starred/OAuthSwift
1
0
Fork 0
mirror of https://github.com/OAuthSwift/OAuthSwift.git synced 2026-04-26 20:55:57 +03:00
Code Issues 56 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #574] Remove client_key and client_secret from body when accessTokenBasicAuthentification is enabled #375

New issue
Closed
opened 2026-03-03 16:48:10 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 16:48:10 +03:00
Owner
Copy link

Originally created by @trentbb on GitHub (Feb 11, 2020).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/574

Description:

Recently ran in to an issue trying to obtain a token. A particular provider I am using requires using Basic Authentication to provide the client_key and client_secret. So, I'm setting the accessTokenBasicAuthentification to true, and this mostly works. However I run into a problem with OAuthSwift leaving the client_ and client_secret in the body params. The provider will not accept the request if the client key and secret are in both the body and header. I've never run into this with any other provider, so I think that the provider I am using is just a bit odd. I think it makes since to me that if you're going to include the client key and secret in the header, then it shouldn't be in the body too. Either or.

OAuth Provider? (Twitter, Github, ..):

ForgeRock

OAuth Version:

  • Version 1
  • [x ] Version 2

OS (Please fill the version) :

  • iOS :
  • OSX :
  • TVOS :
  • WatchOS :

Installation method:

  • Carthage
  • [x ] CocoaPods
  • Swift Package Manager
  • Manually

Library version:

  • head
  • [ x] v2.1.0
  • v2.0.0
  • v1.4.1
  • v1.2 (Swift 4.0)
  • other: (Please fill in the version you are using.)

Xcode version:

  • [x ] 11.x (Swift 5.1)

  • 10.x (Swift 5.0)

  • 10.x (Swift 4.1)

  • 9.3 (Swift 4.1)

  • 9.0 (Swift 4.0)

  • other: (Please fill in the version you are using.)

  • objective c

Originally created by @trentbb on GitHub (Feb 11, 2020). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/574 ### Description: Recently ran in to an issue trying to obtain a token. A particular provider I am using requires using Basic Authentication to provide the client_key and client_secret. So, I'm setting the accessTokenBasicAuthentification to true, and this mostly works. However I run into a problem with OAuthSwift leaving the client_ and client_secret in the body params. The provider will not accept the request if the client key and secret are in both the body and header. I've never run into this with any other provider, so I think that the provider I am using is just a bit odd. I think it makes since to me that if you're going to include the client key and secret in the header, then it shouldn't be in the body too. Either or. ### OAuth Provider? (Twitter, Github, ..): ForgeRock ### OAuth Version: - [ ] Version 1 - [x ] Version 2 ### OS (Please fill the version) : - [x] iOS : - [ ] OSX : - [ ] TVOS : - [ ] WatchOS : ### Installation method: - [ ] Carthage - [x ] CocoaPods - [ ] Swift Package Manager - [ ] Manually ### Library version: - [ ] head - [ x] v2.1.0 - [ ] v2.0.0 - [ ] v1.4.1 - [ ] v1.2 (Swift 4.0) - [ ] other: (Please fill in the version you are using.) ### Xcode version: - [x ] 11.x (Swift 5.1) - [ ] 10.x (Swift 5.0) - [ ] 10.x (Swift 4.1) - [ ] 9.3 (Swift 4.1) - [ ] 9.0 (Swift 4.0) - [ ] other: (Please fill in the version you are using.) - [ ] objective c
kerem closed this issue 2026-03-03 16:48:10 +03:00
kerem commented 2026-03-03 16:48:11 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Apr 30, 2020):

@trentbb did you think client_id too, not only secret?

to test you could add a boolean doNotSendClientInfoInBody in OAuth2Swift.swift
then here
github.com/OAuthSwift/OAuthSwift@fde77955e6/Sources/OAuth2Swift.swift (L177)
and maybe also here
github.com/OAuthSwift/OAuthSwift@fde77955e6/Sources/OAuth2Swift.swift (L168)

do not set info in parameters if your boolean is true

<!-- gh-comment-id:621996510 --> @phimage commented on GitHub (Apr 30, 2020): @trentbb did you think client_id too, not only secret? to test you could add a boolean `doNotSendClientInfoInBody` in OAuth2Swift.swift then here https://github.com/OAuthSwift/OAuthSwift/blob/fde77955e6983fbfaabd491709d52b8a82fda4d0/Sources/OAuth2Swift.swift#L177 and maybe also here https://github.com/OAuthSwift/OAuthSwift/blob/fde77955e6983fbfaabd491709d52b8a82fda4d0/Sources/OAuth2Swift.swift#L168 do not set info in parameters if your boolean is true
kerem commented 2026-03-03 16:48:11 +03:00
Author
Owner
Copy link

@trentbb commented on GitHub (Apr 30, 2020):

@phimage Thanks for your response. I ended up forking OAuthSwift and made similar changes to what you just described

github.com/trentbb/OAuthSwift@deb08836a4

<!-- gh-comment-id:622017412 --> @trentbb commented on GitHub (Apr 30, 2020): @phimage Thanks for your response. I ended up forking OAuthSwift and made similar changes to what you just described https://github.com/trentbb/OAuthSwift/commit/deb08836a46d2669d0d6394d75fd566a4a428b5d
kerem commented 2026-03-03 16:48:11 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (May 2, 2020):

I will close. Anybody could feel free to PR this change as optional feature

<!-- gh-comment-id:623005554 --> @phimage commented on GitHub (May 2, 2020): I will close. Anybody could feel free to PR this change as optional feature
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
ci/action/danger
ci/action/release-drafter
pkce
ci/action/tvos
ci/travis
2.1.0
2.0.0
fix/fitbiterror
swift3
digu-demo
swift3.0objc
swift2.2
swift2.3
swift2.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.4.1
1.4.0
1.3.0
1.2.2
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.0
0.6.0
0.5.2
v0.5.2
0.5.1
0.5.0
0.4.8
0.4.6
v0.4.6
0.4.5
v0.4.5
0.4.4
v0.4.4
0.4.3
0.4.2
0.4.1
v0.4.1
0.4.0
v0.4.0
Swift1.x
0.3.7
v0.3.7
0.3.6
v0.3.6
0.3.5
v0.3.5
0.3.4
v0.3.4
0.3.3
v0.3.3
v0.3.2
0.3.2
0.3.1
v0.3.1
0.3.0
v0.3.0
0.2.1
0.2.0
v0.2.0
0.1.9
0.1.8
0.1.7
v0.1.7
v0.1.6
Labels
Clear labels   
bug

   
cocoapod

   
duplicate

   
enhancement

   
feature-request

   
help wanted

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
cocoapod
duplicate
enhancement
feature-request
help wanted
help wanted
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/OAuthSwift#375
No description provided.