Solve some concurrency warnings

DominikPalo · DominikPalo · commit c666285fa2ab · 2025-04-17T16:55:56.000+02:00
diff --git a/Sources/Base/OAuth2AuthConfig.swift b/Sources/Base/OAuth2AuthConfig.swift
@@ -26,22 +26,14 @@ import UIKit
 /**
 Simple struct to hold settings describing how authorization appears to the user.
 */
-public struct OAuth2AuthConfig {
+public struct OAuth2AuthConfig: Sendable {
 	
 	/// Sub-stuct holding configuration relevant to UI presentation.
-	public struct UI {
+	public struct UI: Sendable {
 		
 		/// Title to propagate to views handled by OAuth2, such as OAuth2WebViewController.
 		public var title: String? = nil
 		
-		/// By assigning your own UIBarButtonItem (!) you can override the back button that is shown in the iOS embedded web view (does NOT apply to `SFSafariViewController` or `ASWebAuthenticationSession`).
-		@available(*, deprecated, message: "This will be removed in v6.")
-		public var backButton: AnyObject? = nil
-		
-		/// If true it makes the login cancellable, otherwise the cancel button is not shown in the embedded web view.
-		@available(*, deprecated, message: "This will be removed in v6.")
-		public var showCancelButton = true
-		
 		/// Starting with iOS 9, `SFSafariViewController` will be used for embedded authorization instead of our custom class. You can turn this off here.
 		public var useSafariView = false
 		
@@ -72,7 +64,7 @@ public struct OAuth2AuthConfig {
 	/// Context information for the authorization flow:
 	/// - iOS:   The parent view controller to present from
 	/// - macOS: An NSWindow from which to present a modal sheet _or_ `nil` to present in a new window
-	public weak var authorizeContext: AnyObject? = nil
+	public nonisolated(unsafe) weak var authorizeContext: (AnyObject)? = nil
 	
 	/// UI-specific configuration.
 	public var ui = UI()
diff --git a/Sources/Base/OAuth2AuthRequest.swift b/Sources/Base/OAuth2AuthRequest.swift
@@ -66,6 +66,7 @@ public enum OAuth2EndpointAuthMethod: String {
 /**
 Class representing an OAuth2 authorization request that can be used to create NSURLRequest instances.
 */
+@OAuth2Actor
 open class OAuth2AuthRequest {
 	
 	/// The url of the receiver. Queries may by added by parameters specified on `params`.
diff --git a/Sources/Base/OAuth2AuthorizerUI.swift b/Sources/Base/OAuth2AuthorizerUI.swift
@@ -24,6 +24,7 @@ import Foundation
 /**
 Platform-dependent authorizers must adopt this protocol.
 */
+@OAuth2Actor
 public protocol OAuth2AuthorizerUI {
 	
 	/// The OAuth2 instance this authorizer belongs to.
@@ -44,5 +45,5 @@ public protocol OAuth2AuthorizerUI {
 	- parameter at:   The authorize URL to open
 	- throws:         Can throw OAuth2Error if the method is unable to show the authorize screen
 	*/
-	func authorizeEmbedded(with config: OAuth2AuthConfig, at url: URL) throws
+	func authorizeEmbedded(with config: OAuth2AuthConfig, at url: URL) async throws
 }
diff --git a/Sources/Base/OAuth2Base.swift b/Sources/Base/OAuth2Base.swift
@@ -22,6 +22,10 @@ import Foundation
 import CommonCrypto
 
 
+@globalActor public actor OAuth2Actor : GlobalActor {
+	public static let shared = OAuth2Actor()
+}
+
 /**
 Class extending on OAuth2Requestable, exposing configuration and maintaining context, serving as base class for `OAuth2`.
 */
@@ -202,18 +206,18 @@ open class OAuth2Base: OAuth2Securable {
 		return authURL.description
 	}
 	
-	override open func updateFromKeychainItems(_ items: [String: Any]) {
+	override open func updateFromKeychainItems(_ items: [String: any Sendable]) {
 		for message in clientConfig.updateFromStorableItems(items) {
 			logger?.debug("OAuth2", msg: message)
 		}
 		clientConfig.secretInBody = (clientConfig.endpointAuthMethod == OAuth2EndpointAuthMethod.clientSecretPost)
 	}
 	
-	override open func storableCredentialItems() -> [String: Any]? {
+	override open func storableCredentialItems() -> [String: any Sendable]? {
 		return clientConfig.storableCredentialItems()
 	}
 	
