Documentation

Swift (iOS)

Native sign-in with ASWebAuthenticationSession and PKCE.

Warning
Mobile apps are typically public clients. Do not embed YOUR_CLIENT_SECRET in the IPA. Prefer a backend token exchange or a public client provisioned by Radiant Networks.
Auth.swift
import AuthenticationServices

// Public native clients use PKCE and must NOT ship YOUR_CLIENT_SECRET.
// Ask Radiant Networks for a public client_id if you need mobile OAuth.

func signIn() {
  let verifier = randomURLSafe(32)
  let challenge = sha256Base64Url(verifier)
  let state = randomURLSafe(16)

  var comps = URLComponents(string: "https://auth.rdnt.live/api/auth/oauth2/authorize")!
  comps.queryItems = [
    .init(name: "response_type", value: "code"),
    .init(name: "client_id", value: "YOUR_CLIENT_ID"),
    .init(name: "redirect_uri", value: "yourapp://auth/callback"),
    .init(name: "scope", value: "openid profile email offline_access"),
    .init(name: "state", value: state),
    .init(name: "code_challenge", value: challenge),
    .init(name: "code_challenge_method", value: "S256"),
  ]

  let session = ASWebAuthenticationSession(
    url: comps.url!,
    callbackURLScheme: "yourapp"
  ) { callbackURL, error in
    // Validate state, then POST code + code_verifier to /oauth2/token
    // Prefer exchanging on your backend if the client is confidential
  }
  session.start()
}