[PR #151] [MERGED] Don't send emtpy Bearer tokens #534

New issue

Closed

opened 2026-03-03 16:49:19 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 16:49:19 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/OAuthSwift/OAuthSwift/pull/151
Author: @gufo
Created: 11/26/2015
Status: ✅ Merged
Merged: 11/26/2015
Merged by: @phimage

Base: master ← Head: no-empty-bearer-tokens

---

📝 Commits (1)

• 2e60d92 Don't send emtpy Bearer tokens

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 OAuthSwift/OAuthSwiftCredential.swift (+1 -1)

📄 Description

As per RFC 6750 the syntax for Bearer authentication is as follows:

  b64token    = 1*( ALPHA / DIGIT /
                    "-" / "." / "_" / "~" / "+" / "/" ) *"="
  credentials = "Bearer" 1*SP b64token

Note the 1* which means "at least one repetition".

By definition, when one has an OAuth2 code and uses it to request an authorization token, the request cannot be made using Bearer authentication. The sent Authorization header is therefore invalid and can be rejected as a HTTP 400 (Bad Request) error.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/OAuthSwift/OAuthSwift/pull/151 **Author:** [@gufo](https://github.com/gufo) **Created:** 11/26/2015 **Status:** ✅ Merged **Merged:** 11/26/2015 **Merged by:** [@phimage](https://github.com/phimage) **Base:** `master` ← **Head:** `no-empty-bearer-tokens` --- ### 📝 Commits (1) - [`2e60d92`](https://github.com/OAuthSwift/OAuthSwift/commit/2e60d92c913057386cf69b9c80d6cccac4e52b14) Don't send emtpy Bearer tokens ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `OAuthSwift/OAuthSwiftCredential.swift` (+1 -1) </details> ### 📄 Description As per [RFC 6750](https://tools.ietf.org/html/rfc6750#section-2.1) the syntax for Bearer authentication is as follows: ``` b64token = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"=" credentials = "Bearer" 1*SP b64token ``` Note the `1*` which means "at least one repetition". By definition, when one has an OAuth2 code and uses it to request an authorization token, the request cannot be made using Bearer authentication. The sent `Authorization` header is therefore invalid and can be rejected as a HTTP 400 (Bad Request) error. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 16:49:19 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ci/action/danger

ci/action/release-drafter

pkce

ci/action/tvos

ci/travis

2.1.0

2.0.0

fix/fitbiterror

swift3

digu-demo

swift3.0objc

swift2.2

swift2.3

swift2.0

2.2.0

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

1.4.1

1.4.0

1.3.0

1.2.2

1.2.1

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

0.6.0

0.5.2

v0.5.2

0.5.1

0.5.0

0.4.8

0.4.6

v0.4.6

0.4.5

v0.4.5

0.4.4

v0.4.4

0.4.3

0.4.2

0.4.1

v0.4.1

0.4.0

v0.4.0

Swift1.x

0.3.7

v0.3.7

0.3.6

v0.3.6

0.3.5

v0.3.5

0.3.4

v0.3.4

0.3.3

v0.3.3

v0.3.2

0.3.2

0.3.1

v0.3.1

0.3.0

v0.3.0

0.2.1

0.2.0

v0.2.0

0.1.9

0.1.8

0.1.7

v0.1.7

v0.1.6

Labels

Clear labels   

bug

  

cocoapod

  

duplicate

  

enhancement

  

feature-request

  

help wanted

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

bug

cocoapod

duplicate

enhancement

feature-request

help wanted

help wanted

invalid

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/OAuthSwift#534

No description provided.