public class OAuth2Authenticator: Authenticator
Authenticator that logs in a service account using OAuth2 with a JWT Bearer Token as an authorization grant.
This is a more secure flow than the basic auth counter-part, and is the recommended way to authenticate
a service account in a production environment.
OAuth2Authenticator is authenticated by default, so there is no need to call
However if you'd like the authenticator to no longer be authenticated, you can call
login() if you want it to be authenticated again.
See Authenticator for more details about the properties and methods.
See the Developer Website for details about OAuth2 authentication using a Service Account.
let credentials = ServiceAccountCredentials(email: "<EMAIL>", keyID: "<KEY_ID>", secret: "<SECRET>") let authenticator = OAuth2Authenticator(credentials: credentials) let disruptive = Disruptive(authenticator: authenticator)
Defines the interface required to authenticate the
public init(credentials: ServiceAccountCredentials, authURL: String = Disruptive.defaultAuthURL)
OAuth2Authenticator using a set of
Optional parameter. Used to specify the endpoint to exchange a JWT for an access token. The default value is
public let credentials : ServiceAccountCredentials
The service account used to authenticate against the Disruptive Technologies' REST API.
public let authURL: String
The authentication endpoint to fetch the access token from.
private(set) public var shouldAutoRefreshAccessToken = true
OAuth2Authenticator will default to automatically get a fresh access token.
This will be switched on and off when
logout() is called respectively.
public func login(completion: @escaping AuthHandler)
Refreshes the access token, stores it in the
auth property, and sets
public func logout(completion: @escaping (Result<Void, DisruptiveError>) -> ())
Logs out the auth provider by setting
login() to log the auth provider back in again.
public func refreshAccessToken(completion: @escaping (Result<Void, DisruptiveError>) -> ())
Used internally to create a JWT from the service account passed in to the initializer, which is then exchanged
with an access token from the authentication endpoint. This access token is stored in the
along with the received expiration date.
This flow is described in more detail on the Developer Website.