-	override open func storableTokenItems() -> [String: Any]? {
+	override open func storableTokenItems() -> [String: any Sendable]? {
 		return clientConfig.storableTokenItems()
 	}
 	
diff --git a/Sources/Base/OAuth2ClientConfig.swift b/Sources/Base/OAuth2ClientConfig.swift
@@ -209,10 +209,10 @@ open class OAuth2ClientConfig {
 	
 	- returns: A storable dictionary with credentials
 	*/
-	func storableCredentialItems() -> [String: Any]? {
+	func storableCredentialItems() -> [String: any Sendable]? {
 		guard let clientId = clientId, !clientId.isEmpty else { return nil }
 		
-		var items: [String: Any] = ["id": clientId]
+		var items: [String: any Sendable] = ["id": clientId]
 		if let secret = clientSecret {
 			items["secret"] = secret
 		}
@@ -225,8 +225,8 @@ open class OAuth2ClientConfig {
 	
 	- returns: A storable dictionary with token data
 	*/
-	func storableTokenItems() -> [String: Any]? {
-		var items = [String: Any]()
+	func storableTokenItems() -> [String: any Sendable]? {
+		var items = [String: any Sendable]()
 
 		if let access = accessToken {
 			items["accessToken"] = access
diff --git a/Sources/Base/OAuth2CustomAuthorizerUI.swift b/Sources/Base/OAuth2CustomAuthorizerUI.swift
@@ -22,6 +22,7 @@
 /**
 Platform-dependent login presenters that present custom login views must adopt this protocol.
 */
+@OAuth2Actor
 public protocol OAuth2CustomAuthorizerUI {
 	
 	/**
@@ -31,7 +32,7 @@ public protocol OAuth2CustomAuthorizerUI {
 	- parameter fromContext:     The presenting context, typically another controller of platform-dependent type
 	- parameter animated:        Whether the presentation should be animated
 	*/
-	func present(loginController: AnyObject, fromContext context: AnyObject?, animated: Bool) throws
+	func present(loginController: AnyObject, fromContext context: AnyObject?, animated: Bool) async throws
 	
 	/**
 	This function must dismiss the login controller.
diff --git a/Sources/Base/OAuth2DebugURLSessionDelegate.swift b/Sources/Base/OAuth2DebugURLSessionDelegate.swift
@@ -28,7 +28,7 @@ Doing so is a REALLY BAD IDEA, even in development environments where you can us
 Still, sometimes you'll have to do this so this class is provided, but DO NOT SUBMIT your app using self-signed SSL certs to the App
 Store. You have been warned!
 */
-open class OAuth2DebugURLSessionDelegate: NSObject, URLSessionDelegate {
+final class OAuth2DebugURLSessionDelegate: NSObject, URLSessionDelegate {
 	
 	/// The host to allow a self-signed SSL certificate for.
 	let host: String
@@ -42,7 +42,7 @@ open class OAuth2DebugURLSessionDelegate: NSObject, URLSessionDelegate {
 		self.host = host
 	}
 	
-	open func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge,
+	func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge,
 	                     completionHandler: @escaping (Foundation.URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
 		if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
 			if challenge.protectionSpace.host == host, let trust = challenge.protectionSpace.serverTrust {
diff --git a/Sources/Base/OAuth2KeychainAccount.swift b/Sources/Base/OAuth2KeychainAccount.swift
@@ -20,13 +20,14 @@
 
 import Foundation
 #if !NO_KEYCHAIN_IMPORT     // needs to be imported when using `swift build`, not when building via Xcode
-import SwiftKeychain
+@preconcurrency import SwiftKeychain
 #endif
 
 
 /**
 Keychain integration handler for OAuth2.
 */
+@OAuth2Actor
 struct OAuth2KeychainAccount: KeychainGenericPasswordType {
 	
 	/// The service name to use.
@@ -52,7 +53,7 @@ struct OAuth2KeychainAccount: KeychainGenericPasswordType {
 	- parameter account: The account name to use
 	- parameter data:    Data that we want to store to the keychain
 	*/
-	init(oauth2: OAuth2Securable, account: String, data inData: [String: Any] = [:]) {
+	init(oauth2: OAuth2Securable, account: String, data inData: [String: any Sendable] = [:]) {
 		serviceName = oauth2.keychainServiceName()
 		accountName = account
 		accessMode = String(oauth2.keychainAccessMode)
@@ -74,7 +75,7 @@ extension KeychainGenericPasswordType {
 	
