starred/OAuthSwift
1
0
Fork 0
mirror of https://github.com/OAuthSwift/OAuthSwift.git synced 2026-04-26 12:45:52 +03:00
Code Issues 56 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #628] Withings OAuth2 not working #409

New issue
Closed
opened 2026-03-03 16:48:27 +03:00 by kerem · 1 comment
kerem commented 2026-03-03 16:48:27 +03:00
Owner
Copy link

Originally created by @rowellx68 on GitHub (Oct 21, 2020).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/628

Description:

Withings has since moved to OAuth2 and they have since added a required parameter for all endpoints. This causes the the auth to fail since we are not providing action when we request the access token.

As per the new docs, we need to provide requesttoken to the action parameter. This is on top of what is already provided.

What is the best way to customise this section?

open func postOAuthAccessTokenWithRequestToken(byCode code: String, callbackURL: URL?, headers: OAuthSwift.Headers? = nil, completionHandler completion: @escaping TokenCompletionHandler) -> OAuthSwiftRequestHandle? {

        var parameters = OAuthSwift.Parameters()
        parameters["client_id"] = self.consumerKey
        parameters["code"] = code
        parameters["grant_type"] = "authorization_code"

        // PKCE - extra parameter
        if let codeVerifier = self.codeVerifier {
            parameters["code_verifier"] = codeVerifier
            // Don't send client secret when using PKCE, some services complain
        } else {
            // client secrets should only be used for web style apps where they can't be decompiled (use pkce instead), so if it's empty, don't post it as some servers will reject it
            // https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
            if !self.consumerSecret.isEmpty {
                parameters["client_secret"] = self.consumerSecret
            }
        }

        if let callbackURL = callbackURL {
            parameters["redirect_uri"] = callbackURL.absoluteString.safeStringByRemovingPercentEncoding
        }

        OAuthSwift.log?.trace("Add security parameters: \(parameters)")
        return requestOAuthAccessToken(withParameters: parameters, headers: headers, completionHandler: completion)
    }

OAuth Provider? (Twitter, Github, ..):

Withings

OAuth Version:

  • Version 1
  • Version 2

OS (Please fill the version) :

  • iOS :
  • OSX :
  • TVOS :
  • WatchOS :

Installation method:

  • Carthage
  • CocoaPods
  • Swift Package Manager
  • Manually

Library version:

  • head
  • v2.1.0
  • v2.0.0
  • v1.4.1
  • other: (Please fill in the version you are using.)

Xcode version:

  • 11.4 (Swift 5.2)

  • 11.x (Swift 5.1)

  • 10.x (Swift 5.0)

  • other: 12

  • objective c

Originally created by @rowellx68 on GitHub (Oct 21, 2020). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/628 ### Description: Withings has since moved to OAuth2 and they have since added a required parameter for all endpoints. This causes the the auth to fail since we are not providing `action` when we request the access token. As per the new [docs](http://developer.withings.com/oauth2/#operation/oauth2-getaccesstoken), we need to provide `requesttoken` to the `action` parameter. This is on top of what is already provided. What is the best way to customise [this](https://github.com/OAuthSwift/OAuthSwift/blob/8e94866ddbb0b252be5483eac14fd3cd5065e0c9/Sources/OAuth2Swift.swift#L212-L237) section? ```swift open func postOAuthAccessTokenWithRequestToken(byCode code: String, callbackURL: URL?, headers: OAuthSwift.Headers? = nil, completionHandler completion: @escaping TokenCompletionHandler) -> OAuthSwiftRequestHandle? { var parameters = OAuthSwift.Parameters() parameters["client_id"] = self.consumerKey parameters["code"] = code parameters["grant_type"] = "authorization_code" // PKCE - extra parameter if let codeVerifier = self.codeVerifier { parameters["code_verifier"] = codeVerifier // Don't send client secret when using PKCE, some services complain } else { // client secrets should only be used for web style apps where they can't be decompiled (use pkce instead), so if it's empty, don't post it as some servers will reject it // https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/ if !self.consumerSecret.isEmpty { parameters["client_secret"] = self.consumerSecret } } if let callbackURL = callbackURL { parameters["redirect_uri"] = callbackURL.absoluteString.safeStringByRemovingPercentEncoding } OAuthSwift.log?.trace("Add security parameters: \(parameters)") return requestOAuthAccessToken(withParameters: parameters, headers: headers, completionHandler: completion) } ``` ### OAuth Provider? (Twitter, Github, ..): Withings ### OAuth Version: - [ ] Version 1 - [x] Version 2 ### OS (Please fill the version) : - [x] iOS : - [ ] OSX : - [ ] TVOS : - [ ] WatchOS : ### Installation method: - [ ] Carthage - [ ] CocoaPods - [x] Swift Package Manager - [ ] Manually ### Library version: - [x] head - [ ] v2.1.0 - [ ] v2.0.0 - [ ] v1.4.1 - [ ] other: (Please fill in the version you are using.) ### Xcode version: - [ ] 11.4 (Swift 5.2) - [ ] 11.x (Swift 5.1) - [ ] 10.x (Swift 5.0) - [x] other: 12 - [ ] objective c
kerem closed this issue 2026-03-03 16:48:28 +03:00
kerem commented 2026-03-03 16:48:28 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Nov 10, 2020):

I see nothing the with current code

you could subclass and override postOAuthAccessTokenWithRequestToken
and copy all code (I expect all is public)

if not or to do a better job all code from postOAuthAccessTokenWithRequestToken except the last line could be extracted to
parametersForPostOAuthAccessTokenWithRequestToken() -> OAuthSwift.Parameters()
and then you could also subclass and override only this function, call the super and add only your new attribute

or just a function(need override class too) or closure to customise it

<!-- gh-comment-id:724442388 --> @phimage commented on GitHub (Nov 10, 2020): I see nothing the with current code you could subclass and override `postOAuthAccessTokenWithRequestToken` and copy all code (I expect all is public) if not or to do a better job all code from postOAuthAccessTokenWithRequestToken except the last line could be extracted to `parametersForPostOAuthAccessTokenWithRequestToken() -> OAuthSwift.Parameters()` and then you could also subclass and override only this function, call the super and add only your new attribute or just a function(need override class too) or closure to customise it
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
ci/action/danger
ci/action/release-drafter
pkce
ci/action/tvos
ci/travis
2.1.0
2.0.0
fix/fitbiterror
swift3
digu-demo
swift3.0objc
swift2.2
swift2.3
swift2.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.4.1
1.4.0
1.3.0
1.2.2
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.0
0.6.0
0.5.2
v0.5.2
0.5.1
0.5.0
0.4.8
0.4.6
v0.4.6
0.4.5
v0.4.5
0.4.4
v0.4.4
0.4.3
0.4.2
0.4.1
v0.4.1
0.4.0
v0.4.0
Swift1.x
0.3.7
v0.3.7
0.3.6
v0.3.6
0.3.5
v0.3.5
0.3.4
v0.3.4
0.3.3
v0.3.3
v0.3.2
0.3.2
0.3.1
v0.3.1
0.3.0
v0.3.0
0.2.1
0.2.0
v0.2.0
0.1.9
0.1.8
0.1.7
v0.1.7
v0.1.6
Labels
Clear labels   
bug

   
cocoapod

   
duplicate

   
enhancement

   
feature-request

   
help wanted

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
cocoapod
duplicate
enhancement
feature-request
help wanted
help wanted
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/OAuthSwift#409
No description provided.