public class AuthorizationPolicy : NSObject

AuthorizationPolicy is mainly responsible to handle Authorization Policy process in AM. AuthorizationPolicy evaluates responses of each request, try to recognize Authorization Policy process as much as possible, and also delegates to the application layer to determine whether or not the response is Authorization Process or not.

AuthorizationPolicy proceeds following major steps:

   1. Upon receiving request response, or redirected request, it invokes `AuthorizationPolicy.evaluateAuthorizationPolicy` to evaluate whether or not the response is required for Authorization process. If the response is automatically recognizable by SDK (IG redirect, or response payload containing `Advice` json structure, SDK automatically parses the response into `PolicyAdvice`.
   2. If `PolicyAdvice` is found, it invokes `AuthorizationPolicyDelegate.onPolicyAdviseReceived` for the application layer to perform authorization process with given `PolicyAdvice`. The application layer should use `FRSession.authenticate` with `PolicyAdvice` to walk through authentication tree, and notify SDK with `completion` callback with the result of the authorization process.
   3. If the authorization process was successful, it invokes `AuthorizationPolicyDelegate.updateRequest` to decorate the new request with transactionId (if found). If `AuthorizationPolicyDelegate.updateRequest` is not implemented, SDK automatically injects `_txId` in URL query parameter to the original request, and retry the request with updated one. If `transactionId` is not found, then retry with the original request.

Note AuthorizationPolicyDelegate only enforces its policy for given URLs. If given URLRequest does not match any of given URLs, then it proceeds as it is.


 // Step 1 - Register FRURLProtocol

 // Step 2 - Initialize AuthorizationPolicy object
 let authorizationPolicy = AuthorizationPolicy(validatingURL: [URL, URL,...], delegate: self)

 // Step 3 - Implement delegate method if needed; `AuthorizationPolicyDelegate.onPolicyAdviseReceived` is mandatory whereas others are optional

 // Step 4 - Assign AuthorizationPolicy in FRURLProtocol
 FRURLProtocol.authorizationPolicy = authorizationPolicy

 // Step 5 - Configure URLProtocol in the application's URLSessionConfiguration
 let config = URLSessionConfiguration.default
 config.protocolClasses = [FRURLProtocol.self]
 let urlSession = URLSession(configuration: config)



  • Initializes AuthorizationPolicy with delegation



    public init(validatingURL: [URL], delegate: AuthorizationPolicyDelegate? = nil)



    URLs to be validated for AuthorizationPolicy


    delegation to enforce authorization policy evaluation