 	- returns: A [String: Any] dictionary of data fetched from the keychain
 	*/
-	mutating func fetchedFromKeychain() throws -> [String: Any] {
+	mutating func fetchedFromKeychain() throws -> [String: any Sendable] {
 		do {
 			try _ = fetchFromKeychain()
 			return data
diff --git a/Sources/Base/OAuth2Logger.swift b/Sources/Base/OAuth2Logger.swift
@@ -64,6 +64,7 @@ A simple protocol for loggers used in OAuth2.
 The `OAuth2DebugLogger` is a simple implementation that logs to stdout. If you need more sophisticated logging, just adapt this protocol
 and set your logger on the `OAuth2` instance you're using.
 */
+@OAuth2Actor
 public protocol OAuth2Logger {
 	
 	/// The logger's logging level.
diff --git a/Sources/Base/OAuth2RequestPerformer.swift b/Sources/Base/OAuth2RequestPerformer.swift
@@ -14,6 +14,7 @@ Protocol for types that can perform `URLRequest`s.
 
 The class `OAuth2DataTaskRequestPerformer` implements this protocol and is by default used by all `OAuth2` classes to perform requests.
 */
+@OAuth2Actor
 public protocol OAuth2RequestPerformer {
 	
 	/**
diff --git a/Sources/Base/OAuth2Requestable.swift b/Sources/Base/OAuth2Requestable.swift
@@ -22,7 +22,7 @@ import Foundation
 
 
 /// Typealias to ease working with JSON dictionaries.
-public typealias OAuth2JSON = [String: Any]
+public typealias OAuth2JSON = [String: any Sendable]
 
 /// Typealias to work with dictionaries full of strings.
 public typealias OAuth2StringDict = [String: String]
@@ -34,6 +34,7 @@ public typealias OAuth2Headers = [String: String]
 /**
 Abstract base class for OAuth2 authorization as well as client registration classes.
 */
+@OAuth2Actor
 open class OAuth2Requestable {
 	
 	/// Set to `true` to log all the things. `false` by default. Use `"verbose": bool` in settings or assign `logger` yourself.
diff --git a/Sources/Base/OAuth2Securable.swift b/Sources/Base/OAuth2Securable.swift
@@ -134,15 +134,15 @@ open class OAuth2Securable: OAuth2Requestable {
 	}
 	
 	/** Updates instance properties according to the items found in the given dictionary, which was found in the keychain. */
-	func updateFromKeychainItems(_ items: [String: Any]) {
+	func updateFromKeychainItems(_ items: [String: any Sendable]) {
 	}
 	
 	/**
 	Items that should be stored when storing client credentials.
 	
 	- returns: A dictionary with `String` keys and `Any` items
 	*/
-	open func storableCredentialItems() -> [String: Any]? {
+	open func storableCredentialItems() -> [String: any Sendable]? {
 		return nil
 	}
 	
@@ -166,7 +166,7 @@ open class OAuth2Securable: OAuth2Requestable {
 	
 	- returns: A dictionary with `String` keys and `Any` items
 	*/
-	open func storableTokenItems() -> [String: Any]? {
+	open func storableTokenItems() -> [String: any Sendable]? {
 		return nil
 	}
 	
diff --git a/Sources/Base/extensions.swift b/Sources/Base/extensions.swift
@@ -34,7 +34,7 @@ extension HTTPURLResponse {
 
 extension String {
 	
-	fileprivate static var wwwFormURLPlusSpaceCharacterSet: CharacterSet = CharacterSet.wwwFormURLPlusSpaceCharacterSet
+	fileprivate static let wwwFormURLPlusSpaceCharacterSet: CharacterSet = CharacterSet.wwwFormURLPlusSpaceCharacterSet
 	
 	/// Encodes a string to become x-www-form-urlencoded; the space is encoded as plus sign (+).
 	var wwwFormURLEncodedString: String {
@@ -73,6 +73,7 @@ extension CharacterSet {
 }
 
