[GH-ISSUE #95] Uber Authentication Fails with HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"} #63

New issue

Closed

opened 2026-03-03 16:45:19 +03:00 by kerem · 7 comments

kerem commented 2026-03-03 16:45:19 +03:00

Owner

Copy link

Originally created by @sephethus on GitHub (Aug 24, 2015).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/95

OAuthSwift is incompatible with Uber's API and here is why. See my code below and the explanation for why following.

func registerWithUber() {
        let params = [String: String]()
        let oauthUber = OAuth2Swift(consumerKey: CLIENT_KEY, consumerSecret: CLIENT_SECRET, authorizeUrl: AUTHORIZE_URL, accessTokenUrl: ACCESS_TOKEN_URL, responseType: "code")
        oauthUber.authorize_url_handler = WebViewController()
        oauthUber.authorizeWithCallbackURL( NSURL(string: REDIRECT_URI)!, scope: "profile", state: "", params: params, success: {
            credentials, response, parameters in
                println("We have the key here: \(credentials.oauth_token)")
                NSUserDefaults.standardUserDefaults().setObject(credentials.oauth_token, forKey: "uberToken")
                NSUserDefaults.standardUserDefaults().synchronize()
            },

            failure: { (error: NSError) -> Void in
                println("Failed: \(error.localizedDescription)")
        })

}

See step three, get an Access token: https://developer.uber.com/v1/auth/

This is where it fails.

I traced this all the way to the NSURLConnection point and beyond this I have no way to figure out what it's doing or what's not being sent or included. The client ID most definitely makes it all the way to the end. I found that the headers for me look like this:

Value: OAuth oauth_consumer_key="", oauth_nonce="99F7307C", oauth_signature="HPM9Yfsa54maDehZYJsIDcUQLwY%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1440433137", oauth_version="1.0"

It's supposed to be called "client ID not oauth_consumer_key so this may or may not be the issue.

One thing is for certain, the problem is fixed by commenting out the addition of headers inside the makeRequest() method in OAuthSwiftHTTPRequest.swift

for (key, value) in headers {
                request.setValue(value, forHTTPHeaderField: key)
}

These headers are needed for other API's however, and I am connecting with other API's as well. So this is not a good solution, but rather a big problem. Some code may need to be added somewhere in order to determine whether this is an Uber request or not.

Originally created by @sephethus on GitHub (Aug 24, 2015). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/95 OAuthSwift is incompatible with Uber's API and here is why. See my code below and the explanation for why following. ``` func registerWithUber() { let params = [String: String]() let oauthUber = OAuth2Swift(consumerKey: CLIENT_KEY, consumerSecret: CLIENT_SECRET, authorizeUrl: AUTHORIZE_URL, accessTokenUrl: ACCESS_TOKEN_URL, responseType: "code") oauthUber.authorize_url_handler = WebViewController() oauthUber.authorizeWithCallbackURL( NSURL(string: REDIRECT_URI)!, scope: "profile", state: "", params: params, success: { credentials, response, parameters in println("We have the key here: \(credentials.oauth_token)") NSUserDefaults.standardUserDefaults().setObject(credentials.oauth_token, forKey: "uberToken") NSUserDefaults.standardUserDefaults().synchronize() }, failure: { (error: NSError) -> Void in println("Failed: \(error.localizedDescription)") }) } ``` See step three, get an Access token: https://developer.uber.com/v1/auth/ This is where it fails. I traced this all the way to the NSURLConnection point and beyond this I have no way to figure out what it's doing or what's not being sent or included. The client ID most definitely makes it all the way to the end. I found that the headers for me look like this: Value: OAuth oauth_consumer_key="<my proper clientID is here>", oauth_nonce="99F7307C", oauth_signature="HPM9Yfsa54maDehZYJsIDcUQLwY%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1440433137", oauth_version="1.0" It's supposed to be called "client ID not oauth_consumer_key so this may or may not be the issue. One thing is for certain, the problem is fixed by commenting out the addition of headers inside the makeRequest() method in OAuthSwiftHTTPRequest.swift ``` for (key, value) in headers { request.setValue(value, forHTTPHeaderField: key) } ``` These headers are needed for other API's however, and I am connecting with other API's as well. So this is not a good solution, but rather a big problem. Some code may need to be added somewhere in order to determine whether this is an Uber request or not.

