Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing a generated nonce string in app to app authentication flow #63

Merged
merged 1 commit into from
Aug 17, 2015
Merged

Passing a generated nonce string in app to app authentication flow #63

merged 1 commit into from
Aug 17, 2015

Conversation

sowmiya
Copy link
Contributor

@sowmiya sowmiya commented Aug 17, 2015

with box app

@boxcla
Copy link

boxcla commented Aug 17, 2015

Hi @sowmiya, thanks for the pull request. Before we can merge it, we need you to sign our Contributor License Agreement. You can do so electronically here: http://opensource.box.com/cla

Once you have signed, just add a comment to this pull request saying, "CLA signed". Thanks!

boxtcarpel
boxtcarpel reviewed Aug 17, 2015
View reviewed changes
BoxContentSDK/BoxContentSDK/OAuth2/BOXOAuth2Session.h
* Returns the randomly generated nonce used to prevent spoofing attack during login
* @return generated nonce
*/
- (NSString *)nonce;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason that we should not expose this in the header? (in other words, in your thought process what were the pros and cons, or does this just make sense as-is?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I can tell, we are not allowing users to modify this string by exposing it in the header. Also once generated, it remains the same so we wont run into any inconsistency in value.

@boxtcarpel
Copy link
Contributor

+2 LGTM, Glad it was just the one step that was missing in the chain.

sowmiya added a commit that referenced this pull request Aug 17, 2015
@sowmiya
Merge pull request #63 from sowmiya/master
c20376c 
Passing a generated nonce string in app to app authentication flow
@sowmiya sowmiya merged commit c20376c into box:master Aug 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@boxtcarpel boxtcarpel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sowmiya @boxcla @boxtcarpel