starred/OAuthSwift
1
0
Fork 0
mirror of https://github.com/OAuthSwift/OAuthSwift.git synced 2026-04-26 20:55:57 +03:00
Code Issues 56 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #400] Retrieving only authentication code by specifying response_type as code #255

New issue
Closed
opened 2026-03-03 16:47:06 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 16:47:06 +03:00
Owner
Copy link

Originally created by @uiroshan on GitHub (Aug 14, 2017).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/400

Description:

I am trying to implement a login flow, which involves both iOS app and server integration. Other than social authentication, application support email/password authentication as well. Once successful authentication server application send auth_token which can be used in subsequent API calls.

My social login flow as follows :

  • iOS application initiate social login by retrieving a code as response type from the authentication provider.
  • Retrieved code send to server application, so it verifies with the social authentication provider and (create an account if not exist) authenticate the user.
  • Successful authentication will generate auth token as normal (email / password) authentication and send back to the mobile application.

Once successful authentication, both approaches mobile application receives auth_token.

But the problem with OAuthSwift is, it doesn't support retrieving just the code from social provider. Once we specify response type as code, it needs consumerSecret and accessTokenUrl as required parameters and completes access_token retrieving step in the background. Which I am expected to do as a server-server call. Also Facebook recommends to exchange code for the access_token as a server-server call.

Is there any provided way to do this?

OAuth Provider (Twitter, Github, ..):

Facebook

OAuth Version:

  • Version 1
  • Version 2

OS (Please fill the version) :

  • iOS :
  • OSX :
  • TVOS :
  • WatchOS :

Installation method:

  • Carthage
  • CocoaPods
  • Manually

Library version:

  • head
  • v1.0.0
  • v0.6
  • other: (Please fill in the version you are using.)

Xcode version:

  • 8.3.3 (Swift 3.0)

  • 8.0 (Swift 3.0)

  • 8.0 (Swift 2.3)

  • 7.3.1

  • other: (Please fill in the version you are using.)

  • objective c

Originally created by @uiroshan on GitHub (Aug 14, 2017). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/400 ### Description: I am trying to implement a login flow, which involves both iOS app and server integration. Other than social authentication, application support email/password authentication as well. Once successful authentication server application send auth_token which can be used in subsequent API calls. My social login flow as follows : * iOS application initiate social login by retrieving a code as response type from the authentication provider. * Retrieved code send to server application, so it verifies with the social authentication provider and (create an account if not exist) authenticate the user. * Successful authentication will generate auth token as normal (email / password) authentication and send back to the mobile application. Once successful authentication, both approaches mobile application receives auth_token. But the problem with OAuthSwift is, it doesn't support retrieving just the code from social provider. Once we specify response type as code, it needs consumerSecret and accessTokenUrl as required parameters and completes access_token retrieving step in the background. Which I am expected to do as a server-server call. Also Facebook recommends to exchange code for the access_token as a server-server call. Is there any provided way to do this? ### OAuth Provider (Twitter, Github, ..): Facebook ### OAuth Version: - [ ] Version 1 - [x] Version 2 ### OS (Please fill the version) : - [x] iOS : - [ ] OSX : - [ ] TVOS : - [ ] WatchOS : ### Installation method: - [ ] Carthage - [x] CocoaPods - [ ] Manually ### Library version: - [x] head - [ ] v1.0.0 - [ ] v0.6 - [ ] other: (Please fill in the version you are using.) ### Xcode version: - [x] 8.3.3 (Swift 3.0) - [ ] 8.0 (Swift 3.0) - [ ] 8.0 (Swift 2.3) - [ ] 7.3.1 - [ ] other: (Please fill in the version you are using.) - [ ] objective c
kerem 2026-03-03 16:47:06 +03:00
kerem commented 2026-03-03 16:47:07 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Aug 14, 2017):

If I understand well your workflow you want to split the current workflow

In OAuthSwift2 authorizemethod
we receive the code let code = responseParameters["code"]
and make a new request using `this.postOAuthAccessTokenWithRequestToken``

So maybe you want to override postOAuthAccessTokenWithRequestToken(byCode:

  • So one way is to make this function accessible and overridable then in your code you can extend OAuthSwift2 to fulfil your need.

  • The other way is to add a new attribute in OAuthSwift2, a closure (or a protocol like a delegate).
    If the closure is provided, then call the closure code instead of `postOAuthAccessTokenWithRequestToken(byCode:

You can Pull Request

<!-- gh-comment-id:322128388 --> @phimage commented on GitHub (Aug 14, 2017): If I understand well your workflow you want to split the current workflow In OAuthSwift2 `authorize`method we receive the code `let code = responseParameters["code"]` and make a new request using `this.postOAuthAccessTokenWithRequestToken`` So maybe you want to override `postOAuthAccessTokenWithRequestToken(byCode:` - So one way is to make this function accessible and overridable then in your code you can extend OAuthSwift2 to fulfil your need. - The other way is to add a new attribute in OAuthSwift2, a closure (or a protocol like a delegate). If the closure is provided, then call the closure code instead of `postOAuthAccessTokenWithRequestToken(byCode: You can Pull Request
kerem commented 2026-03-03 16:47:07 +03:00
Author
Owner
Copy link

@uiroshan commented on GitHub (Aug 18, 2017):

Thanks a lot for the suggestions. I tried both approaches and decided to go with the first one. I made it open and changed the base class name to exchangeCodeForAccessToken. I thought method needs a better name so use the new name. But if you think it's not necessary or does not match with your naming conventions please let me know.

Here is the gist link on how I used it.
https://gist.github.com/uiroshan/89f9baea0a2678955bc672bfcefbfebd

<!-- gh-comment-id:323329261 --> @uiroshan commented on GitHub (Aug 18, 2017): Thanks a lot for the suggestions. I tried both approaches and decided to go with the first one. I made it `open` and changed the base class name to `exchangeCodeForAccessToken`. I thought method needs a better name so use the new name. But if you think it's not necessary or does not match with your naming conventions please let me know. Here is the gist link on how I used it. https://gist.github.com/uiroshan/89f9baea0a2678955bc672bfcefbfebd
kerem commented 2026-03-03 16:47:08 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Aug 18, 2017):

I want to keep the current name, less modification
I will set the method public here

<!-- gh-comment-id:323331653 --> @phimage commented on GitHub (Aug 18, 2017): I want to keep the current name, less modification I will set the method public here
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
ci/action/danger
ci/action/release-drafter
pkce
ci/action/tvos
ci/travis
2.1.0
2.0.0
fix/fitbiterror
swift3
digu-demo
swift3.0objc
swift2.2
swift2.3
swift2.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.4.1
1.4.0
1.3.0
1.2.2
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.0
0.6.0
0.5.2
v0.5.2
0.5.1
0.5.0
0.4.8
0.4.6
v0.4.6
0.4.5
v0.4.5
0.4.4
v0.4.4
0.4.3
0.4.2
0.4.1
v0.4.1
0.4.0
v0.4.0
Swift1.x
0.3.7
v0.3.7
0.3.6
v0.3.6
0.3.5
v0.3.5
0.3.4
v0.3.4
0.3.3
v0.3.3
v0.3.2
0.3.2
0.3.1
v0.3.1
0.3.0
v0.3.0
0.2.1
0.2.0
v0.2.0
0.1.9
0.1.8
0.1.7
v0.1.7
v0.1.6
Labels
Clear labels   
bug

   
cocoapod

   
duplicate

   
enhancement

   
feature-request

   
help wanted

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
cocoapod
duplicate
enhancement
feature-request
help wanted
help wanted
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/OAuthSwift#255
No description provided.