BMCredentials 是一种轻量级、安全的用户凭证存储方法,它直接建立在 iOS Keychain 之上。它具有灵活多用的特性,允许存储和检索多个凭证,同时也方便用于单个凭证的使用案例。
内置 iCloud Keychain 支持,您可以允许用户在所有设备上只需登录一次即可访问其应用程序。
BMCredentials 使得保护用户机密既快速又轻松,同时也为用户提供了愉快的体验。
BMCredentials 对象非常基本。以下是一份属性概述:
username - 用户的用户名或电子邮件地址或用于唯一标识用户的任何信息password - 用户的(希望是强大的)密码url - 将使用这些凭据的 web 服务、服务器或其他在线实体的 URL(目前在阶段,只支持 http 和 https URL 方案,但欢迎 pull request!)enableCloudSync - 通过 iCloud Keychain 自动同步此用户的凭证至所有设备。更多详情,请参阅使用 iCloud Keychain 的需求 (默认为 NO)enableBackgroundAccess - 允许应用程序在后台时访问这些凭证,前提是设备至少解锁一次 (默认为仅前台访问,因为这更安全)为了使 BMCredentials 对象能够在所有用户设备上自动同步,有一些先决条件:
请注意,如果用户未登录到iCloud或未开启iCloud密钥串,BMCredentials仍然会工作,但云同步将禁用。
默认凭证适用于大多数应用。大多数应用只需要保存单个用户账户即可。如果您的应用需要多个用户账户,请参阅下方的密钥凭证。
NSError *error = nil;
BMCredentials *credentials = [BMCredentials defaultCredentials:&error];
if (!credentials)
{
// All the error codes are passed through directly from the SecItem API
if (error.code == errSecItemNotFound)
{
// None found, but that's probably ok if its the first time
}
else
{
// This, however, is probably not a good thing
}
}
BMCredentials *credentials = [[BMCredentials alloc] init];
credentials.username = @"john.appleseed";
credentials.password = @"heartbleedsucksineedastrongerpassword";
credentials.url = [NSURL URLWithString:@"https://somewebservice.com"];
NSError *error = nil;
if (![BMCredentials setDefaultCredentials:credentials error:&error])
{
// If an error occurs, refer to the Security.framework headers for
// identification (they all begin with errSec). Whilst errors are unlikely,
// good software handles all errors gracefully
}
NSError *error = nil;
if (![BMCredentials removeDefaultCredentials:&error])
{
// If an error occurs, refer to the Security.framework headers for
// identification (they all begin with errSec). Whilst errors are unlikely,
// good software handles all errors gracefully
}
默认凭证是使用默认密钥的密钥凭证,以便于广泛使用。密钥凭证增加一个参数并在需要的情况下添加多个凭证集。
NSError *error = nil;
NSString *credsKey = @"github";
BMCredentials *credentials = [BMCredentials credentialsForKey:credsKey error:&error];
if (!credentials)
{
// All the error codes are passed through directly from the SecItem API
if (error.code == errSecItemNotFound)
{
// None found, but that's probably ok if its the first time
}
else
{
// This, however, is probably not a good thing
}
}
BMCredentials *credentials = [[BMCredentials alloc] init];
credentials.username = @"john.appleseed";
credentials.password = @"heartbleedsucksineedastrongerpassword";
credentials.url = [NSURL URLWithString:@"https://github.com"];
credentials.enableCloudSync = YES;
NSError *error = nil;
NSString *credsKey = @"github";
if (![BMCredentials setCredentials:credentials forKey:credsKey error:&error])
{
// If an error occurs, refer to the Security.framework headers for
// identification (they all begin with errSec). Whilst errors are unlikely,
// good software handles all errors gracefully
}
NSError *error = nil;
NSString *credsKey = @"github";
if (![BMCredentials removeCredentialsForKey:credsKey error:&error])
{
// If an error occurs, refer to the Security.framework headers for
// identification (they all begin with errSec). Whilst errors are unlikely,
// good software handles all errors gracefully
}
通常当用户退出您的应用时,您可能希望清除系统中存储的所有凭证。BMCredentials通过向每个使用的项目添加标签来跟踪其iOS密钥串数据库中的所有存储。这使得从密钥串中删除所有凭证变得非常简单。
NSError *error = nil;
if (![BMCredentials removeAllCredentials:&error])
{
// If an error occurs, refer to the Security.framework headers for
// identification (they all begin with errSec). Whilst errors are unlikely,
// good software handles all errors gracefully
}
要运行示例项目,首先克隆存储库,然后从示例目录运行pod install。
Adam Iredale, @iosengineer
BMCredentials以下MIT许可证提供。更多信息请参见LICENSE文件。