SSOTokenImpl

public final class SSOTokenImpl : SSOToken, Sendable, Codable

A concrete implementation of SSOToken used for session storage and management.

SSOTokenImpl provides the standard implementation of an SSO token within the Journey framework. It encapsulates all necessary information about an authenticated session, including the session value, success URL, and authentication realm.

Storage and Persistence

This class is designed to work seamlessly with the storage layer:

Conforms to Codable for JSON serialization to Keychain or other storage
Marked as Sendable for safe concurrent access across actor boundaries
Immutable properties ensure thread-safe usage

Usage in Journey Framework

SSOTokenImpl instances are typically created internally by the Journey framework during authentication flows. However, you can also create instances manually for testing or custom authentication scenarios:

let token = SSOTokenImpl(
    value: "session_token_abc123",
    successUrl: "https://example.com/success",
    realm: "alpha"
)

// Store the token
let storage = KeychainStorage<SSOTokenImpl>(
    account: "my_sessions",
    encryptor: SecuredKeyEncryptor() ?? NoEncryptor()
)
try await storage.save(item: token)

// Retrieve the token later
let retrievedToken = try await storage.get()
print(retrievedToken?.value) // "session_token_abc123"

Integration with SessionConfig

SSOTokenImpl is the type parameter for SessionConfig‘s storage property:

let sessionConfig = SessionConfig()
// sessionConfig.storage is of type Storage<SSOTokenImpl>

// Custom storage for a specific user
sessionConfig.storage = KeychainStorage<SSOTokenImpl>(
    account: "user_sessions",
    encryptor: SecuredKeyEncryptor() ?? NoEncryptor()
)

Important

All properties are immutable (let) to ensure thread safety and prevent accidental modification after creation.

Note

This class is marked as final to prevent subclassing, ensuring the implementation remains consistent across the framework.

See also

SessionConfig for configuring session storage

value
The session token value.

This is the actual session identifier or token string provided by the authentication server. It’s used to maintain the authenticated session and is typically sent with subsequent requests to prove authentication.
Declaration
Swift

public let value: String
successUrl
The URL to redirect to upon successful authentication.

After authentication completes successfully, the application should navigate to this URL. This is provided by the authentication server as part of the success response.
Declaration
Swift

public let successUrl: String
realm
The authentication realm or domain.

Identifies the authentication context or tenant for this session. This is particularly important in multi-tenant deployments where different realms may represent different organizations or user stores.
Declaration
Swift

public let realm: String


                    
                    
                    init(value:successUrl:realm:)

Creates a new SSO token with the specified session information.

Use this initializer to create SSO token instances for authentication flows, testing, or when manually managing session state.

Example

let token = SSOTokenImpl(
    value: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    successUrl: "https://app.example.com/dashboard",
    realm: "customers"
)

Declaration

Swift

public init(value: String, successUrl: String, realm: String)

Parameters

`value`	The session token value. This should be the session identifier or token string provided by your authentication server.
`successUrl`	The URL to navigate to after successful authentication. This should be a valid, absolute URL string.
`realm`	The authentication realm or domain. This identifies the authentication context for the session.

Codable Conformance


                    
                    
                    init(from:)

Creates a new SSO token by decoding from the given decoder.

This initializer is used automatically when decoding SSO tokens from storage (e.g., Keychain, UserDefaults, or other persistence layers). You typically don’t call this directly; instead, use standard decoding:

let decoder = JSONDecoder()
let token = try decoder.decode(SSOTokenImpl.self, from: data)

Throws

DecodingError if the data is corrupted or if a required property cannot be decoded.

Declaration

Swift

required public init(from decoder: Decoder) throws

Parameters


                                decoder

The decoder to read data from.


                    
                    
                    encode(to:)

Encodes this SSO token into the given encoder.

This method is used automatically when encoding SSO tokens for storage (e.g., to Keychain, UserDefaults, or other persistence layers). You typically don’t call this directly; instead, use standard encoding:

let encoder = JSONEncoder()
let data = try encoder.encode(token)

Throws

EncodingError if any values are invalid for the given encoder’s format.

Declaration

Swift

public func encode(to encoder: Encoder) throws

Parameters


                                encoder

The encoder to write data to.