[GH-ISSUE #678] How to handle oauth_verifier manually ('oob' callback URL) #439

New issue

Open

opened 2026-03-03 16:48:42 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 16:48:42 +03:00

Owner

Originally created by @zisoft on GitHub (Oct 7, 2021).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/678

I'm developing a plugin for a MacOS application which will use the Flickr API.
Because this is only a plugin I cannot provide an own URL scheme for the callback so according to the OAuth1 spec I set 'oob' (out-of-band) for the callback URL.

So I implemented the following steps:

oauthswift = OAuth1Swift(
    consumerKey:    "********",
    consumerSecret: "********",
    requestTokenUrl: "https://www.flickr.com/services/oauth/request_token",
    authorizeUrl:    "https://www.flickr.com/services/oauth/authorize",
    accessTokenUrl:  "https://www.flickr.com/services/oauth/access_token"
)

// authorize
let handle = oauthswift.authorize(
    withCallbackURL: "oob") { result in
    switch result {
    case .success(let (credential, response, parameters)):
      print(credential.oauthToken)
      print(credential.oauthTokenSecret)
      print(parameters["user_id"])
      // Do your request
    case .failure(let error):
      print(error.localizedDescription)
    }             
}

This works as expected, the Flickr authorize page is opened in the browser and after approving permissions I get the verifier code displayed on that page. With this verifier I now need to call the accessTokenUrl.

I cannot figure out how to manually set the oauth_verifier in client.credentials because it is readonly.

EDIT:
I have declared open the OAuthSwiftCredential.oauthVerifier property as well as the OAuth1Swift.postOAuthAccessTokenWithRequestToken method. Now I can manually set the oauth_verifier value after authorize and then call the accessTokenUrl. But I'm curious to know if I'm the only one who uses this workflow?

Originally created by @zisoft on GitHub (Oct 7, 2021). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/678 I'm developing a plugin for a MacOS application which will use the Flickr API. Because this is only a plugin I cannot provide an own URL scheme for the callback so according to the OAuth1 spec I set 'oob' (out-of-band) for the callback URL. So I implemented the following steps: ``` oauthswift = OAuth1Swift( consumerKey: "********", consumerSecret: "********", requestTokenUrl: "https://www.flickr.com/services/oauth/request_token", authorizeUrl: "https://www.flickr.com/services/oauth/authorize", accessTokenUrl: "https://www.flickr.com/services/oauth/access_token" ) // authorize let handle = oauthswift.authorize( withCallbackURL: "oob") { result in switch result { case .success(let (credential, response, parameters)): print(credential.oauthToken) print(credential.oauthTokenSecret) print(parameters["user_id"]) // Do your request case .failure(let error): print(error.localizedDescription) } } ``` This works as expected, the Flickr authorize page is opened in the browser and after approving permissions I get the verifier code displayed on that page. With this verifier I now need to call the accessTokenUrl. I cannot figure out how to manually set the oauth_verifier in client.credentials because it is readonly. EDIT: I have declared open the `OAuthSwiftCredential.oauthVerifier` property as well as the `OAuth1Swift.postOAuthAccessTokenWithRequestToken` method. Now I can manually set the oauth_verifier value after authorize and then call the accessTokenUrl. But I'm curious to know if I'm the only one who uses this workflow?

kerem commented

2026-03-03 16:48:43 +03:00

Author

Owner

@sk-chanch commented on GitHub (Jun 22, 2022):


let header = oauthswift?.client.credential.makeHeaders("https://xxxx.com/access_token",
                                                               method: .POST,
                                                               parameters: `["oauth_verifier":"*************"])`
        
        
        
        oauthswift?.client.post("https://xxxx.com/access_token",
                                headers: header)
        {[weak self] result in
            switch result {
            case .success(let response):
                print(response)
            case .failure(let error):
                print(error)
                
            }
        }

@sk-chanch commented on GitHub (Jun 22, 2022): ``` let header = oauthswift?.client.credential.makeHeaders("https://xxxx.com/access_token", method: .POST, parameters: `["oauth_verifier":"*************"])` oauthswift?.client.post("https://xxxx.com/access_token", headers: header) {[weak self] result in switch result { case .success(let response): print(response) case .failure(let error): print(error) } } ```