From 6a863f964747e3338e8b8c162254148d5ddd1cc3 Mon Sep 17 00:00:00 2001 From: Sowmiya Narayanan Date: Mon, 17 Aug 2015 14:35:12 -0700 Subject: [PATCH] Passing a generated nonce string in app to app authentication flow with box app --- .../BoxContentSDK/Clients/BOXContentClient+Authentication.m | 3 ++- BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/BoxContentSDK/BoxContentSDK/Clients/BOXContentClient+Authentication.m b/BoxContentSDK/BoxContentSDK/Clients/BOXContentClient+Authentication.m index e71041b1d..a32ffec26 100644 --- a/BoxContentSDK/BoxContentSDK/Clients/BOXContentClient+Authentication.m +++ b/BoxContentSDK/BoxContentSDK/Clients/BOXContentClient+Authentication.m @@ -165,7 +165,8 @@ - (void)presentDefaultAuthenticationWithCompletionBlock:(void (^)(BOXUser *user, clientID:self.OAuth2Session.clientID URLScheme:authURLScheme authRedirectURIString:self.OAuth2Session.redirectURIString]; - BoxAppToAppMessage *authMessage = [BoxAppToAppMessage boxAppAuthorizationMessageWithState:nil currentApplication:currentApplication]; + BoxAppToAppMessage *authMessage = [BoxAppToAppMessage boxAppAuthorizationMessageWithState:self.OAuth2Session.nonce + currentApplication:currentApplication]; BoxAppToAppStatus messageDidSend = [authMessage execute]; didPresentDefaultAuthentication = (messageDidSend == BoxAppToAppStatusSuccess); diff --git a/BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h b/BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h index 210eed5cb..b6de06626 100644 --- a/BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h +++ b/BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h @@ -156,6 +156,12 @@ */ - (NSString *)redirectURIString; +/** + * Returns the randomly generated nonce used to prevent spoofing attack during login + * @return generated nonce + */ +- (NSString *)nonce; + #pragma mark - Token Refresh /** @name Token Refresh */