Skip to content

AB#268289 Federated Authentication#134

Open
k-antipochkin wants to merge 7 commits intomasterfrom
feature/268289-auth
Open

AB#268289 Federated Authentication#134
k-antipochkin wants to merge 7 commits intomasterfrom
feature/268289-auth

Conversation

@k-antipochkin
Copy link
Contributor

@k-antipochkin k-antipochkin commented Feb 17, 2026
edited
Loading

Description of Changes

Adds federated JWT authentication to the iOS SDK. When enableAuth() is used, the SDK fetches JWTs from a client-provided closure and attaches them via X-User-JWT on all user-identified requests.

Key changes

  • AuthManager + enableAuth() on config builder
  • X-Optimove-Auth-Capable: 1 sent on all requests (both HTTP stacks)
  • JWT attached for: OptiTrack, RealTime, PreferenceCenter, EmbeddedMessaging, AnalyticsHelper, InAppManager
  • OptistreamDispatcher groups events by customer so each batch has a single JWT
  • AnalyticsHelper fetches events per userIdentifier so JWT matches the batch
  • Fail-closed when getToken fails (request dropped)

Usage

.enableAuth { userId, completion in
    MyAuthService.getJWT(for: userId) { result in
        switch result {
        case .success(let jwt): completion(jwt, nil)
        case .failure(let error): completion(nil, error)
        }
    }
}

Response table:

Backend Old SDK (no header) New SDK + no JWT New SDK + bad JWT New SDK + valid JWT
OptiStream 200 401 401 200
RT-decider 200 401 401 200
stats-service 200 401 401 200
push-service 401 401 401 200
preference-center 401 401 401 200
inbox 401 401 401 200

Breaking Changes

  • None

Release Checklist

Prepare:

  • Detail any breaking changes. Breaking changes require a new major version number
  • Check pod lib lint passes
  • Update any relevant sections of the repository wiki pages on a branch

Bump versions in:

  • OptimoveCore.podspec

  • OptimoveNotificationServiceExtension.podspec

  • OptimoveSDK.podspec

  • OptimoveCore/Sources/Classes/Constants/SDKVersion.swift

  • README.md

  • CHANGELOG.md

  • Update major version numbers in wiki (basic integration + push guides)

Integration tests

T&T Only

  • Init SDK with only T&T credentials
  • Associate customer
  • Associate email
  • Track events

Mobile Only

  • Init SDK with all credentials
  • Track events
  • Associate customer (verify both backends)
  • Register for push
  • Opt-in for In-App
  • Send test push
  • Send test In-App
  • Receive / trigger deep link handler (In-App/Push)
  • Receive / trigger the content extension, render image and action buttons for push
  • Verify push opened handler

Deferred Deep Links

  • With app installed, trigger deep link handler
  • With app uninstalled, follow deep link, install test bundle, verify deep link read from Clipboard, trigger deep link handler

Combined

  • Track event for T&T, verify push received
  • Trigger scheduled campaign, verify push received
  • Trigger scheduled campaign, verify In-App received

Release:

  • Squash and merge to master
  • Delete branch once merged
  • Create tag from master matching chosen version
  • Run pod trunk push to publish to CocoaPods

Post Release:

  • Push wiki pages to master

@k-antipochkin k-antipochkin changed the title Feature/268289 auth AB#268289 Federated Authentication Feb 17, 2026
@k-antipochkin k-antipochkin marked this pull request as ready for review February 17, 2026 14:33
Copilot AI reviewed Feb 18, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds federated JWT authentication support to the iOS SDK, enabling secure user-identified requests across all SDK endpoints. The implementation introduces an AuthManager that wraps a client-provided token provider closure, and integrates it throughout the networking stack with fail-closed semantics (requests are dropped if authentication fails).

Changes:

  • Added AuthManager with AuthTokenProvider closure type for JWT token retrieval
  • Integrated JWT authentication into all user-identified HTTP requests (OptiTrack, RealTime, PreferenceCenter, EmbeddedMessaging, AnalyticsHelper, InAppManager)
  • Implemented OptistreamDispatcher to group events by customer identity, ensuring each batch carries a single valid JWT
  • Added X-Optimove-Auth-Capable: 1 header to all requests to signal auth capability to backends
  • Modified AnalyticsHelper to fetch events per user identifier to ensure JWT-to-batch alignment

Reviewed changes

Copilot reviewed 40 out of 41 changed files in this pull request and generated no comments.

Show a summary per file
File Description
OptimoveCore/Sources/Classes/Auth/AuthManager.swift New authentication manager coordinating JWT token retrieval from client-provided closure
OptimoveCore/Sources/Classes/Optistream/OptistreamDispatcher.swift New dispatcher layer that groups events by customer and resolves JWTs before network calls
OptimoveCore/Sources/Classes/Optistream/OptistreamNetworking.swift Updated to accept optional JWT parameter and attach X-User-JWT header
OptimoveCore/Sources/Classes/NetworkClient/NetworkClient.swift Added X-Optimove-Auth-Capable header to all requests
OptimoveCore/Sources/Classes/NetworkClient/NetworkRequest.swift Added X-User-JWT header field and String-based HTTPHeader initializer
OptimoveSDK/Sources/Classes/OptimoveConfig.swift Added authTokenProvider field and enableAuth() builder method
OptimoveSDK/Sources/Classes/Optimove.swift Wired AuthManager through initialization flow
OptimoveSDK/Sources/Classes/Optimobile/Network/KSHttpClient.swift Integrated auth resolution with fail-closed semantics for Optimobile stack
OptimoveSDK/Sources/Classes/Optimobile/AnalyticsHelper.swift Modified to fetch events per user to ensure single JWT per batch
OptimoveSDK/Sources/Classes/Optimobile/InApp/InAppManager.swift Added authUserId parameter using associatedUserId helper
OptimoveSDK/Sources/Classes/EmbeddedMessaging/EmbeddedMessaging.swift Added resolveJWT helper and integrated JWT into all API calls
OptimoveSDK/Sources/Classes/PreferenceCenter/OptimovePreferenceCenter.swift Added resolveJWT helper and integrated JWT into all API calls
OptimoveSDK/Sources/Classes/Components/OptiTrack/OptiTrack.swift Updated to use OptistreamDispatcher instead of OptistreamNetworking directly
OptimoveSDK/Sources/Classes/Components/RealTime/RealTime.swift Updated to use OptistreamDispatcher instead of OptistreamNetworking directly
OptimoveSDK/Sources/Classes/Factories/ComponentFactory.swift Wired authManager into component creation
OptimoveSDK/Sources/Classes/Services/ServiceLocator.swift Added authManager property for dependency injection
OptimobileShared/OptimobileHelper.swift Added associatedUserId helper to distinguish visitor vs authenticated users
Shared/Sources/Mocks/OptistreamDispatcherMock.swift New mock for OptistreamDispatcher protocol
Shared/Sources/Mocks/OptistreamNetworkingMock.swift Updated mock signature to match new protocol
Multiple test files Comprehensive test coverage for auth integration across all layers
OptimoveCore.podspec, OptimoveSDK.podspec, OptimoveNotificationServiceExtension.podspec Version bumped to 6.4.0
OptimoveCore/Sources/Classes/Constants/SDKVersion.swift Version bumped to 6.4.0
CHANGELOG.md Documented changes for version 6.4.0
Package.resolved files Updated Mocker dependency from 3.0.1 to 3.0.2

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@k-antipochkin