search

Peter-Schorn / SpotifyAPI

A Swift library for the Spotify web API. Supports all endpoints.
https://peter-schorn.github.io/SpotifyAPI/documentation/spotifywebapi
MIT License
269 stars 33 forks source link

Question about storing authorised session #24

Closed toothbrush closed 3 years ago

toothbrush commented 3 years ago

Hello again! Way back when i created my first prototype application, i was able to follow https://github.com/Peter-Schorn/SpotifyAPI/wiki/Saving-authorization-information-to-persistent-storage to authorise my app once, then subsequently rely on the authorisation data stored in the keychain.

Now that i want to make it possible for others to download my app, it seemed good to switch to using AuthorizationCodeFlowPKCEManager so that i needn't distribute the clientSecret value with my app.

However, having adapted the code from https://github.com/Peter-Schorn/SpotifyAPI/wiki/Saving-authorization-information-to-persistent-storage to use AuthorizationCodeFlowPKCEManager, it appears my app is unable to reuse stored authorisation info from the Keychain between runs. I would guess it's because i should also store the corresponding random-generated codeVerifier and codeChallenge, but i don't see anywhere they're being used in this bit:

                // Try to decode the data.
                let authorizationManager = try JSONDecoder().decode(
                    AuthorizationCodeFlowPKCEManager.self,
                    from: authManagerData.data(using: .utf8)!
                )

Is it possible to restore a saved session when i'm avoiding using clientSecret?

toothbrush commented 3 years ago

You know what, i don't know what i was doing wrong, but it works as it should. Closing this issue – apologies for the noise.

Peter-Schorn commented 3 years ago

You don't need to store the code verifier and code challenge in persistent storage. You regenerate those values before each authorization request.