Componentize OAuth Logic

DemoApp/AtprotoOAuthDemoApp/CachedAuthenticated/LoginVM.swift

@@ -10,6 +10,7 @@ import AtprotoOAuth
 import AtprotoTypes
 import AuthenticationServices
 import Foundation
+import GermConvenience
 import OAuth
 import os
 
@@ -27,12 +28,11 @@ import os
 			callbackURL: URL(string: "com.germnetwork.static:/oauth")!
 		),
 		userAuthenticator: ASWebAuthenticationSession.userAuthenticator(),
-		responseProvider: URLSession.defaultProvider,
+		resourceFetcher: URLSession.shared,
+		authFetcher: URLSession.manualRedirect(),
 		atprotoClient: AtprotoClient(
-			responseProvider: URLSession.defaultProvider
+			resourceFetcher: URLSession.shared
 		),
-		oauthMetadataFetcher: HTTPOAuthMetadataFetcher(
-			httpRequester: URLSession.defaultProvider)
 	)
 
 	let handle: String
@@ -70,12 +70,11 @@ import os
 					session: sessionArchive,
 				),
 				appCredentials: oauthClient.appCredentials,
-				httpRequester: URLSession.defaultProvider,
+				resourceFetcher: URLSession.shared,
+				authFetcher: URLSession.manualRedirect(),
 				atprotoClient: AtprotoClient(
-					responseProvider: URLSession.defaultProvider
+					resourceFetcher: URLSession.shared
 				),
-				oauthMetadataFetcher: HTTPOAuthMetadataFetcher(
-					httpRequester: URLSession.defaultProvider)
 			)
 
 			if !Task.isCancelled {
@@ -146,12 +145,11 @@ import os
 					session: archive,
 				),
 				appCredentials: oauthClient.appCredentials,
-				httpRequester: URLSession.defaultProvider,
+				resourceFetcher: URLSession.shared,
+				authFetcher: URLSession.manualRedirect(),
 				atprotoClient: AtprotoClient(
-					responseProvider: URLSession.defaultProvider
+					resourceFetcher: URLSession.shared
 				),
-				oauthMetadataFetcher: HTTPOAuthMetadataFetcher(
-					httpRequester: URLSession.defaultProvider)
 			)
 			if !Task.isCancelled {
 				self.session = .init(

DemoApp/AtprotoOAuthDemoApp/Login/LoginDemoVM.swift

@@ -10,6 +10,7 @@ import AtprotoOAuth
 import AtprotoTypes
 import AuthenticationServices
 import Foundation
+import GermConvenience
 import Microcosm
 import OAuth
 import SwiftUI
@@ -22,12 +23,11 @@ import SwiftUI
 			callbackURL: URL(string: "com.germnetwork.static:/oauth")!
 		),
 		userAuthenticator: ASWebAuthenticationSession.userAuthenticator(),
-		responseProvider: URLSession.defaultProvider,
+		resourceFetcher: URLSession.shared,
+		authFetcher: URLSession.manualRedirect(),
 		atprotoClient: AtprotoClient(
-			responseProvider: URLSession.defaultProvider
+			resourceFetcher: URLSession.shared
 		),
-		oauthMetadataFetcher: HTTPOAuthMetadataFetcher(
-			httpRequester: URLSession.defaultProvider)
 	)
 
 	enum State {
@@ -51,7 +51,7 @@ import SwiftUI
 				logs.append(.init(body: "Resolved DID: \(resolvedDid.fullId)"))
 
 				let messageDelegate = try await AtprotoClient(
-					responseProvider: URLSession.defaultProvider
+					resourceFetcher: URLSession.shared
 				)
 				.getGermMessagingDelegate(did: resolvedDid)
 
@@ -73,13 +73,11 @@ import SwiftUI
 							session: sessionArchive,
 						),
 						appCredentials: oauthClient.appCredentials,
-						httpRequester: URLSession.defaultProvider,
+						resourceFetcher: URLSession.shared,
+						authFetcher: URLSession.manualRedirect(),
 						atprotoClient: AtprotoClient(
-							responseProvider: URLSession.defaultProvider
+							resourceFetcher: URLSession.shared
 						),
-						oauthMetadataFetcher: HTTPOAuthMetadataFetcher(
-							httpRequester: URLSession.defaultProvider
-						)
 					)
 				state = .loggedIn(session)
 

