icapps / ios-cara Goto Github PK

The example project should contain:

• Different request
• Different serializers
• Reachability
• Different loggers

Currently Cara supports two types for the body parameter: Data and any Foundation type that can be serialised using JSONSerialization.

It would be nice if it would also support a third type: Codable. That would allow us to use any type that implements the Codable protocol as the body.

Currently we are working around this by manually encoding to Data and then using that in the body, but that makes error handling cumbersome and is error prone to do every time.

This is useful when you want to send analytics to your own server, and you want this to happen in the most performant way.

Make sure that the completion handler can be triggered from the UIApplicationDelegate.

func application(_ application: UIApplication,
                 handleEventsForBackgroundURLSession identifier: String,
                 completionHandler: @escaping () -> Void)

I am by no means an expert on authentication, this is just what I found by trial and error.

When making a request, sometimes an authentication challenge of type NSURLAuthenticationMethodClientCertificate is received. This causes Cara to cancel the authentication challenge, and therefore failing the network request.

Would it be possible to change this behaviour? I tried it with completionHandler(.performDefaultHandling, nil), and that seems to work fine. I have no idea what the security implications of that are though.

This happens on NetworkService.swift:88:

guard
    let serverTrust = challenge.protectionSpace.serverTrust,
    challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust else {
    completionHandler(.cancelAuthenticationChallenge, nil) // <---
    return
}

I would use this framework. But make it possible to use it with our Service instance.

When the token refresh fails we should be able to tell the client that a logout occurred.

Maybe it's a good idea to make it possible to handle a response in a different way then triggering the default completion handler. ex. HTTP status code 503 should trigger something. This way we could also handle the token refresh #14

The public keys are generated for the domain on every request. but I think we should cache the generated value so that the public key pinning process is optimised.

We could maybe use Starscream for this feature.

We need a mechanism where a refresh can be executed when some HTTP status code is thrown. The refresh will an another Request.

Make sure that when we fire a lot of requests at the same time that the refresh Request isn't triggered multiple times. So some blocking the thread and keeping track of the triggered requests should be handled.

Maybe it's also a good idea to have support for SSL Pinning.