iOS—No OAuth implementation
Overview
In the iOS—No OAuth implementation, your code handles the entire OAuth flow externally to the SDK. You provide a token for the SDK to use and update it as you refresh it. Use No OAuth when you want to manage the full OAuth flow within your code. This method offers complete control over the OAuth process but requires more effort to manage tokens and handle increased network activity.
Pros:
- Full control—You can manage the entire OAuth flow.
- Token flexibility— You can use the token in external calls, such as to Ecommerce API endpoints.
Cons:
- Increased complexity—Significantly increases the complexity of your app.
- Frequent token refresh—Tokens need to be refreshed every 30 minutes, and you must provide updated tokens as you refresh them.
- Higher network load—Each time you provide a refreshed token, the SDK re-fetches the merchant data, increasing your network load compared to the other options.
Before you begin
Steps
In your app, implement the OAuth login flow:
- Use the Low-trust apps—Auth code flow with PKCE for mobile apps where the app secret cannot be kept secret due to the nature of distributed app binaries.
Note: Use theCloverPaymentSDK.OAuthCodeChallengeobject to facilitate the PKCE flow by generating the verifier and challenge objects for use in the flow. - Get the auth token and refresh tokens.
- Initialize the SDK by calling
CloverPaymentSDK.shared.setupand passing in your configuration object.- Include a
CloverPaymentSDK.NoOAuthobject in the configuration. - In the
NoOAuthobject, include the token obtained in step 2. You must include the token every time you call setup.
- Include a
- Monitor the lifecycle of your token by examining the expiry date provided with the token. When it nears expiration, your app must refresh it.
- Whenever you need to update the token, pass the updated token through
CloverPaymentSDK.shared.updateToken.
iOS—No OAuth flow
Related topics
Updated 8 days ago