor: r.resolve(AuthInteractorProtocol.self)!,
                 router: r.resolve(AuthorizationRouter.self)!,
                 analytics: r.resolve(AuthorizationAnalytics.self)!,
+                config: r.resolve(Config.self)!,
                 validator: r.resolve(Validator.self)!
             )
         }

OpenEdX/DI/ScreenAssembly.swift

@@ -46,6 +46,23 @@ class BuildConfiguration {
             return "PROD_CLIENT_ID"
         }
     }
+
+    /* Set this to true if you are using an authentication provider that
+    requires your learners to visit their login page. In this case,
+    the existing app interface for login will be ignored, and the
+    learner will be directed to a web view bringing up the LMS's login
+    flow, redirecting to your provider as needed.
+    
+    Note that in order for this to work, you must add a redirect URL in
+    your OAuth2 app settings that matches the URI
+    com.bundle.app://oauth2Callback where com.bundle.app is your app
+    bundle name. You must also set your Django settings in Open edX to
+    allow for your bundle name as a protocol for redirects. This setting
+    can be found within the OAUTH2_PROVIDER dictionary in your settings.
+    The key, ALLOWED_REDIRECT_URI_SCHEMES, should be set to something
+    like ['https', 'com.bundle.app'], again, where com.bundle.app is the
+    bundle name for your app. */
+    var webLogin: Bool = false
 
     var firebaseOptions: FirebaseOptions {
         switch environment {