iOS - Partial OAuth
Use Partial OAuth to perform the OAuth login flow in your app while allowing the SDK to manage refresh tokens.
Prerequisites
- See Overview of the Clover platform.
- Create a global developer account with a default test merchant account.
- Create additional test merchants, if needed.
- Order a Clover Go reader Developer Kit (Dev Kit) and set it up.
- Use Xcode 14 or higher.
- Install CocoaPods.
- Use an iOS Device (iOS 14+).
- Use an iOS Developer Account.
- Install CloverPayments SDK from CocoaPods.
- Charge Clover Go reader—Device battery charging requirement. Several operations on your Clover Go reader require at least 30% battery. Charge your device before you configure your iOS project using the instructions in this guide.
OAuth authentication
Clover uses OAuth to authenticate the users of your app to Clover servers. Use the steps in this topic to:
- Create a Clover app and install it on your test merchant to enable OAuth. The Clover app has an associated App ID and App Secret that Clover transfers to the iOS app to give it permission to perform OAuth.
- Use Associated Domains in the iOS app and an
apple-app-site-associationfile on a server you control to enable OAuth callbacks from Clover login servers to your app.
Steps
First launch
- In your app, implement the OAuth Login Flow by following the flows defined at Clover OAuth Documentation.
- Use the Low Trust Apps flow defined at OAuth Flow for Low Trust Apps (PKCE). This flow is specifically for mobile apps where the app secret cannot be kept secret due to the nature of distributed app binaries.
Note: Use theCloverPaymentSDK.OAuthCodeChallengeobject to facilitate the PKCE flow by generating the verifier and challenge objects for use in the flow. - Obtain the Code response and pass that information to the SDK.
- Use the Low Trust Apps flow defined at OAuth Flow for Low Trust Apps (PKCE). This flow is specifically for mobile apps where the app secret cannot be kept secret due to the nature of distributed app binaries.
- Initialize the SDK by calling
CloverPaymentSDK.shared.setupand passing in your configuration object. Include aCloverPaymentSDK.PartialOAuthobject in the configuration. In thePartialOAuthobject, include the Code received from the OAuth Login flow and the Challenge information used with the PKCE flow. CloverPaymentSDKexchanges the code for a token, stores the token in Keychain for the next launch, and then calls your token change callback registered in step 1.
Subsequent launches
Initialize the SDK by calling CloverPaymentSDK.shared.setup and passing in your configuration object. Include a CloverPaymentSDK.PartialOAuth object in the configuration. In the PartialOAuth object, set the code to nil to signal to the SDK to use the previously stored token.
iOS - Partial OAuth
When you use partial OAuth
The following are the advantages and disadvantages when you use partial OAuth:
Advantages
- The SDK manages refresh tokens, ensuring you always have a usable token.
- You can present the Clover login screen directly in your app using your preferred UI design.
- You can implement the OAuth login flow without exiting the app.
Disadvantages
- You must write your web view implementation to execute the OAuth login flow.
- You must monitor and intercept the code response from the OAuth login flow in your app.
- The implementation in your code will be more complex than the Full OAuth flow.
Updated 4 months ago