iOS - No OAuth
No OAuth is a special case where your code implements and manages the OAuth flow externally to the SDK. You provide a token for the SDK to use and update the token as you refresh it.
Prerequisites
- See Overview of the Clover platform.
- Create a global developer account with a default test merchant account.
- Create additional test merchants, if needed.
- Order a Clover Go reader Developer Kit (Dev Kit) and set it up.
- Use Xcode 14 or higher.
- Install CocoaPods.
- Use an iOS Device (iOS 14+).
- Use an iOS Developer Account.
- Install CloverPayments SDK from CocoaPods.
- Charge Clover Go reader—Device battery charging requirement. Several operations on your Clover Go reader require at least 30% battery. Charge your device before you configure your iOS project using the instructions in this guide.
OAuth authentication
Clover uses OAuth to authenticate the users of your app to Clover servers. Use the steps in this topic to:
- Create a Clover app and install it on your test merchant to enable OAuth. The Clover app has an associated App ID and App Secret that Clover transfers to the iOS app to give it permission to perform OAuth.
- Use Associated Domains in the iOS app and an
apple-app-site-association
file on a server you control to enable OAuth callbacks from Clover login servers to your app.
Steps
- Implement the OAuth Login Flow in your app by following the flows defined at Clover OAuth Documentation.
- Use the Low Trust Apps flow defined at OAuth Flow for Low Trust Apps (PKCE). This flow is specifically for mobile apps where the app secret cannot be kept secret due to the nature of distributed app binaries.
- Follow the OAuth Flow to receive an auth token and refresh tokens.
- Initialize the SDK by calling
CloverPaymentSDK.shared.setup
and passing in your configuration object. Include aCloverPaymentSDK.NoOAuth
object in the configuration. In theNoOAuth
object, include the token obtained in step 1. You must include the token every time you call setup.
Note: Monitor the lifecycle of your token by examining the expiry date provided with the token. When it nears expiration, your app must refresh it. - Whenever you need to update the token, pass the updated token via
CloverPaymentSDK.shared.updateToken
.
When you use No OAuth
The following are the advantages and disadvantages when you use full OAuth:
Advantages:
- You can manage the entire flow.
- You can use the token in external calls, such as to Ecomm endpoints.
Disadvantages:
- Significantly increased app complexity.
- Tokens must be refreshed every 30 minutes, requiring you to provide updated tokens.
- Each time you provide a refreshed token, the SDK re-fetches the merchant data, increasing your network load compared to the other options.
Updated 4 months ago