kerem closed this issue 2026-03-03 16:45:19 +03:00

kerem commented 2026-03-03 16:45:20 +03:00

Author

Owner

Copy link

@sephethus commented on GitHub (Aug 24, 2015):

Temporary fix by replacing code in makeRequest method inside OAuthSwiftHTTPRequest.swift with the following:

if request.URL?.host == "login.uber.com" {
          print("Uber request: Skipping headers\n")
} else {
          print("Adding Headers\n")
          for (key, value) in headers {
              request.setValue(value, forHTTPHeaderField: key)
          }
}

<!-- gh-comment-id:134298509 --> @sephethus commented on GitHub (Aug 24, 2015): Temporary fix by replacing code in makeRequest method inside OAuthSwiftHTTPRequest.swift with the following: ``` if request.URL?.host == "login.uber.com" { print("Uber request: Skipping headers\n") } else { print("Adding Headers\n") for (key, value) in headers { request.setValue(value, forHTTPHeaderField: key) } } ```

kerem commented 2026-03-03 16:45:20 +03:00

Author

Owner

Copy link

@phimage commented on GitHub (Aug 25, 2015):

headers are mandatory to connect
disable it here is not the solution

a better place is request method of OAuthSwiftClient class (also multiPartRequest, code must be factorized here)
this is where headers are created
And don't put "uber" string into your api, think about a generic solution like adding a Set of string in OAuthSwiftClient named noHeaderHost

But I think there is another problem
Your headers seem to be oauth1, maybe same issue https://github.com/dongri/OAuthSwift/issues/94
I will add code to this issue that you can test, and then in two day make a PR...

<!-- gh-comment-id:134471987 --> @phimage commented on GitHub (Aug 25, 2015): headers are mandatory to connect disable it here is not the solution a better place is request method of OAuthSwiftClient class (also multiPartRequest, code must be factorized here) this is where headers are created And don't put "uber" string into your api, think about a generic solution like adding a Set of string in OAuthSwiftClient named noHeaderHost But I think there is another problem Your headers seem to be oauth1, maybe same issue https://github.com/dongri/OAuthSwift/issues/94 I will add code to this issue that you can test, and then in two day make a PR...

kerem commented 2026-03-03 16:45:20 +03:00

Author

Owner

Copy link

@sephethus commented on GitHub (Aug 25, 2015):

No, they aren't mandatory to connect apparently, because I get a token and it authenticates ONLY if I take the headers out. My headers are OAuth2. I'm using OAuth2Swift as you can see above. Plus, as you said, postOAuthAccessTokenWithRequestTokenByCode gets called, therefore OAuth2 is set to true.

<!-- gh-comment-id:134474276 --> @sephethus commented on GitHub (Aug 25, 2015): No, they aren't mandatory to connect apparently, because I get a token and it authenticates ONLY if I take the headers out. My headers are OAuth2. I'm using OAuth2Swift as you can see above. Plus, as you said, postOAuthAccessTokenWithRequestTokenByCode gets called, therefore OAuth2 is set to true.

kerem commented 2026-03-03 16:45:21 +03:00

Author

Owner

Copy link

@phimage commented on GitHub (Aug 25, 2015):

No your header is not OAuth2....postOAuthAccessTokenWithRequestTokenByCode has not been called
Just read your header : oauth_version="1.0"
Don't mix multiple try
And the uber return "access_token" not "code" so same as #94

Then don't mix header and query parameters
There is client id in query parameters

Then see "STEP FOUR: USE BEARER TOKEN" in uber doc, header is used to authentificate request

