Cannot be used in a Today App Extension

[damienrambout]

The compiler is complaining about UIApplication.sharedApplication().openURL() in openAuthorizeURLInBrowser (OAuth2+iOS.swift).

I don't think it's such a good idea to call UIApplication.sharedApplication() inside a framework that should not be about UI.

If you really need this openAuthorizeURLInBrowser, you might have to create a separate extension to this framework (another pod). This pod would only be imported by targets using UIApplication.

From my point of view, the openAuthorizeURLInBrowser() can be removed and only support SFSafariViewController by default for authorizations requiring a web page.
I guess this would require the pod to be available for iOS 9 and later.

---

In the meantime, you could also wrap the code to make it compilable, using a P2_APP_EXTENSIONS macro.

#if !P2_APP_EXTENSIONS
    if !UIApplication.sharedApplication().openURL(url) {
        throw OAuth2Error.UnableToOpenAuthorizeURL
    }
 #endif

Apps using the framework inside a Today Extension would have to define this P2_APP_EXTENSION in OTHER_SWIFT_FLAGS. This can also be automated through a post_install script for those using Cocoapods.

[p2]

Due to policy, some apps may need to authorize in Browser (even though the Safari view controller is equivalent), plus the macOS version has the same method. This separation has been improved on the develop branch, but I hadn't thought about UIApplication not being available in extensions.

Maybe a compiler check can comment that out if built for extensions, do you know?

[damienrambout]

As far as I know, the only way is to use a custom flag such as P2_APP_EXTENSIONS in your code to make the compiler know it should ignore some parts of code. This flag must be later defined by the user of your framework.

It's not an ideal solution because it really all or nothing, since P2_APP_EXTENSIONS must be defined at the framework target level (for Cocoapods at least). This is how AFNetworking and other libs have dealt with this in the past. Now they made sure to not include forbidden symbols in their frameworks.

If you decide to make p2.OAuth App Extension compliant (i.e. by removing these forbidden calls), you can check Require Only App-Extension-Safe API to YES in your Build Settings. The compiler will generate errors if you use symbols that are not available in App Extensions.

[damienrambout]

I'm having another issue: I am not able to use a shared keychain.

I think p2.OAuth2 is not handling custom kSecAttrAccessGroup to use a keychain shared between an app and its extensions.

You could add a keychain_access_group setting key that would accept a string as its value for the keychain group identifier.

[p2]

Makes sense, you mean in addition to keychain_access_mode?

[damienrambout]

Yes, as an additional setting.