DemoApp/AtprotoOAuthDemoApp/UnauthenticatedView.swift

@@ -29,7 +29,7 @@ struct UnauthenticatedView: View {
 	@State private var processing: Task<Void, Never>? = nil
 
 	let client: AtprotoClientInterface = AtprotoClient.init(
-		responseProvider: URLSession.defaultProvider
+		resourceFetcher: URLSession.shared
 	)
 
 	var body: some View {

LocalPackages/AtprotoClient/Sources/AtprotoClient/AtprotoClient.swift

@@ -32,10 +32,10 @@ public protocol AtprotoSession {
 }
 
 public struct AtprotoClient {
-	let responseProvider: HTTPDataResponse.Requester
+	let resourceFetcher: HTTPFetcher
 
-	public init(responseProvider: @escaping HTTPDataResponse.Requester) {
-		self.responseProvider = responseProvider
+	public init(resourceFetcher: HTTPFetcher) {
+		self.resourceFetcher = resourceFetcher
 	}
 }
 

LocalPackages/AtprotoClient/Sources/AtprotoClient/Get/Auth/AuthRequest.swift

@@ -21,9 +21,9 @@ extension AtprotoClient {
 		let request = URLRequest.createRequest(url: requestURL, httpMethod: .get)
 
 		let result = try await session.authResponse(for: request)
-			.successErrorDecode(
-				resultType: X.Result.self,
-				errorType: Lexicon.XRPCError.self
+			.success(
+				decodeResult: X.Result.self,
+				orError: Lexicon.XRPCError.self
 			)
 
 		switch result {
@@ -51,9 +51,9 @@ extension AtprotoClient {
 		)
 
 		let result = try await session.authResponse(for: request)
-			.successErrorDecode(
-				resultType: X.Result.self,
-				errorType: Lexicon.XRPCError.self
+			.success(
+				decodeResult: X.Result.self,
+				orError: Lexicon.XRPCError.self
 			)
 
 		switch result {

LocalPackages/AtprotoClient/Sources/AtprotoClient/Get/PLCDirectoryQuery.swift

@@ -17,8 +17,9 @@ extension AtprotoClient {
 		var request = URLRequest(url: url)
 		request.addValue("application/json", forHTTPHeaderField: "Accept")
 
-		return try await responseProvider(request)
-			.successDecode()
+		return try await resourceFetcher.data(for: request)
+			.expectSuccess()
+			.decode()
 	}
 
 	private func constructPlcQueryUrl(did: Atproto.DID) throws -> URL {

LocalPackages/AtprotoClient/Sources/AtprotoClient/Get/Request.swift

@@ -22,10 +22,10 @@ extension AtprotoClient {
 			httpMethod: .get
 		)
 
-		let result = try await responseProvider(request)
-			.successErrorDecode(
-				resultType: X.Result.self,
-				errorType: Lexicon.XRPCError.self
+		let result = try await resourceFetcher.data(for: request)
+			.success(
+				decodeResult: X.Result.self,
+				orError: Lexicon.XRPCError.self
 			)
 
 		switch result {

LocalPackages/GermConvenience/Package.swift

@@ -5,6 +5,7 @@ import PackageDescription
 
 let package = Package(
 	name: "GermConvenience",
+	platforms: [.iOS(.v15), .macOS(.v12)],
 	products: [
 		// Products define the executables and libraries a package produces, making them visible to other packages.
 		.library(

LocalPackages/GermConvenience/Sources/GermConvenience/HTTPDataResponse.swift

@@ -7,21 +7,23 @@
 
 import Foundation
 
-//type the (data, responese) tuple so we can chain handlers
+//type the (data, response) tuple so we can chain handlers
 //these patterns are available in Vapor
 public struct HTTPDataResponse: Sendable {
 	public let data: Data
 	public let response: HTTPURLResponse
 
-	public typealias Requester = @Sendable (URLRequest) async throws -> HTTPDataResponse
-
 	public init(data: Data, response: HTTPURLResponse) {
 		self.data = data
 		self.response = response
 	}
 
-	public func successDecode<R: Decodable>() throws -> R {
-		guard response.statusCode >= 200 && response.statusCode < 300 else {
+	public func expect(successCode: Int) throws -> Data {
+		try expectSuccess(range: successCode...successCode)
+	}
+
+	public func expectSuccess(range: RangeExpression<Int> = 200..<300) throws -> Data {
+		guard range.contains(response.statusCode) else {
 			if let stringResponse = String(data: data, encoding: .utf8) {
 				throw
 					HTTPResponseError
@@ -30,40 +32,52 @@ public struct HTTPDataResponse: Sendable {
 				throw HTTPResponseError.unsuccessful(response.statusCode, data)
 			}
 		}
-		return try JSONDecoder().decode(R.self, from: data)
+		return data
 	}
 
 	public enum ErrorResult<R: Decodable, E: Decodable> {
 		case result(R)
 		case error(E, Int)
 	}
 
