Release NotesAnnouncementsVideosBlog
Guides

iOS—No OAuth implementation

United States

Overview

In the iOS—No OAuth implementation, your code handles the entire OAuth flow externally to the SDK. You provide a token for the SDK to use and update it as you refresh it. Use No OAuth when you want to manage the full OAuth flow within your code. This method offers complete control over the OAuth process but requires more effort to manage tokens and handle increased network activity.

Pros:

  • Full control—You can manage the entire OAuth flow.
  • Token flexibility— You can use the token in external calls, such as to Ecommerce API endpoints.

Cons:

  • Increased complexity—Significantly increases the complexity of your app.
  • Frequent token refresh—Tokens need to be refreshed every 30 minutes, and you must provide updated tokens as you refresh them.
  • Higher network load—Each time you provide a refreshed token, the SDK re-fetches the merchant data, increasing your network load compared to the other options.

Before you begin

If your mobile app is running on iOS and consuming the CloverPaymentSDK, you need to configure your mobile app for OAuth. Clover uses OAuth to authenticate the users of your app to Clover servers. Before you begin, review the OAuth flow and terminology.

To implement the OAuth flow, you need to:

  1. Create a Clover app and install it on your test merchant to enable OAuth. The Clover app has an associated App ID and App Secret that Clover transfers to the iOS app to give it permission to perform OAuth.
  2. Use Associated Domains in the iOS app and an pple-app-site-association file on a server you control to enable OAuth callbacks from Clover login servers to your app.

For detailed information, see iOS—Clover Go SDK quick start guide.

Prerequisites

  • Create a global developer account with a default test merchant account.
  • Order a Clover Go reader Developer Kit (Dev Kit) and set it up.
  • Use an iOS Device (iOS 14+).
  • Use an iOS Developer Account.
  • Use Xcode 14 or higher.
  • Install CocoaPods.
  • Install CloverPayments SDK from CocoaPods.
  • Charge Clover Go reader—Device battery charging requirement. Several operations on your Clover Go reader require at least 30% battery. Charge your device before you configure your iOS project using the instructions in this guide.

Steps

In your app, implement the OAuth login flow:

  1. Use the Low-trust apps—Auth code flow with PKCE for mobile apps where the app secret cannot be kept secret due to the nature of distributed app binaries.
    Note: Use the CloverPaymentSDK.OAuthCodeChallenge object to facilitate the PKCE flow by generating the verifier and challenge objects for use in the flow.
  2. Get the auth token and refresh tokens.
  3. Initialize the SDK by calling CloverPaymentSDK.shared.setup and passing in your configuration object.
    1. Include a CloverPaymentSDK.NoOAuth object in the configuration.
    2. In the NoOAuth object, include the token obtained in step 2. You must include the token every time you call setup.
  4. Monitor the lifecycle of your token by examining the expiry date provided with the token. When it nears expiration, your app must refresh it.
  5. Whenever you need to update the token, pass the updated token through CloverPaymentSDK.shared.updateToken.
iOS - No OAuth

iOS—No OAuth flow

Related topics

Updated 2 days ago