iOS: OAuth handler in Swift using Alamofire + AlamofireObjectMapper

iOS: OAuth handler in Swift using Alamofire + AlamofireObjectMapperRaul Peña AlonsoBlockedUnblockFollowFollowingJan 8The purpose of this post is to explain how we handle the authentication flow in our authentication framework.

Our auth framework uses Alamofire for HTTP networking, AlamofireObjectMapper for serialize the HTTP responses and our web services are behind an OAuth authentication system.

If you’re familiar with Alamofire advanced usage, we use a custom Alamofire SessionManager class (+info), called AuthenticationSessionManager, that implements Alamofire RequestAdapter and RequestRetrier protocols (+info).

Basically, RequestAdapter allows you to append an Authorization header to each request made with your custom SessionManager class.

And RequestRetrier gives you the opportunity to handle a request that encountered an Error to be retried, for example, for refresh session token and launch the request again.

Both working together are a powerful and quite easy way to handler our session token.

Using only RequestRetrier to refresh session token implies that the only way to refresh session token is to get a 401 error from web server.

If your app is being used by hundred of thousands users that means lot of HTTP requests returning an error.

Obviously it’s not the best performance ever… ????Fortunately, session token usually comes with an expiration date, so, in order to prevent this scenario, let’s use this parameter to actively refresh token.

????The idea is to create a layer over Alamofire request method to check the validity of the session token before execute the request.

If token is valid, launch request, else, refresh token and then launch request.

Following this flow chart:As much as I searched on Internet a sample implementation in Swift about this flow, I found nothing accurate or specific enough that helped me.

Honestly, this is the post a would have liked to read when I faced this feature.

Here my proposal: we’re going to implement a custom request method in our SessionManager custom class: AuthenticationSessionManager.

This way we’ll only need use this new method for future requests instead of Alamofire method and done!.✨Let’s see how an Alamofire regular request with AlamofireObjectMapper looks like (+info):Alamofire is a SessionManager with a default configuration.

request method is a SessionManager method that receives an URLRequestConvertible and returns a DataRequest:responseObject method is a DataRequest method that receives a completion handler closure and returns a DataRequest:So, our method will need to receive an URLRequestConvertible and a closure with an (Alamofire.

DataResponse<T> -> Void), where T : BaseMappable, and will return an Alamofire.


Let’s see the interface of our method:Inside this method, how we defined in the chart, we will check the session token validity.

Here the implementation:The refreshToken method is a private method that uses a regular Alamofire request.

In case the refreshToken method returns an error (line 6 in snippet), we create a custom DataResponse with that error.

From here onThe given implementation is for a single object response case.

If we want to map an array of objects, or we want a JSON response, or even a flat string, we’ll create a new method for each case:The implementation for each method would be more or less the same as we’ve already seen in snippet.

Hope you found this post interesting and useful for your projects.

Any question or comment will be welcome!Thanks and good Luck!!!One Step BeyondIf you’re a testaholic and you want to know how we tested this implementation, have a look to other of my post.


. More details

Leave a Reply