[GH-ISSUE #539] OAuth1Swift doesn't support signature method on token request

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/OAuthSwift#357

kerem commented

2026-03-03 16:48:01 +03:00

Owner

Originally created by @nrivard on GitHub (Aug 13, 2019).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/539

Description:

OAuth1Swift isn't properly filling out the Authorization header and doesn't support signature method on the initial token request

The RFC calls for signing the initial unauthorized token request:
https://oauth.net/core/1.0a/#auth_step1

The most sane approach in my opinion is to get rid of the conveniences on OAuthSwiftClient and instead pass in an instance of OAuthSwift:

open class OAuthSwiftClient: NSObject {
  public init(oauth: OAuthSwift) { ... }
}

This object has the URLs, etc. that are necessary and then we can attach signature method, etc. to it. In addition, it might be wise to refactor the Authorization header generation out of the credential as we don't yet have a credential when making the initial request.

OAuth Provider? (Twitter, Github, ..):

Discogs

OAuth Version:

Version 1
Version 2

OS (Please fill the version) :

iOS :
OSX :
TVOS :
WatchOS :

Installation method:

Carthage
CocoaPods
Swift Package Manager
Manually

Library version:

head
v2.0.0
v1.4.1
v1.2.1
v1.2 (Swift 4.0)
v1.0.0
v0.6
other: (Please fill in the version you are using.)

Xcode version:

11.x (Swift 5.1)
10.x (Swift 5.0)
10.x (Swift 4.1)
9.3 (Swift 4.1)
9.0 (Swift 4.0)
other: (Please fill in the version you are using.)
objective c

Originally created by @nrivard on GitHub (Aug 13, 2019). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/539 ### Description: OAuth1Swift isn't properly filling out the `Authorization` header and doesn't support signature method on the initial token request The RFC calls for signing the initial unauthorized token request: https://oauth.net/core/1.0a/#auth_step1 The most sane approach in my opinion is to get rid of the conveniences on `OAuthSwiftClient` and instead pass in an instance of `OAuthSwift`: ```swift open class OAuthSwiftClient: NSObject { public init(oauth: OAuthSwift) { ... } } ``` This object has the URLs, etc. that are necessary and then we can attach signature method, etc. to it. In addition, it might be wise to refactor the `Authorization` header generation out of the credential as we don't yet have a credential when making the initial request. ### OAuth Provider? (Twitter, Github, ..): Discogs ### OAuth Version: - [x] Version 1 - [ ] Version 2 ### OS (Please fill the version) : - [x] iOS : - [ ] OSX : - [ ] TVOS : - [ ] WatchOS : ### Installation method: - [ ] Carthage - [x] CocoaPods - [ ] Swift Package Manager - [ ] Manually ### Library version: - [ ] head - [x] v2.0.0 - [ ] v1.4.1 - [ ] v1.2.1 - [ ] v1.2 (Swift 4.0) - [ ] v1.0.0 - [ ] v0.6 - [ ] other: (Please fill in the version you are using.) ### Xcode version: - [x] 11.x (Swift 5.1) - [x] 10.x (Swift 5.0) - [ ] 10.x (Swift 4.1) - [ ] 9.3 (Swift 4.1) - [ ] 9.0 (Swift 4.0) - [ ] other: (Please fill in the version you are using.) - [ ] objective c

kerem referenced this issue

2026-03-03 16:49:42 +03:00

[PR #357] [MERGED] Making notification name public #609

Rows
Columns

[GH-ISSUE #539] OAuth1Swift doesn't support signature method on token request #357