From 4db07bf10fe708fd6b8c64768f298035499d8d5f Mon Sep 17 00:00:00 2001
From: Martin Walsh <martin.walsh@gmail.com>
Date: Thu, 8 Jun 2017 10:28:12 +0100
Subject: [PATCH] Added scope property to Credentials

---
 Auth0/Credentials.swift          | 11 ++++++++---
 Auth0Tests/CredentialsSpec.swift | 12 +++++++++---
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/Auth0/Credentials.swift b/Auth0/Credentials.swift
index 9044fb27..c062c7e9 100644
--- a/Auth0/Credentials.swift
+++ b/Auth0/Credentials.swift
@@ -40,13 +40,16 @@ public class Credentials: NSObject, JSONObjectPayload, NSSecureCoding {
     public let refreshToken: String?
     // Token that details the user identity after authentication
     public let idToken: String?
+    // Granted scopes, only populated when a requested scope or scopes was not granted and Auth is OIDC Conformant
+    public let scope: String?
 
-    public init(accessToken: String? = nil, tokenType: String? = nil, idToken: String? = nil, refreshToken: String? = nil, expiresIn: Date? = nil) {
+    public init(accessToken: String? = nil, tokenType: String? = nil, idToken: String? = nil, refreshToken: String? = nil, expiresIn: Date? = nil, scope: String? = nil) {
         self.accessToken = accessToken
         self.tokenType = tokenType
         self.idToken = idToken
         self.refreshToken = refreshToken
         self.expiresIn = expiresIn
+        self.scope = scope
     }
 
     convenience required public init(json: [String: Any]) {
@@ -62,7 +65,7 @@ public class Credentials: NSObject, JSONObjectPayload, NSSecureCoding {
         default:
             expiresIn = nil
         }
-        self.init(accessToken: json["access_token"] as? String, tokenType: json["token_type"] as? String, idToken: json["id_token"] as? String, refreshToken: json["refresh_token"] as? String, expiresIn: expiresIn)
+        self.init(accessToken: json["access_token"] as? String, tokenType: json["token_type"] as? String, idToken: json["id_token"] as? String, refreshToken: json["refresh_token"] as? String, expiresIn: expiresIn, scope: json["scope"] as? String)
     }
 
     // MARK: - NSSecureCoding
@@ -73,8 +76,9 @@ public class Credentials: NSObject, JSONObjectPayload, NSSecureCoding {
         let idToken = aDecoder.decodeObject(forKey: "idToken")
         let refreshToken = aDecoder.decodeObject(forKey: "refreshToken")
         let expiresIn = aDecoder.decodeObject(forKey: "expiresIn")
+        let scope = aDecoder.decodeObject(forKey: "scope")
 
-        self.init(accessToken: accessToken as? String, tokenType: tokenType as? String, idToken: idToken as? String, refreshToken: refreshToken as? String, expiresIn: expiresIn as? Date)
+        self.init(accessToken: accessToken as? String, tokenType: tokenType as? String, idToken: idToken as? String, refreshToken: refreshToken as? String, expiresIn: expiresIn as? Date, scope: scope as? String)
     }
 
     public func encode(with aCoder: NSCoder) {
@@ -83,6 +87,7 @@ public class Credentials: NSObject, JSONObjectPayload, NSSecureCoding {
         aCoder.encode(self.idToken, forKey: "idToken")
         aCoder.encode(self.refreshToken, forKey: "refreshToken")
         aCoder.encode(self.expiresIn, forKey: "expiresIn")
+        aCoder.encode(self.scope, forKey: "scope")
     }
 
     public static var supportsSecureCoding: Bool = true
diff --git a/Auth0Tests/CredentialsSpec.swift b/Auth0Tests/CredentialsSpec.swift
index 8696ec7a..2d74bad7 100644
--- a/Auth0Tests/CredentialsSpec.swift
+++ b/Auth0Tests/CredentialsSpec.swift
@@ -29,6 +29,7 @@ private let Bearer = "bearer"
 private let IdToken = UUID().uuidString.replacingOccurrences(of: "-", with: "")
 private let RefreshToken = UUID().uuidString.replacingOccurrences(of: "-", with: "")
 private let expiresIn: TimeInterval = 3600
+private let Scope = "openid"
 
 class CredentialsSpec: QuickSpec {
     override func spec() {
@@ -36,13 +37,14 @@ class CredentialsSpec: QuickSpec {
         describe("init from json") {
 
             it("should have all tokens and token_type") {
-                let credentials = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn])
+                let credentials = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn, "scope": Scope])
                 expect(credentials).toNot(beNil())
                 expect(credentials.accessToken) == AccessToken
                 expect(credentials.tokenType) == Bearer
                 expect(credentials.idToken) == IdToken
                 expect(credentials.refreshToken) == RefreshToken
                 expect(credentials.expiresIn).to(beCloseTo(Date(timeIntervalSinceNow: expiresIn), within: 5))
+                expect(credentials.scope) == Scope
             }
 
             it("should have only access_token and token_type") {
@@ -52,6 +54,7 @@ class CredentialsSpec: QuickSpec {
                 expect(credentials.tokenType) == Bearer
                 expect(credentials.idToken).to(beNil())
                 expect(credentials.expiresIn).to(beNil())
+                expect(credentials.scope).to(beNil())
             }
 
             it("should have id_token") {
@@ -97,19 +100,20 @@ class CredentialsSpec: QuickSpec {
         describe("secure coding") {
 
             it("should unarchive as credentials type") {
-                let credentialsOrig = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn])
+                let credentialsOrig = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn, "scope" : Scope])
                 let saveData = NSKeyedArchiver.archivedData(withRootObject: credentialsOrig)
                 let credentials = NSKeyedUnarchiver.unarchiveObject(with: saveData)
                 expect(credentials as? Credentials).toNot(beNil())
             }
 
             it("should have all properties") {
-                let credentialsOrig = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn])
+                let credentialsOrig = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn, "scope" : Scope])
                 let saveData = NSKeyedArchiver.archivedData(withRootObject: credentialsOrig)
                 let credentials = NSKeyedUnarchiver.unarchiveObject(with: saveData) as! Credentials
                 expect(credentials.accessToken) == AccessToken
                 expect(credentials.tokenType) == Bearer
                 expect(credentials.idToken) == IdToken
+                expect(credentials.scope) == Scope
                 expect(credentials.expiresIn).to(beCloseTo(Date(timeIntervalSinceNow: expiresIn), within: 5))
             }
 
@@ -121,6 +125,7 @@ class CredentialsSpec: QuickSpec {
                 expect(credentials.tokenType).to(beNil())
                 expect(credentials.idToken).to(beNil())
                 expect(credentials.expiresIn).to(beNil())
+                expect(credentials.scope).to(beNil())
             }
 
             it("should have refresh_token and expires_in only") {
@@ -132,6 +137,7 @@ class CredentialsSpec: QuickSpec {
                 expect(credentials.tokenType).to(beNil())
                 expect(credentials.idToken).to(beNil())
                 expect(credentials.expiresIn).to(beCloseTo(Date(timeIntervalSinceNow: expiresIn), within: 5))
+                expect(credentials.scope).to(beNil())
             }
 
         }