[PR #576] [CLOSED] If the client_secret is empty, don't post it at all. #676

New issue

Closed

opened 2026-03-03 17:29:36 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 17:29:36 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/OAuthSwift/OAuthSwift/pull/576
Author: @bobspryn
Created: 3/5/2020
Status: ❌ Closed

Base: master ← Head: master

---

📝 Commits (1)

• 8c982e6 If the client_secret is empty, don't post it at all.

📊 Changes

1 file changed (+12 additions, -4 deletions)

View changed files

📝 Sources/OAuth2Swift.swift (+12 -4)

📄 Description

Really we shouldn't be storing a client secret in an app at all, we should be using
PKCE. Some servers will reject the request if it's a "public" app and you include
the secret. Since it would be tricky to fully make it optional in the client everywhere,
I'm changing it to just ignore empty strings.

I didn't do this everywhere, as the other methods seem to assume the client/secret credentials are being used instead of pkce.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/OAuthSwift/OAuthSwift/pull/576 **Author:** [@bobspryn](https://github.com/bobspryn) **Created:** 3/5/2020 **Status:** ❌ Closed **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`8c982e6`](https://github.com/OAuthSwift/OAuthSwift/commit/8c982e6de3aab35de25669b322aca6c3957bf72d) If the client_secret is empty, don't post it at all. ### 📊 Changes **1 file changed** (+12 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `Sources/OAuth2Swift.swift` (+12 -4) </details> ### 📄 Description Really we [shouldn't be storing a client secret in an app at all](https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/), we should be using PKCE. Some servers will reject the request if it's a "public" app and you include the secret. Since it would be tricky to fully make it optional in the client everywhere, I'm changing it to just ignore empty strings. I didn't do this everywhere, as the other methods seem to assume the client/secret credentials are being used instead of pkce. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 17:29:36 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ci/action/danger

ci/action/release-drafter

pkce

ci/action/tvos

ci/travis

2.1.0

2.0.0

fix/fitbiterror

swift3

digu-demo

swift3.0objc

swift2.2

swift2.3

swift2.0

2.2.0

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

1.4.1

1.4.0

1.3.0

1.2.2

1.2.1

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

0.6.0

0.5.2

v0.5.2

0.5.1

0.5.0

0.4.8

0.4.6

v0.4.6

0.4.5

v0.4.5

0.4.4

v0.4.4

0.4.3

0.4.2

0.4.1

v0.4.1

0.4.0

v0.4.0

Swift1.x

0.3.7

v0.3.7

0.3.6

v0.3.6

0.3.5

v0.3.5

0.3.4

v0.3.4

0.3.3

v0.3.3

v0.3.2

0.3.2

0.3.1

v0.3.1

0.3.0

v0.3.0

0.2.1

0.2.0

v0.2.0

0.1.9

0.1.8

0.1.7

v0.1.7

v0.1.6

Labels

Clear labels   

bug

  

cocoapod

  

duplicate

  

enhancement

  

feature-request

  

help wanted

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

bug

cocoapod

duplicate

enhancement

feature-request

help wanted

help wanted

invalid

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/OAuthSwift#676

No description provided.