OAuth Support

[mohannad-hassan]

Introduces the basic infra for authenticating the user to their Quran.com account, and the basic UI for login. Will be expanded upon in following tasks.

• Data/OAuthClient handles the actual request. This is the starting point to handle authenticating requests and refreshing the tokens. The persistance of the tokens is yet to be handled.
• Domain/QuranProfileService is the service counterpart. Will, probably, only expose the profile information.
• openid/AppAuth-iOS was added as a dependency. Cuts down on much nuisance in OpenID communications.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 94 lines in your changes missing coverage. Please review.

Project coverage is 40.12%. Comparing base (d9fc366) to head (12ed7f5).
Report is 41 commits behind head on main.

Files with missing lines	Patch %	Lines
Data/OAuthClient/Sources/AppAuthOAuthClient.swift	0.00%	62 Missing ⚠️
Features/SettingsFeature/SettingsRootView.swift	0.00%	11 Missing ⚠️
...atures/SettingsFeature/SettingsRootViewModel.swift	0.00%	11 Missing ⚠️
Data/OAuthClient/Sources/OAuthClient.swift	0.00%	5 Missing ⚠️
...anProfileService/Sources/QuranProfileService.swift	0.00%	4 Missing ⚠️
Features/SettingsFeature/SettingsBuilder.swift	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #680      +/-   ##
==========================================
- Coverage   40.92%   40.12%   -0.81%     
==========================================
  Files         525      533       +8     
  Lines       20880    21282     +402     
==========================================
- Hits         8546     8539       -7     
- Misses      12334    12743     +409     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mohannad-hassan]

@mohamede1945 I thought of StartupLauncher for this.

[mohamede1945]

Actually, this approach makes more sense to me. However, I’d prefer not to create an OAuthClient at all, rather than creating one with a nil configuration. This way, it’s clear to the consumer that the app doesn’t have OAuth configured. I would also propagate this to the Profile service, ensuring the feature recognizes that there’s no Profile service and doesn’t display login controls.

[mohamede1945]

This is truly outstanding work for a first-time contribution, Mohannad! Thank you so much. I’ve left a few minor comments, including one suggesting the addition of tests for the AppAuthOAuthClient.

[mohamede1945]

Is it possible to remove this method and just have the configuration set in the init? This way we can make appConfiguration non-optional and remove the need for oauthClientHasNotBeenSet error.

[mohamede1945]

Actually, this approach makes more sense to me. However, I’d prefer not to create an OAuthClient at all, rather than creating one with a nil configuration. This way, it’s clear to the consumer that the app doesn’t have OAuth configured. I would also propagate this to the Profile service, ensuring the feature recognizes that there’s no Profile service and doesn’t display login controls.

[mohamede1945]

It would be really really great to have some tests to validate the success cases and a couple of failure cases as well, please. This would not only help ensure the code works but also ensure it is testable as we add additional logic in the future, such as the state machine for automatically logging in a user at startup.

[mohannad-hassan]

Definitely this will be handled next inshaa Allah. I usually go test-first, but for this PR the full responsibilities of the auth client weren't clear yet. As things stand, AppAuthOAuthClient is just a wrapper for the library.

We have the following:

• Token refresh & persistance
• Signaling API availability
• Authenticating the API requests
• Signaling if OAuth is available (disables/removes the login option)

This structure is going to be the subject of the next PR, and with it, I'll resume the standard testing strategy.

[mohannad-hassan]

As for the comment on managing the configuration along with the availability of the OAuth client, I'll take that into account while I handle the responsibilities mentioned above.

The Profile service will be facing the features.

The OAuth client will be facing other data clients, which I expect them to be used by the domain services (bookmarks, notes ...).
The question here is where to delegate the responsibility of knowing of the API availability. I think out understanding of this will need to evolve as we handle the cases of data syncing.