OathKeychainStorage

public final class OathKeychainStorage : OathStorage, @unchecked Sendable

Keychain-based storage implementation for OATH credentials. Uses iOS Keychain Services for secure credential storage.

This implementation stores credential metadata and secrets separately in the iOS Keychain. Credential metadata is stored as JSON data, while secrets are stored as secure keychain items with appropriate accessibility settings.

Note

This class is thread-safe and handles concurrent access properly.

Initializers

  • Creates a new keychain storage instance.

    Declaration

    Swift

    public init(
    service: String = "com.pingidentity.oath",
    logger: Logger? = nil,
    securityOptions: OathKeychainSecurityOptions = .standard
)

    Parameters

    service

    The keychain service identifier. Defaults to “com.pingidentity.oath”.
    logger

    Optional logger for storage operations.
    securityOptions

    Security configuration for keychain operations. Defaults to standard security.

  • Creates a new keychain storage instance with individual security parameters (convenience).

    Declaration

    Swift

    public convenience init(
    service: String = "com.pingidentity.oath",
    logger: Logger? = nil,
    accessGroup: String? = nil,
    accessibility: CFString = kSecAttrAccessibleWhenUnlockedThisDeviceOnly
)

    Parameters

    service

    The keychain service identifier. Defaults to “com.pingidentity.oath”.
    logger

    Optional logger for storage operations.
    accessGroup

    Optional keychain access group for shared access.
    accessibility

    Keychain accessibility level. Defaults to kSecAttrAccessibleWhenUnlockedThisDeviceOnly.

OathStorage Implementation

  • Store an OATH credential in the keychain.

    Throws

    OathStorageError.storageFailure if keychain operations fail.

    Declaration

    Swift

    public func storeOathCredential(_ credential: OathCredential) async throws

    Parameters

    credential

    The OATH credential to store.

  • Retrieve an OATH credential from the keychain.

    Throws

    OathStorageError.storageFailure if keychain operations fail.

    Declaration

    Swift

    public func retrieveOathCredential(credentialId: String) async throws -> OathCredential?

    Parameters

    credentialId

    The ID of the credential to retrieve.

    Return Value

    The credential if found, nil otherwise.

  • Get all OATH credentials from the keychain.

    Throws

    OathStorageError.storageFailure if keychain operations fail.

    Declaration

    Swift

    public func getAllOathCredentials() async throws -> [OathCredential]

    Return Value

    Array of all stored credentials.

  • Remove an OATH credential from the keychain.

    Throws

    OathStorageError.storageFailure if keychain operations fail.

    Declaration

    Swift

    public func removeOathCredential(credentialId: String) async throws -> Bool

    Parameters

    credentialId

    The ID of the credential to remove.

    Return Value

    true if removed, false if not found.

  • clearOathCredentials() Asynchronous

    Clear all OATH credentials from the keychain.

    Throws

    OathStorageError.storageFailure if keychain operations fail.

    Declaration

    Swift

    public func clearOathCredentials() async throws

  • Retrieve an OATH credential by issuer and account name.

    Throws

    OathStorageError.storageFailure if keychain operations fail.

    Declaration

    Swift

    public func getCredentialByIssuerAndAccount(issuer: String, accountName: String) async throws -> OathCredential?

    Parameters

    issuer

    The issuer of the credential.
    accountName

    The account name of the credential.

    Return Value

    The credential if found, nil otherwise.