okta/okta-mobile-swift 2.0.0

on GitHub

This release is a large update that introduces full Swift 6 compatibility with support for Strict Concurrency. This includes task cancellation and inheritance support for all asynchronous operations, and resolves data race and concurrency issues within the Credential Storage system. In addition, the update improves the Developer Experience (DX) for authentication flow customizations. This also marks the first major release of the Okta Client SDK for Swift.

New Features

Swift 6 compatibility

All asynchronous operations in the SDK were changed to work around Swift's Task APIs, replacing the legacy DispatchQueue completion block approach. Swift Actors were adopted where appropriate, while still providing a convenient developer experience (DX) with support for synchronous or nonisolated access to commonly-used properties or functions.

Some other improvements include:

• Support for both Swift 6 and Swift 5.10
• Enforces "complete" Strict Concurrency mode
• All asynchronous operations are now built around Task, instead of GCD completion blocks, which enables:
  • Task cancellation
  • Task priority inheritance
• Sendable conformance for all appropriate types
• Authentication flows are now Actor types, improving data race consistency

Credential Storage subsystem improvements

The storage of tokens is critical, and ensuring data race consistency and thread safety is of the utmost importance. Many improvements to the Credential Storage system of AuthFoundation have been made to use Swift Concurrency features. This ensures that access to the storage system remains consistent, while keeping the same performance and developer experience.

• Introduces a new CredentialActor global actor for all components of the storage system
• Improves the customization of URLSession customization using a new OAuth2Client.defaultSession static property
• Fixes bugs in how the Keychain APIs are used, which prevented consistent assignment of the Credential.default value

Authentication Flow improvements

Many improvements were made to AuthenticationFlow types to ensure that the developer experience across flows is consistent. In addition, these improvements simplify and expand on the customization of configurable properties, and resolve data race issues in asynchronous operations.

• The AuthenticationFlow protocol is now an Actor type, ensuring that all flows are actors
• Flows have a mandatory Context type that’s used for managing developer customizations and runtime state for in-flight authentication sessions
• Adds support for the customization of common authorization parameters:
  • acr_values (Authentication Context Class References)
  • max_age for authentication flows that support them
  • Conveniences for the Authorization Code flow, such as display, prompt, loginHint, and so on.
• Improvements to types that use claims
  • Added HasClaims support to Token, allowing developers to handle custom values in token responses
  • Improved assignment and conversion of claim values to Swift-native types
  • Supports Swift's ExpressibleBy\* protocols for simpler assignment of literals to claim values
• All uses of scope use a collection type to streamline the developer experience
  • Allows you to supply scope values as strings and arrays of strings
  • Supports the use of string literals for convenient assignment
• Introduced the JWT Bearer Authorization flow, supporting RFC7523 for authentication using a signed JWT assertion
• Improved feature support within the Okta Direct Authentication flow
  • Self-Service Password Reset (SSPR) intent support
• OktaIdxAuth was introduced into the monorepo, relocated from the okta-idx-swift repository

Distribution and build support

• Includes separate Swift 6 and 5.10 Swift Package Manager files for improved compatibility
• CocoaPods support improved, with the introduction of an umbrella OktaClient podspec

Other Updates

• OktaOAuth2 renamed to OAuth2Auth
• WebAuthenticationUI renamed to BrowserSignin
• The Okta IDX authentication library has moved into this repository
  • The full okta-idx-swift history has been merged into this monorepo
  • OktaIdx was renamed to OktaIdxAuth for consistency
• Minimum supported versions changed
  • Xcode 15.4
  • Swift 5.10
  • iOS 13.0
  • tvOS 13.0
  • watchOS 7.0
  • visionOS 1.0
  • macCatalyst 13.0
  • macOS 10.15
• (Experimental) Linux compatibility
  • Requires the use of Swift 6
  • Note: Linux isn’t officially supported

What's Changed

• OKTA-789927: Move away from orb by @rlepage-okta in #205
• Implement RFC7523 with JWTAuthorizationFlow by @alexnachbaur-okta in #206
• Extend Token with HasClaims for custom claims by @alexnachbaur-okta in #204
• Add sample application for JWT Bearer Authorization flow (RFC7523) by @alexnachbaur-okta in #208
• Update minimum Swift, Xcode, and platform versions by @alexnachbaur-okta in #207
• Introduce a sign-in "intent" to enable SSPR by @alexnachbaur-okta in #209
• Refactor Authentication Flows for consistency and customization by @alexnachbaur-okta in #214
• Change scope to be an array of strings for developer convenience and consistency by @alexnachbaur-okta in #217
• Update asynchronous APIs to use Swift Concurrency by default by @alexnachbaur-okta in #220
• Ensure Keychain SecItemDelete is not called with unsupported attributes by @alexnachbaur-okta in #229
• Updates to ensure OktaIdx supports the Swift6 updates by @alexnachbaur-okta in #230
• Update CocoaPods support and testing by @alexnachbaur-okta in #231
• Integrate okta-idx-swift into the monorepo by @AlexNachbaur in #232
• Rename WebAuthentication to BrowserSignin by @AlexNachbaur in #233
• Updated API docs and fixed docc warnings by @AlexNachbaur in #234

New Contributors

• @rlepage-okta made their first contribution in #205

Full Changelog: 1.8.2...2.0.0