Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unify GTMKeychain implementations #150

Merged
merged 9 commits into from
May 2, 2022
Merged

Unify GTMKeychain implementations #150

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
69e1fb7
Unify our GTMKeychain implementations.
petea Apr 27, 2022
dbe1905
Stop using kSecAttrGeneric in keychain operations.
petea Apr 27, 2022
a8793b5
Merge branch 'master' into petea-keychain
petea Apr 27, 2022
f1b7bfe
Update readme with Keychain storage detail.
petea Apr 28, 2022
6f9e4d9
Remove unnecessary `sources` property.
petea Apr 29, 2022
b97f59d
Look for `source_files` recursively.
petea Apr 29, 2022
81b41a0
Improve readme content.
petea Apr 29, 2022
a5fd58f
Remove unused import.
petea Apr 29, 2022
6183695
Remove outdated comments.
petea Apr 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Improve readme content.
  • Loading branch information
@petea
petea authored Apr 29, 2022
commit 81b41a0703593cfa5787d599afa2dd5b42b2b674
38 changes: 18 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,18 +226,17 @@ GTMSessionFetcher *fetcher = [fetcherService fetcherWithURL:userinfoEndpoint];
}];
```

### Serialization to the Keychain
### Saving to the Keychain

You can easily serialize `GTMAppAuthFetcherAuthorization` objects and store
them in Keychain items using the included
`GTMAppAuthFetcherAuthorization+Keychain` category.
You can easily save `GTMAppAuthFetcherAuthorization` instances to the Keychain using
the included `GTMAppAuthFetcherAuthorization+Keychain` category.

```objc
// Serialize to Keychain
// Save to Keychain
[GTMAppAuthFetcherAuthorization saveAuthorization:_authorization
toKeychainForName:kGTMAppAuthExampleAuthorizerKey];

// Deserialize from Keychain
// Restore from Keychain
GTMAppAuthFetcherAuthorization* authorization =
[GTMAppAuthFetcherAuthorization authorizationFromKeychainForName:kGTMAppAuthExampleAuthorizerKey];

Expand All @@ -248,32 +247,31 @@ GTMAppAuthFetcherAuthorization* authorization =

#### Keychain Storage

Serialized `GTMAppAuthFetcherAuthorization` instances are stored using Keychain
items of the [`kSecClassGenericPassword`](https://developer.apple.com/documentation/security/ksecclassgenericpassword?language=objc)
`GTMAppAuthFetcherAuthorization` instances are stored using Keychain items of the
[`kSecClassGenericPassword`](https://developer.apple.com/documentation/security/ksecclassgenericpassword?language=objc)
class with a [`kSecAttrAccount`](https://developer.apple.com/documentation/security/ksecattraccount?language=objc)
value of "OAuth" and a developer supplied value for [`kSecAttrService`](https://developer.apple.com/documentation/security/ksecattrservice?language=objc).
For this use of generic password items, the combination of account and service
values acts as the
[primary key](https://developer.apple.com/documentation/security/1542001-security_framework_result_codes/errsecduplicateitem?language=objc)
of the Keychain items. An `NSCoding` compliant serialization of the relevant
`GTMAppAuthFetcherAuthorization` instance is supplied as the value for
[`kSecValueData`](https://developer.apple.com/documentation/security/ksecvaluedata?language=objc)
and this is encrypted and stored by
[Keychain Services](https://developer.apple.com/documentation/security/keychain_services?language=objc)
. The
of the Keychain items. The
[`kSecAttrAccessible`](https://developer.apple.com/documentation/security/ksecattraccessible?language=objc)
key is set to
[`kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly`](https://developer.apple.com/documentation/security/ksecattraccessibleafterfirstunlockthisdeviceonly?language=objc)
in order to allow background access after initial device unlock following a
restart.
restart. A [keyed archive](https://developer.apple.com/documentation/foundation/nskeyedarchiver?language=objc)
representation of the relevant `GTMAppAuthFetcherAuthorization` instance is supplied as the value for
[`kSecValueData`](https://developer.apple.com/documentation/security/ksecvaluedata?language=objc)
and this is encrypted and stored by
[Keychain Services](https://developer.apple.com/documentation/security/keychain_services?language=objc).

#### GTMOAuth2 Compatibility

To assist the migration from GTMOAuth2 to GTMAppAuth, GTMOAuth2-compatible
serialization methods are provided in `GTMOAuth2KeychainCompatibility`.
Keychain methods are provided in `GTMOAuth2KeychainCompatibility`.

```objc
// Deserialize from Keychain
// Restore from Keychain
GTMAppAuthFetcherAuthorization *auth =
[GTMOAuth2KeychainCompatibility authForGoogleFromKeychainForName:kKeychainItemName
clientID:clientID
Expand All @@ -283,11 +281,11 @@ GTMAppAuthFetcherAuthorization *auth =
[GTMOAuth2KeychainCompatibility removeAuthFromKeychainForName:kKeychainItemName];
```

You can also serialize to GTMOAuth2 format, though this is discouraged (you
should serialize in GTMAppAuth format as described above).
You can also save to GTMOAuth2 format, though this is discouraged (you
should save in GTMAppAuth format as described above).

```objc
// Serialize to Keychain
// Save to Keychain
[GTMOAuth2KeychainCompatibility saveAuthToKeychainForName:kKeychainItemName
authentication:authorization];
```
Expand Down