Merge pull request #63 from sowmiya/master

Passing a generated nonce string in app to app authentication flow
box · Aug 17, 2015 · c20376c · c20376c
2 parents 088f1d0 + 6a863f9
commit c20376c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/BoxContentSDK/BoxContentSDK/Clients/BOXContentClient+Authentication.m b/BoxContentSDK/BoxContentSDK/Clients/BOXContentClient+Authentication.m
@@ -165,7 +165,8 @@ - (void)presentDefaultAuthenticationWithCompletionBlock:(void (^)(BOXUser *user,
                                                                                                 clientID:self.OAuth2Session.clientID
                                                                                                URLScheme:authURLScheme
                                                                                    authRedirectURIString:self.OAuth2Session.redirectURIString];
-        BoxAppToAppMessage *authMessage = [BoxAppToAppMessage boxAppAuthorizationMessageWithState:nil currentApplication:currentApplication];
+        BoxAppToAppMessage *authMessage = [BoxAppToAppMessage boxAppAuthorizationMessageWithState:self.OAuth2Session.nonce
+                                                                               currentApplication:currentApplication];
         BoxAppToAppStatus messageDidSend = [authMessage execute];
 
         didPresentDefaultAuthentication = (messageDidSend == BoxAppToAppStatusSuccess);

diff --git a/BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h b/BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h
@@ -156,6 +156,12 @@
  */
 - (NSString *)redirectURIString;
 
+/**
+ * Returns the randomly generated nonce used to prevent spoofing attack during login
+ * @return generated nonce
+ */
+- (NSString *)nonce;
+
 #pragma mark - Token Refresh
 /** @name Token Refresh */