CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
bulldozer-db
stack/sdks/implementations/swift/Sources/StackAuth/Models/Team.swift
Aman Ganapathy c8694c7ff5
[Fix] [Feat] Update OAuth Sign-In and Get Token Functions to Work (#1130) 
### Summary of Changes

Previously, on the Swift SDK, the `signInWithOAuth` function wasn't
working. In this PR, we fix it by having the `getOAuthUrl` function to
actually redirect correctly. Note that to do so, we updated the
`validRedirectUrl` check on the backend to accept app native redirects
(from our new trusted url scheme). Another thing to note is that we
added functionality to the `TokenStore` abstraction to conditionally
refresh the access token that the user is trying to fetch if it is
expired/close to expiring if possible. `getOAuthUrl` will attempt to get
a valid access token, and thus will rely on our algorithm documented in
`utilities.md`.

The specs serve as the source of truth.

We go further and implement Apple Native sign in. To do so, we have it
hit a new route on the backend and verify the `jwtToken` retrieved by
the sdk against an Apple-provided set of `jwks`. We use jose to do so,
in line with the rest of the codebase.

We take this opportunity to refactor the oauth provider route owing to
the amount of duplicated logic. Additionally, to enable the apple sign
in, users will have to update the Apple authentication method modal on
the dashboard and add accepted bundle ids. These are identifiers for
projects, and we will check the `JWT` on the backend to make sure the
audience is set to an accepted bundleId.

We also update the Apple modal to be more informative.

### Using the new Features

To use the Apple native sign in, users will have to 1) sign up with an
apple developer account, 2) set up their bundleids for their projects by
connecting them to the apple developer account, 3) update the Stack-Auth
Authentication Methods dashboard apple modal with the relevant fields.
Then, trying to sign in with apple with our Swift SDK will use the apple
native sign in.

### UI Changes

Renamed the fields in the apple modal. Added a new field for bundle ids.
See below.


