Authentication
The SDK handles OpenID Connect authentication using the Authorization Code + PKCE flow via AppAuth. Tokens are exchanged and managed automatically.
Configuration
OIDC parameters are set in KapeSDK.plist:
| Key | Description |
|---|---|
ClientId | OpenID Connect client ID registered with your tenant |
IssuerURL | OIDC issuer URL (used for discovery) |
RedirectURL | Redirect URI registered with the authorization server |
info
The RedirectURL scheme must be registered in your app's Info.plist under URL Types so that the system routes the OAuth callback back to your app.
Login
import KapeAuth
import KapeCore
let settings = try KapeSDKSettings()
let handle = try KapeSdkHandle(settings: settings)
let auth = KapeAuthClient(handle: handle)
// iOS — requires a UIViewController
try await auth.login(presenting: viewController)
Forwarding the Callback URL
The OAuth redirect must be forwarded to the SDK. Without this, the login flow will hang.
SwiftUI:
.onOpenURL { url in
auth.handleCallbackURL(url)
}
UIKit (SceneDelegate):
func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {
if let url = URLContexts.first?.url {
auth.handleCallbackURL(url)
}
}
Authentication State
KapeAuthClient exposes a Combine publisher:
auth.authState // AnyPublisher<KapeAuthState, Never>
| State | Meaning |
|---|---|
.authenticated | User is logged in |
.unauthenticated | User is logged out |
auth.authState
.receive(on: DispatchQueue.main)
.sink { state in
showLogin = (state == .unauthenticated)
}
.store(in: &cancellables)
Querying the Session
| Method | Description |
|---|---|
currentAuthenticationSession() | Returns the session after validating tokens. nil if signed out or tokens expired. |
lastKnownAuthenticationSession() | Returns the last successful session without validation. Fast, no network call. |
Both return KapeAuthenticationSession? with userId, email, and displayName.
// Fast restore on app launch
if let session = auth.lastKnownAuthenticationSession() {
print("Welcome back, \(session.displayName)")
}
Logout
try auth.logout()
Clears all stored credentials and publishes .unauthenticated.
Error Handling
All operations throw KapeError:
do {
try await auth.login(presenting: viewController)
} catch let error as KapeError {
print("[\(error.domain)] \(error.localizedDescription)")
}