-	public func successErrorDecode<R: Decodable, E: Decodable>(
-		resultType: R.Type,
-		errorType: E.Type
+	public func success<R: Decodable, E: Decodable>(
+		code: Int,
+		decodeResult resultType: R.Type,
+		orError error: E.Type,
 	) throws -> ErrorResult<R, E> {
-		guard response.statusCode >= 200 && response.statusCode < 300 else {
-			do {
-				let decoded = try JSONDecoder().decode(E.self, from: data)
-				return .error(decoded, response.statusCode)
-			} catch {
-				if let stringResponse = String(data: data, encoding: .utf8) {
-					throw
-						HTTPResponseError
-						.unsuccessfulString(
-							response.statusCode, stringResponse)
-				} else {
-					throw HTTPResponseError.unsuccessful(
-						response.statusCode, data)
-				}
-			}
+		try success(
+			range: code...code,
+			decodeResult: R.self,
+			orError: E.self
+		)
+	}
+
+	public func success<R: Decodable, E: Decodable>(
+		range: RangeExpression<Int> = 200..<300,
+		decodeResult resultType: R.Type,
+		orError error: E.Type,
+	) throws -> ErrorResult<R, E> {
+		do {
+			return .result(
+				try expectSuccess(range: range)
+					.decode()
+			)
+		} catch {
+			return .error(try data.decode(), response.statusCode)
 		}
-		if resultType == Data?.self || resultType == Data.self,
-			let rawData = data as? R
+
+	}
+}
+
+extension Data {
+	//If the return type is Data we don't try to decode it
+	public func decode<R: Decodable>() throws -> R {
+		if R.self == Data?.self || R.self == Data.self,
+			let rawData = self as? R
 		{
-			return .result(rawData)
+			rawData
 		} else {
-			return try .result(JSONDecoder().decode(R.self, from: data))
+			try JSONDecoder().decode(R.self, from: self)
 		}
 	}
 }

LocalPackages/GermConvenience/Sources/GermConvenience/HTTPFetcher.swift

@@ -0,0 +1,63 @@
+//
+//  HTTPFetcher.swift
+//  GermConvenience
+//
+//  Created by Mark @ Germ on 3/7/26.
+//
+
+import Foundation
+
+#if canImport(FoundationNetworking)
+	import FoundationNetworking
+#endif
+
+///We are not genericizing over the network stack as our HTTP request construction relies heavily on
+///URLRequest which is tied closely to URLSession.
+///This genericization serves to allow mock ingestion for testing
+///This is a (sendable) object abstraction, not a closure, so that we can reason about the cache sharing
+///which is localiized to an instance of a URLSession
+public protocol HTTPFetcher: Sendable {
+	func data(for: URLRequest) async throws -> HTTPDataResponse
+}
+
+///Authorization fetches should not follow redirects. This includes
+///the protected resource metadata
+///https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2
+///and auth server metadata
+///https://datatracker.ietf.org/doc/html/rfc8414#section-3.2
+extension URLSession {
+	static public func manualRedirect() -> URLSession {
+		URLSession(
+			configuration: .default,
+			delegate: ManualRedirect(),
+			delegateQueue: nil
+		)
+	}
+}
+
+///The default (shared) urlsession does follow redirects, which is permitted for resource requests
+extension URLSession: HTTPFetcher {
+	public func data(for request: URLRequest) async throws -> HTTPDataResponse {
+		let (data, urlResponse) = try await self.data(for: request)
+		if let httpResponse = urlResponse as? HTTPURLResponse {
+			return .init(data: data, response: httpResponse)
+		} else {
+			throw URLSessionError.nonHttpResponse
+		}
+	}
+}
+
+enum URLSessionError: Error {
+	case nonHttpResponse
+}
+
+final class ManualRedirect: NSObject, URLSessionTaskDelegate {
+	func urlSession(
+		_ session: URLSession,
+		task: URLSessionTask,
+		willPerformHTTPRedirection response: HTTPURLResponse,
+		newRequest request: URLRequest
+	) async -> URLRequest? {
+		nil
+	}
+}

LocalPackages/oauth4swift/Package.swift

@@ -5,7 +5,7 @@ import PackageDescription
 
 let package = Package(
 	name: "OAuth",
-	platforms: [.iOS(.v15), .macOS(.v12)],
+	platforms: [.iOS(.v16), .macOS(.v13)],
 	products: [
 		// Products define the executables and libraries a package produces, making them visible to other packages.
 		.library(