starred/OAuthSwift
1
0
Fork 0
mirror of https://github.com/OAuthSwift/OAuthSwift.git synced 2026-04-26 20:55:57 +03:00
Code Issues 56 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #89] WebView Localhost Redirects / Facebook & Google / Expirations #57

New issue
Closed
opened 2026-03-03 16:45:16 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 16:45:16 +03:00
Owner
Copy link

Originally created by @stevejabs-unikey on GitHub (Aug 2, 2015).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/89

Have a few questions regarding some additional features:

1.) LinkedIn, among many networks, don't support custom url schemes that are not http or https. Right now I have hacked in some support for localhost in both my custom web view controller and in the OAuthSwift2 class to support localhost redirect_uri's. I noticed that you have a heroku app setup to assist you for that. Any chance you'll build support directly into this library?

2.) Facebook and Google seem to be doing their own custom versions of OAuth2. Any chance for support for either? Like my first question, I'm in the process of hacking in Google support. The main reason why I'd like to see support here is so that I can add multiple accounts of each to my app. Both right now in their SDKs only support one account.

3.) Will there be any future support for token expiration notification and requesting new tokens when they near their expiration dates?

Originally created by @stevejabs-unikey on GitHub (Aug 2, 2015). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/89 Have a few questions regarding some additional features: 1.) LinkedIn, among many networks, don't support custom url schemes that are not http or https. Right now I have hacked in some support for localhost in both my custom web view controller and in the OAuthSwift2 class to support localhost redirect_uri's. I noticed that you have a heroku app setup to assist you for that. Any chance you'll build support directly into this library? 2.) Facebook and Google seem to be doing their own custom versions of OAuth2. Any chance for support for either? Like my first question, I'm in the process of hacking in Google support. The main reason why I'd like to see support here is so that I can add multiple accounts of each to my app. Both right now in their SDKs only support one account. 3.) Will there be any future support for token expiration notification and requesting new tokens when they near their expiration dates?
kerem 2026-03-03 16:45:16 +03:00
kerem commented 2026-03-03 16:45:18 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Aug 8, 2015):

owner of project could have better answer but I can add some info

1/ you do the good job by hacking the web view

I think for security reason you must not use http(s) website provided by a framework like heroku that is not your own website
Owner of the website can keep all oauth token
Wiki page

  1. have a link on api? do you study the difference? have error messages?

for facebook I find in python some compliance hook
https://coveralls.io/files/822595316

3/ a) revoking token
there is RFC but not always followed
https://tools.ietf.org/html/rfc7009

POST /applications/:client_id/tokens/:access_token
POST https://api.twitter.com/oauth2/invalidate_token with access_token:access_token
POST /revoke   with token=:access_token
DELETE  /api/users/<user id>/access_token/<refresh token>

So need an revoke url and the attribute name

b) refresh token
http://tools.ietf.org/html/rfc6749#section-1.5
http://tools.ietf.org/html/rfc6749#section-6
http://tools.ietf.org/html/rfc6749#section-10.4

POST xxx/refresh?refresh_token=XXX&client_id=YYY&grant_type=refresh_token&client_secret ...

expiration currently must be handled by you in failure callback, and reconnect then

<!-- gh-comment-id:129050020 --> @phimage commented on GitHub (Aug 8, 2015): owner of project could have better answer but I can add some info 1/ you do the good job by hacking the web view I think for security reason you must not use http(s) website provided by a framework like heroku that is not your own website Owner of the website can keep all oauth token [Wiki page](https://github.com/dongri/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL) 2) have a link on api? do you study the difference? have error messages? for facebook I find in python some compliance hook https://coveralls.io/files/822595316 3/ a) revoking token there is RFC but not always followed https://tools.ietf.org/html/rfc7009 ``` POST /applications/:client_id/tokens/:access_token POST https://api.twitter.com/oauth2/invalidate_token with access_token:access_token POST /revoke with token=:access_token DELETE /api/users/<user id>/access_token/<refresh token> ``` So need an revoke url and the attribute name b) refresh token http://tools.ietf.org/html/rfc6749#section-1.5 http://tools.ietf.org/html/rfc6749#section-6 http://tools.ietf.org/html/rfc6749#section-10.4 ``` POST xxx/refresh?refresh_token=XXX&client_id=YYY&grant_type=refresh_token&client_secret ... ``` expiration currently must be handled by you in `failure` callback, and reconnect then
kerem commented 2026-03-03 16:45:18 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Nov 19, 2015):

  1. Facebook work fine and added to demo f890cb9a5c
    and maybe work only with http scheme like LinkedIn (not tested with custom one)
    https://github.com/dongri/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL
<!-- gh-comment-id:158057169 --> @phimage commented on GitHub (Nov 19, 2015): 2) Facebook work fine and added to demo f890cb9a5c4456a368410366eb0fad84d65529d1 and maybe work only with http scheme like LinkedIn (not tested with custom one) https://github.com/dongri/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL
kerem commented 2026-03-03 16:45:18 +03:00
Author
Owner
Copy link

@phimage commented on GitHub (Dec 4, 2015):

3/ Wiki page on expiration
https://github.com/dongri/OAuthSwift/wiki/OAuth-2.0-Token-Expiration

maybe I will add an utility function to check expiration (or we can throw a specific exception for that...)
I think framework will never do it automatically because many oauth provider change the code or error message

<!-- gh-comment-id:161971949 --> @phimage commented on GitHub (Dec 4, 2015): 3/ Wiki page on expiration https://github.com/dongri/OAuthSwift/wiki/OAuth-2.0-Token-Expiration maybe I will add an utility function to check expiration (or we can throw a specific exception for that...) I think framework will never do it automatically because many oauth provider change the code or error message
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
ci/action/danger
ci/action/release-drafter
pkce
ci/action/tvos
ci/travis
2.1.0
2.0.0
fix/fitbiterror
swift3
digu-demo
swift3.0objc
swift2.2
swift2.3
swift2.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.4.1
1.4.0
1.3.0
1.2.2
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.0
0.6.0
0.5.2
v0.5.2
0.5.1
0.5.0
0.4.8
0.4.6
v0.4.6
0.4.5
v0.4.5
0.4.4
v0.4.4
0.4.3
0.4.2
0.4.1
v0.4.1
0.4.0
v0.4.0
Swift1.x
0.3.7
v0.3.7
0.3.6
v0.3.6
0.3.5
v0.3.5
0.3.4
v0.3.4
0.3.3
v0.3.3
v0.3.2
0.3.2
0.3.1
v0.3.1
0.3.0
v0.3.0
0.2.1
0.2.0
v0.2.0
0.1.9
0.1.8
0.1.7
v0.1.7
v0.1.6
Labels
Clear labels   
bug

   
cocoapod

   
duplicate

   
enhancement

   
feature-request

   
help wanted

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
cocoapod
duplicate
enhancement
feature-request
help wanted
help wanted
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/OAuthSwift#57
No description provided.