[GH-ISSUE #698] OAuthSwift authorize : States not equal in response. #451

New issue

Closed

opened 2026-03-03 16:48:46 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 16:48:46 +03:00

Owner

Originally created by @kshrikant on GitHub (May 13, 2022).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/698

I am using authorize call from OAuthSwift i.e.

@discardableResult
    open func authorize(withCallbackURL callbackURL: URLConvertible?, scope: String, state: String, parameters: Parameters = [:], headers: OAuthSwift.Headers? = nil, success: @escaping TokenSuccessHandler, failure: FailureHandler?) -> OAuthSwiftRequestHandle? { 
    
    else if let code = responseParameters["code"] {
                if !this.allowMissingStateCheck {
                    guard let responseState = responseParameters["state"] else {
                        failure?(OAuthSwiftError.missingState)
                        return
                    }
                    if responseState != state {
                        failure?(OAuthSwiftError.stateNotEqual(state: state, responseState: responseState))
                        return
                    }
        }
    
   }

For the first time when I logged in application I am not encountering above condition i.e. states are receiving same (success scenario) but It seems when logged out the application and and tries to re login at that time its coming inside

failure?(OAuthSwiftError.stateNotEqual(state: state, responseState: responseState))

What are the reasons for receiving different states in response ? So I can recheck into my codebase. @phimage @dongri @phatblat @fabiomassimo

Note - This is happening with webview login. Also I cleared all cookies and webview caches on logout.

Originally created by @kshrikant on GitHub (May 13, 2022). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/698 I am using authorize call from OAuthSwift i.e. ``` @discardableResult open func authorize(withCallbackURL callbackURL: URLConvertible?, scope: String, state: String, parameters: Parameters = [:], headers: OAuthSwift.Headers? = nil, success: @escaping TokenSuccessHandler, failure: FailureHandler?) -> OAuthSwiftRequestHandle? { else if let code = responseParameters["code"] { if !this.allowMissingStateCheck { guard let responseState = responseParameters["state"] else { failure?(OAuthSwiftError.missingState) return } if responseState != state { failure?(OAuthSwiftError.stateNotEqual(state: state, responseState: responseState)) return } } } ``` For the first time when I logged in application I am not encountering above condition i.e. states are receiving same (success scenario) but It seems when logged out the application and and tries to re login at that time its coming inside ` failure?(OAuthSwiftError.stateNotEqual(state: state, responseState: responseState))` What are the reasons for receiving different states in response ? So I can recheck into my codebase. @phimage @dongri @phatblat @fabiomassimo **Note** - This is happening with webview login. Also I cleared all cookies and webview caches on logout.

kerem closed this issue

2026-03-03 16:48:46 +03:00

kerem commented

2026-03-03 16:48:47 +03:00

Author

Owner

@kshrikant commented on GitHub (May 18, 2022):

Due to calling hierarchy in my application the state was setting twice from my end due to that it encountered this issue.

@kshrikant commented on GitHub (May 18, 2022): Due to calling hierarchy in my application the state was setting twice from my end due to that it encountered this issue.

kerem referenced this issue

2026-03-03 16:49:50 +03:00

[PR #452] [MERGED] - SafariURLHandler now referencing oauthSwift as weak var Fix #451 #634