<!-- gh-comment-id:134505561 --> @phimage commented on GitHub (Aug 25, 2015): No your header is not OAuth2....postOAuthAccessTokenWithRequestTokenByCode has not been called Just read your header : oauth_version="1.0" Don't mix multiple try And the uber return "access_token" not "code" so same as #94 Then don't mix header and query parameters There is client id in query parameters Then see "STEP FOUR: USE BEARER TOKEN" in uber doc, header is used to authentificate request

kerem commented 2026-03-03 16:45:21 +03:00

Author

Owner

Copy link

@sephethus commented on GitHub (Aug 25, 2015):

Why is that happening? I'm using OAuth2Swift when creating the object, not OAuth1Swift.

I also can put println("postOAuthAccessTokenWithRequestTokenByCode is being called") inside of that method and it prints to the debug console.

let oauthUber = OAuth2Swift(consumerKey: CLIENT_KEY, consumerSecret: CLIENT_SECRET, authorizeUrl: AUTHORIZE_URL, accessTokenUrl: ACCESS_TOKEN_URL, responseType: "code")

<!-- gh-comment-id:134576161 --> @sephethus commented on GitHub (Aug 25, 2015): Why is that happening? I'm using OAuth2Swift when creating the object, not OAuth1Swift. I also can put `println("postOAuthAccessTokenWithRequestTokenByCode is being called")` inside of that method and it prints to the debug console. ``` let oauthUber = OAuth2Swift(consumerKey: CLIENT_KEY, consumerSecret: CLIENT_SECRET, authorizeUrl: AUTHORIZE_URL, accessTokenUrl: ACCESS_TOKEN_URL, responseType: "code") ```

kerem commented 2026-03-03 16:45:21 +03:00

Author

Owner

Copy link

@dongri commented on GitHub (Aug 26, 2015):

Hi @sephethus @phimage

I Resolved Uber OAuth problem

https://github.com/dongri/OAuthSwift/pull/96/files

Thanks!

<!-- gh-comment-id:134894009 --> @dongri commented on GitHub (Aug 26, 2015): Hi @sephethus @phimage I Resolved Uber OAuth problem https://github.com/dongri/OAuthSwift/pull/96/files Thanks!

kerem commented 2026-03-03 16:45:21 +03:00

Author

Owner

Copy link

@dongri commented on GitHub (Aug 26, 2015):

Uber Wiki
https://github.com/dongri/OAuthSwift/wiki/Uber

<!-- gh-comment-id:134895246 --> @dongri commented on GitHub (Aug 26, 2015): Uber Wiki https://github.com/dongri/OAuthSwift/wiki/Uber

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ci/action/danger

ci/action/release-drafter

pkce

ci/action/tvos

ci/travis

2.1.0

2.0.0

fix/fitbiterror

swift3

digu-demo

swift3.0objc

swift2.2

swift2.3

swift2.0

2.2.0

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

1.4.1

1.4.0

1.3.0

1.2.2

1.2.1

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

0.6.0

0.5.2

v0.5.2

0.5.1

0.5.0

0.4.8

0.4.6

v0.4.6

0.4.5

v0.4.5

0.4.4

v0.4.4

0.4.3

0.4.2

0.4.1

v0.4.1

0.4.0

v0.4.0

Swift1.x

0.3.7

v0.3.7

0.3.6

v0.3.6

0.3.5

v0.3.5

0.3.4

v0.3.4

0.3.3

v0.3.3

v0.3.2

0.3.2

0.3.1

v0.3.1

0.3.0

v0.3.0

0.2.1

0.2.0

v0.2.0

0.1.9

0.1.8

0.1.7

v0.1.7

v0.1.6

Labels

Clear labels   

bug

  

cocoapod

  

duplicate

  

enhancement

  

feature-request

  

help wanted

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

bug

cocoapod

duplicate

enhancement

feature-request

help wanted

help wanted

invalid

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/OAuthSwift#63

No description provided.