[GH-ISSUE #205] Add in REAME a check for an application is calling you #116

New issue

Closed

opened 2026-03-03 16:45:49 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 16:45:49 +03:00

Owner

Originally created by @vronin on GitHub (Mar 13, 2016).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/205

Current example in REAME looks like that:

func application(app: UIApplication, openURL url: NSURL, options: [String : AnyObject]) -> Bool {
  if (url.host == "oauth-callback") {
    OAuthSwift.handleOpenURL(url)
  }
  return true
}

However, this leaves an application open for abuses. Any other application may try to open a URL and this app will accept it.

The better check would be

if (options["UIApplicationOpenURLOptionsSourceApplicationKey"] as? String == "com.apple.SafariViewService" && url.host == "oauth-callback")

Originally created by @vronin on GitHub (Mar 13, 2016). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/205 Current example in REAME looks like that: ``` func application(app: UIApplication, openURL url: NSURL, options: [String : AnyObject]) -> Bool { if (url.host == "oauth-callback") { OAuthSwift.handleOpenURL(url) } return true } ``` However, this leaves an application open for abuses. Any other application may try to open a URL and this app will accept it. The better check would be ``` if (options["UIApplicationOpenURLOptionsSourceApplicationKey"] as? String == "com.apple.SafariViewService" && url.host == "oauth-callback") ```

kerem

2026-03-03 16:45:49 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-03-03 16:45:50 +03:00

Author

Owner

@vronin commented on GitHub (Mar 13, 2016):

BTW. I think it make sense to add this check for pre-OS 9 example too (just to be on the same side)

@vronin commented on GitHub (Mar 13, 2016): BTW. I think it make sense to add this check for pre-OS 9 example too (just to be on the same side)

kerem commented

2026-03-03 16:45:50 +03:00

Author

Owner

@phimage commented on GitHub (Mar 15, 2016):

agree to add some info about it into readme.md (and edit demo code)
but maybe just a chapter because if there is other value than "com.apple.SafariViewService"
This value is for external safari app and/or new safari(internal)controller?

@phimage commented on GitHub (Mar 15, 2016): agree to add some info about it into readme.md (and edit demo code) but maybe just a chapter because if there is other value than "com.apple.SafariViewService" This value is for external safari app and/or new safari(internal)controller?

kerem commented

2026-03-03 16:45:50 +03:00

Author

Owner

@vronin commented on GitHub (Mar 15, 2016):

Yeah. You right. There could be other browser. I just implied SafariViewService, because I was using it.

This value is for new SFSafariViewController. It looks (from UI perspective) as internal, but it's actually executed in a separate process.

@vronin commented on GitHub (Mar 15, 2016): Yeah. You right. There could be other browser. I just implied SafariViewService, because I was using it. This value is for new SFSafariViewController. It looks (from UI perspective) as internal, but it's actually executed in a separate process.