https://github.com/user-attachments/assets/0e760c0e-3198-4818-ac7f-4900d7a125bb



Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
2026-01-28 02:17:27 +00:00

211 lines
7.0 KiB
Swift
Raw Permalink Blame History

import Foundation
/// A team/organization that users can belong to
public actor Team {
private let client: APIClient
public nonisolated let id: String
public private(set) var displayName: String
public private(set) var profileImageUrl: String?
public private(set) var clientMetadata: [String: Any]
public private(set) var clientReadOnlyMetadata: [String: Any]
init(client: APIClient, json: [String: Any]) {
self.client = client
self.id = json["id"] as? String ?? ""
self.displayName = json["display_name"] as? String ?? ""
self.profileImageUrl = json["profile_image_url"] as? String
self.clientMetadata = json["client_metadata"] as? [String: Any] ?? [:]
self.clientReadOnlyMetadata = json["client_read_only_metadata"] as? [String: Any] ?? [:]
}
// MARK: - Update
public func update(
displayName: String? = nil,
profileImageUrl: String? = nil,
clientMetadata: [String: Any]? = nil
) async throws {
var body: [String: Any] = [:]
if let displayName = displayName { body["display_name"] = displayName }
if let profileImageUrl = profileImageUrl { body["profile_image_url"] = profileImageUrl }
if let clientMetadata = clientMetadata { body["client_metadata"] = clientMetadata }
let (data, _) = try await client.sendRequest(
path: "/teams/\(id)",
method: "PATCH",
body: body,
authenticated: true
)
if let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] {
self.displayName = json["display_name"] as? String ?? self.displayName
self.profileImageUrl = json["profile_image_url"] as? String
self.clientMetadata = json["client_metadata"] as? [String: Any] ?? self.clientMetadata
self.clientReadOnlyMetadata = json["client_read_only_metadata"] as? [String: Any] ?? self.clientReadOnlyMetadata
}
}
// MARK: - Delete
public func delete() async throws {
_ = try await client.sendRequest(
path: "/teams/\(id)",
method: "DELETE",
authenticated: true
)
}
// MARK: - Invite
public func inviteUser(email: String, callbackUrl: String? = nil) async throws {
var body: [String: Any] = [
"email": email,
"team_id": id
]
if let callbackUrl = callbackUrl {
body["callback_url"] = callbackUrl
}
_ = try await client.sendRequest(
path: "/team-invitations/send-code",
method: "POST",
body: body,
authenticated: true
)
}
// MARK: - List Users
public func listUsers() async throws -> [TeamUser] {
let (data, _) = try await client.sendRequest(
path: "/team-member-profiles?team_id=\(id)",
method: "GET",
authenticated: true
)
guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
let items = json["items"] as? [[String: Any]] else {
return []
}
return items.map { TeamUser(from: $0) }
}
// MARK: - Invitations
public func listInvitations() async throws -> [TeamInvitation] {
let (data, _) = try await client.sendRequest(
path: "/teams/\(id)/invitations",
method: "GET",
authenticated: true
)
guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
let items = json["items"] as? [[String: Any]] else {
return []
}
return items.map { TeamInvitation(client: client, teamId: id, json: $0) }
}
// MARK: - API Keys
public func listApiKeys() async throws -> [TeamApiKey] {
let (data, _) = try await client.sendRequest(
path: "/teams/\(id)/api-keys",
method: "GET",
authenticated: true
)
guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
let items = json["items"] as? [[String: Any]] else {
return []
}
return items.map { TeamApiKey(from: $0) }
}
public func createApiKey(
description: String,
expiresAt: Date? = nil,
scope: String? = nil
) async throws -> TeamApiKeyFirstView {
var body: [String: Any] = ["description": description]
if let expiresAt = expiresAt {
body["expires_at_millis"] = Int64(expiresAt.timeIntervalSince1970 * 1000)
}
if let scope = scope { body["scope"] = scope }
let (data, _) = try await client.sendRequest(
path: "/teams/\(id)/api-keys",
method: "POST",
body: body,
authenticated: true
)
guard let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
throw StackAuthError(code: "parse_error", message: "Failed to parse API key response")
}
return TeamApiKeyFirstView(from: json)
}
}
// MARK: - Supporting Types
public struct TeamUser: Sendable {
public let id: String
public let teamProfile: TeamMemberProfile
init(from json: [String: Any]) {
// Try both "id" (from /users?team_id=) and "user_id" (from other endpoints)
self.id = json["id"] as? String ?? json["user_id"] as? String ?? ""
if let profile = json["team_profile"] as? [String: Any] {
self.teamProfile = TeamMemberProfile(
displayName: profile["display_name"] as? String,
profileImageUrl: profile["profile_image_url"] as? String
)
} else {
// If no team_profile, use display_name from user itself
self.teamProfile = TeamMemberProfile(
displayName: json["display_name"] as? String,
profileImageUrl: json["profile_image_url"] as? String
)
}
}
}
public struct TeamMemberProfile: Sendable {
public let displayName: String?
public let profileImageUrl: String?
}
public actor TeamInvitation {
private let client: APIClient
private let teamId: String
public nonisolated let id: String
public let recipientEmail: String?
public let expiresAt: Date
init(client: APIClient, teamId: String, json: [String: Any]) {
self.client = client
self.teamId = teamId
self.id = json["id"] as? String ?? ""
self.recipientEmail = json["recipient_email"] as? String
let millis = json["expires_at_millis"] as? Int64 ?? 0
self.expiresAt = Date(timeIntervalSince1970: Double(millis) / 1000.0)
}
public func revoke() async throws {
_ = try await client.sendRequest(
path: "/teams/\(teamId)/invitations/\(id)",
method: "DELETE",
authenticated: true
)
}
}
Reference in New Issue View Git Blame Copy Permalink