I'm using AppAuth iOS for login purpose in app. I receives authState nil and error saying "Invalid Client"

Question

Process: User Opens the app. Taps on login. Redirected to login page. User enter credentials. Redirected back to app. Received authState nil and error "Invalid Client".

let authorizationEndpoint = URL(string: ConfigRouter.AuthorizationEndpoint)!
    let tokenEndpoint = URL(string: ConfigRouter.TokenEndpoint)!
    let configuration = OIDServiceConfiguration(authorizationEndpoint: authorizationEndpoint,
                                                tokenEndpoint: tokenEndpoint)
    var parameters = ConfigRouter.AdditionalParameters
    
    let request = OIDAuthorizationRequest(configuration: configuration,
                                              clientId: ClientId,
                                              clientSecret: ConfigRouter.OktaClientSecret,
                                              scopes: Scope,
                                              redirectURL:  URL(string: RedirectURL)!,
                                              responseType: ResponseType,
                                              additionalParameters: parameters)
    }
  

    self.currentAuthorizationFlow = OIDAuthState.authState(byPresenting: request, presenting: UIApplication.getTopMostViewController()!, prefersEphemeralSession: true, callback: { authState, error in
        if let authState = authState {
            let response = AuthHelper.shared.createResponse(authState: authState)
            AuthHelper.shared.saveAuthState(state: authState)
            completionHandler(.success(response))
        } else {
            if error != nil {
                completionHandler(.failure(error!))
            }
        }
        
    })

Identity Provider is GlUU. In Android is working fine with same configuration.

Answer 1

OIDAuthState.authState() attempts to perform certain operations on our behalf. For example, showing AuthorizationRequest, getting authentication code from server, and from that authentication code requesting token. As a result, authState will directly return tokens such as access tokens, ID tokens, and refresh tokens. It worked fine for OKTA, but not for GLUU.

There might be a difference in the process followed between OKTA and GLUU, or perhaps setting up clients in GLUU server requires manual token calls.

Below steps helped me resolve the issue:

1. Usig OIDAuthorizationService.present() method to show authorization requet

   OIDAuthorizationService.present(request, presenting: UIApplication.getTopMostViewController()! )

2. This method will return authResponse if correct credentials were given. authReponse will have authCode based on which we will make another call for user tokens.

3. Token Call based on authCode:

   var request = URLRequest(url: tokenEndpointURL) request.httpMethod = gluuhttpMethodTypeKey request.setValue(gluuhRequestContentType , forHTTPHeaderField: gluuhRequestContentTypeKey)

   var bodyParameters = [
       gluuRefreshTokenGrantTypeKey  : OIDGrantTypeAuthorizationCode,
       ConfigRouter.OktaResponseType : authorizationCode,
       gluuRedirectURIKey            : redirectURI,
       gluuclientIdKey               : clientId,
       gluuclientSecretKey           : clientSecret,
       gluucodeVerifierKey           : codeVerifier,
       oktaRefreshTokenScopesKey     : scope
   ]
   bodyParameters.merge(ConfigRouter.OktaAdditionalParameters) { (_, new) in new }
   
   let bodyString = bodyParameters
       .map { "\($0)=\($1)" }
       .joined(separator: "&")
   
   request.httpBody = bodyString.data(using: .utf8)
   
   print("request\(request)")
   
   let task = URLSession.shared.dataTask(with: request) { data, response, error in
   

Thanks