Configuration
ThunderIDConfig is the configuration struct passed to ThunderIDClient.initialize(config:storage:) and to the .thunderIDProvider(config:) view modifier.
Example
import ThunderID
let config = ThunderIDConfig(
baseUrl: "https://localhost:8090",
clientId: "<your-client-id>",
scopes: ["openid", "profile", "email"],
afterSignInUrl: "io.thunderid.b2c://callback",
afterSignOutUrl: "io.thunderid.b2c://logout",
applicationId: "<your-application-id>"
)
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
baseUrl | String | — | Required. Your ThunderID instance URL. Must use HTTPS (e.g., https://localhost:8090). |
clientId | String? | nil | The Client ID from your ThunderID application. Required for redirect-based authentication and token operations. |
scopes | [String] | ["openid"] | OAuth 2.0 scopes to request. Include "profile" and "email" to receive user identity claims. |
afterSignInUrl | String? | nil | The redirect URI to return to after sign-in. Must match an Allowed Redirect URI registered in the console. |
afterSignOutUrl | String? | nil | The redirect URI to return to after sign-out. Must match an Allowed Post-Logout Redirect URI in the console. |
signInUrl | String? | nil | Override the sign-in URL. Defaults to the ThunderID hosted sign-in page. |
signUpUrl | String? | nil | Override the sign-up URL. |
clientSecret | String? | nil | Client secret for confidential clients. Do not include this in a shipped iOS app. |
signInOptions | [String: Any] | [:] | Additional query parameters appended to the authorization URL on sign-in. |
signOutOptions | [String: Any] | [:] | Additional parameters sent with the sign-out request. |
signUpOptions | [String: Any] | [:] | Additional parameters sent with the sign-up request. |
applicationId | String? | nil | The Application ID used for app-native (embedded) sign-in flows via the Flow Execution API. |
organizationHandle | String? | nil | The organization handle for multi-tenant deployments. |
tokenValidation | TokenValidationConfig | see below | Controls ID token validation behavior. |
storage | StorageAdapter? | nil | Custom token storage backend. Defaults to KeychainStorageAdapter. |
instanceId | Int? | nil | Identifies the SDK instance when running multiple instances in one process. |
TokenValidationConfig
Controls how the SDK validates ID tokens.
ThunderIDConfig(
baseUrl: "https://localhost:8090",
clientId: "<your-client-id>",
tokenValidation: TokenValidationConfig(
validate: true,
validateIssuer: true,
clockTolerance: 30
)
)
| Parameter | Type | Default | Description |
|---|---|---|---|
validate | Bool | true | Whether to validate ID token signatures and claims. Set to false only during local development. |
validateIssuer | Bool | true | Whether to validate the iss claim against baseUrl. |
clockTolerance | Int | 0 | Allowed clock skew in seconds when validating token expiry. |
Storage Backends
The SDK provides two built-in storage backends:
| Class | Description |
|---|---|
KeychainStorageAdapter | Default. Persists tokens in the iOS Keychain, surviving app restarts. |
InMemoryStorageAdapter | Stores tokens in memory only. Tokens are lost when the app is terminated. Useful for testing. |
To use a custom backend, implement the StorageAdapter protocol:
public protocol StorageAdapter {
func get(key: String) -> String?
func set(key: String, value: String)
func remove(key: String)
}
Pass your implementation to ThunderIDConfig(storage:) or to ThunderIDClient.initialize(config:storage:).