 
+@OAuth2Actor
 extension URLRequest {
 	
 	/** A string describing the request, including headers and body. */
diff --git a/Sources/DataLoader/OAuth2DataLoaderSessionTaskDelegate.swift b/Sources/DataLoader/OAuth2DataLoaderSessionTaskDelegate.swift
@@ -28,7 +28,8 @@ import Base
 Simple implementation of a session task delegate, which looks at HTTP redirecting, approving redirects in the same domain and re-signing the
 redirected request.
 */
-open class OAuth2DataLoaderSessionTaskDelegate: NSObject, URLSessionTaskDelegate {
+@OAuth2Actor
+final class OAuth2DataLoaderSessionTaskDelegate: NSObject, URLSessionTaskDelegate {
 	
 	/// The loader to which the delegate belongs, needed for request signing.
 	public internal(set) weak var loader: OAuth2DataLoader?
@@ -50,7 +51,7 @@ open class OAuth2DataLoaderSessionTaskDelegate: NSObject, URLSessionTaskDelegate
 	
 	// MARK: - URLSessionTaskDelegate
 	
-	open func urlSession(_ session: URLSession, task: URLSessionTask, willPerformHTTPRedirection response: HTTPURLResponse, newRequest request: URLRequest, completionHandler: @escaping (URLRequest?) -> Void) {
+	func urlSession(_ session: URLSession, task: URLSessionTask, willPerformHTTPRedirection response: HTTPURLResponse, newRequest request: URLRequest, completionHandler: @escaping (URLRequest?) -> Void) {
 		guard request.url?.host == host else {
 			loader?.logger?.warn("OAuth2", msg: "Redirected to «\(request.url?.host ?? "nil")» but only approving HTTP redirection on «\(host)», not following redirect: \(request)")
 			completionHandler(nil)
diff --git a/Sources/Flows/OAuth2.swift b/Sources/Flows/OAuth2.swift
@@ -188,7 +188,7 @@ open class OAuth2: OAuth2Base {
 	*/
 	open func doAuthorize(params: OAuth2StringDict? = nil) async throws {
 		if authConfig.authorizeEmbedded {
-			try doAuthorizeEmbedded(with: authConfig, params: params)
+			try await doAuthorizeEmbedded(with: authConfig, params: params)
 		}
 		else {
 			try doOpenAuthorizeURLInBrowser(params: params)
@@ -218,10 +218,10 @@ open class OAuth2: OAuth2Base {
 	- parameter with:   The configuration to be used; usually uses the instance's `authConfig`
 	- parameter params: Additional authorization parameters to supply during the OAuth dance
 	*/
-	final func doAuthorizeEmbedded(with config: OAuth2AuthConfig, params: OAuth2StringDict? = nil) throws {
+	final func doAuthorizeEmbedded(with config: OAuth2AuthConfig, params: OAuth2StringDict? = nil) async throws {
 		let url = try authorizeURL(params: params)
 		logger?.debug("OAuth2", msg: "Opening authorize URL embedded: \(url)")
-		try authorizer.authorizeEmbedded(with: config, at: url)
+		try await authorizer.authorizeEmbedded(with: config, at: url)
 	}
 	
 	/**
@@ -505,7 +505,6 @@ open class OAuth2: OAuth2Base {
 	
 	- returns: JSON dictionary or nil if no registration was attempted;
 	*/
-	@MainActor
 	public func registerClientIfNeeded() async throws -> OAuth2JSON? {
 		if nil != clientId || !type(of: self).clientIdMandatory {
 			return nil
diff --git a/Sources/Flows/OAuth2ClientCredentials.swift b/Sources/Flows/OAuth2ClientCredentials.swift
@@ -35,13 +35,11 @@ open class OAuth2ClientCredentials: OAuth2 {
 	}
 	
 	override open func doAuthorize(params inParams: OAuth2StringDict? = nil) async {
-		Task {
-			do {
-				let result = try await self.obtainAccessToken()
-				self.didAuthorize(withParameters: result)
-			} catch {
-				self.didFail(with: error.asOAuth2Error)
-			}
+		do {
+			let result = try await self.obtainAccessToken()
+			self.didAuthorize(withParameters: result)
+		} catch {
+			self.didFail(with: error.asOAuth2Error)
 		}
 	}
 	
diff --git a/Sources/Flows/OAuth2DynReg.swift b/Sources/Flows/OAuth2DynReg.swift
@@ -32,6 +32,7 @@ Hence it's highly portable and can be instantiated when needed with ease.
 
