Skip to content

OAuth Support on RestKit

Jump to bottom Edit New page
rodchile edited this page Sep 25, 2011 · 10 revisions

##Overview

RestKit includes support to consume resources from APIs which use AOuth as an access protocol for third-party applications. For OAuth1 the framework includes the TDOAuth library which implements the signature of each request. For each protocol RKClient adds the appropriate headers to the RKRequest.

##OAuth 1 In this communication protocol the following information are used:

Application Identification

  • Consumer Key
  • Consumer Secret

User Identification

  • Access Token
  • Access Token Secret

Whit this information you setup the RKClient to consume the resources from the API:

RKObjectManager* objectManager = [RKObjectManager sharedManager];
objectManager.client.baseURL = @"YOUR_BASE_URL";
objectManager.client.OAuth1ConsumerKey = @"YOUR CONSUMER KEY";
objectManager.client.OAuth1ConsumerSecret = @"YOUR CONSUMER SECRET";
objectManager.client.OAuth1AccessToken = @"YOUR ACCESS TOKEN";
objectManager.client.OAuth1AccessTokenSecret = @"YOUR ACCESS TOKEN SECRET";
objectManager.client.RKRequestAuthenticationType = RKRequestAuthenticationTypeOAuth1;

##OAuth 2 OAuth 2 is the newer version of this protocol, but there is still under construction. RestKit support is based on the 22 draft version of it.

###Getting an access_token To get an access_token you can use the RKOAuthClient which will require the following information:

Application Identification

  • Client Id
  • Client Secret

Normally this information you get it after register your application in the API from where you want consume resources.

User Identification

  • Authorization Code

With that information you can setup the client as following:

oauthClient = [RKClientOAuth clientWithClientID:[Client Id] secret:[Client Secret] delegate:[Your Delegate]];
[oauthClient setAuthorizationCode:[User Authorization Code]];
[oauthClient setAuthorizationURL:[Authorization Endpoint]];
[oauthClient setCallbackURL:[Your application callbackurl]];
oauthClient.RKRequestAuthenticationType = RKRequestAuthenticationTypeOAuth1;
[oauthClient validateAuthorizationCode];

Notice that your delegate will need to implement the methods according to RKOAuthClientDelegate.

###Consuming resources using an access_token Just give to your instance of RKClient the access_token you got as following:

RKObjectManager* objectManager = [RKObjectManager sharedManager];
objectManager.client.baseURL = @"YOUR API URL";
objectManager.client.OAuth2AccessToken = @"YOUR ACCESS TOKEN";

Final Recommendations

We strongly encourage you to keep access_token, refresh_token, clientId and clientSecret using the iOS Keychain or other secure storage ways.

Add a custom footer
Add a custom sidebar
Clone this wiki locally