 For the full OAuth2 Dynamic Client Registration spec see https://tools.ietf.org/html/rfc7591
 */
+@OAuth2Actor
 open class OAuth2DynReg {
 	
 	/// Additional HTTP headers to supply during registration.
diff --git a/Sources/Flows/OAuth2PasswordGrant.swift b/Sources/Flows/OAuth2PasswordGrant.swift
@@ -102,7 +102,7 @@ open class OAuth2PasswordGrant: OAuth2 {
 	*/
 	override open func doAuthorize(params: OAuth2StringDict? = nil) async throws {
 		if username?.isEmpty ?? true || password?.isEmpty ?? true {
-			try askForCredentials()
+			try await askForCredentials()
 		}
 		else {
 			do {
@@ -119,7 +119,7 @@ open class OAuth2PasswordGrant: OAuth2 {
 	
 	- parameter params: Optional key/value pairs to pass during authorization
 	*/
-	private func askForCredentials(params: OAuth2StringDict? = nil) throws {
+	private func askForCredentials(params: OAuth2StringDict? = nil) async throws {
 		logger?.debug("OAuth2", msg: "Presenting the login controller")
 		guard let delegate = delegate else {
 			throw OAuth2Error.noPasswordGrantDelegate
@@ -137,7 +137,8 @@ open class OAuth2PasswordGrant: OAuth2 {
 		// tell the custom authorizer to present the login screen
 		customAuthParams = params
 		let controller = delegate.loginController(oauth2: self)
-		try customAuthorizer.present(loginController: controller, fromContext: authConfig.authorizeContext, animated: true)
+		
+		try await customAuthorizer.present(loginController: controller, fromContext: authConfig.authorizeContext, animated: true)
 	}
 	
 	/**
diff --git a/Sources/iOS/OAuth2WebViewController+iOS.swift b/Sources/iOS/OAuth2WebViewController+iOS.swift
diff --git a/Sources/macOS/OAuth2Authorizer+macOS.swift b/Sources/macOS/OAuth2Authorizer+macOS.swift
diff --git a/Sources/macOS/OAuth2CustomAuthorizer+macOS.swift b/Sources/macOS/OAuth2CustomAuthorizer+macOS.swift
diff --git a/Sources/macOS/OAuth2WebViewController+macOS.swift b/Sources/macOS/OAuth2WebViewController+macOS.swift
diff --git a/Sources/tvOS/OAuth2CustomAuthorizer+tvOS.swift b/Sources/tvOS/OAuth2CustomAuthorizer+tvOS.swift
diff --git a/Tests/DataLoaderTests/OAuth2DataLoaderTests.swift b/Tests/DataLoaderTests/OAuth2DataLoaderTests.swift

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,10 @@ import Foundation`
`22`	`22`	`import CommonCrypto`
`23`	`23`
`24`	`24`
	`25`	`+@globalActor public actor OAuth2Actor : GlobalActor {`
	`26`	`+ public static let shared = OAuth2Actor()`
	`27`	`+}`
	`28`	`+`
`25`	`29`	`/**`
`26`	`30`	Class extending on OAuth2Requestable, exposing configuration and maintaining context, serving as base class for `OAuth2`.
`27`	`31`	`*/`
`@@ -202,18 +206,18 @@ open class OAuth2Base: OAuth2Securable {`
`202`	`206`	`return authURL.description`
`203`	`207`	`}`
`204`	`208`
`205`		`- override open func updateFromKeychainItems(_ items: [String: Any]) {`
	`209`	`+ override open func updateFromKeychainItems(_ items: [String: any Sendable]) {`
`206`	`210`	`for message in clientConfig.updateFromStorableItems(items) {`
`207`	`211`	`logger?.debug("OAuth2", msg: message)`
`208`	`212`	`}`
`209`	`213`	`clientConfig.secretInBody = (clientConfig.endpointAuthMethod == OAuth2EndpointAuthMethod.clientSecretPost)`
`210`	`214`	`}`
`211`	`215`
`212`		`- override open func storableCredentialItems() -> [String: Any]? {`
	`216`	`+ override open func storableCredentialItems() -> [String: any Sendable]? {`
`213`	`217`	`return clientConfig.storableCredentialItems()`
`214`	`218`	`}`
`215`	`219`
`216`		`- override open func storableTokenItems() -> [String: Any]? {`
	`220`	`+ override open func storableTokenItems() -> [String: any Sendable]? {`
`217`	`221`	`return clientConfig.storableTokenItems()`
`218`	`222`	`}`
`219`	`223`