-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth2PasswordGrant should parse refresh token #47
Comments
Yes, you're correct with both observations. Thanks!
|
So for your first issue, this is merely a question of wording. The password grant (and the |
@p2 after re-reading the IETF specs, you are absolutely right about the |
No worries, I was confused as well since it's the endpoint that gives you a token. |
@p2, any news (ETA) about the refresh token issue? |
I have unfinished work on another machine, was sidetracked by a release that happened yesterday. Hope to resume soon. |
Ok nice ! 👍 Thanks |
Not to be argumentative, but I disagree that it should use the parameter name The RFC says that an OAuth 2.0 server has to implement two endpoints - one is called the 'authorization' endpoint, and the other the 'token' endpoint. The 'authorization' endpoint is only used for the 'authorization code' and 'implicit' grant flows. It presents a login form to the user, then redirects back to an application. The 'token' endpoint is used for all other grant types, and it is a REST/JSON endpoint. So the endpoints have quite different functions. It makes sense for an OAuth client library to accept configuration of both endpoint URLs, then pick the appropriate one automatically for the grant type that is being used. When you have config parameters named https://tools.ietf.org/html/rfc6749#section-3
https://tools.ietf.org/html/rfc6749#section-3.2
Just my two cents. |
Yes, that's great reasoning, agreed. Damien can rename the issue back to the original title, then. :) Migrating the refresh token mechanism requires a bit of a rewrite to be clean and I'm stuck halfway through, still busy with other projects, so it will be a while. |
I've committed a fix for this for my own use, thought i would send a PR in case it helps. Not sure if you want to refactor further though. |
Yes, that's about what I have so far as well. I'm not quite happy with the bloat it adds to the base class, but since I won't get to refactoring too soon that's good enough, thanks! |
Thanks to @glennschmidt this has been fixed in #52 I presume. Can you confirm, @damienrambout ? |
Sorry for the late answer. I guess this should solve my problem :) Anyway, I think you could release a new version including this pull request. |
I'm still doing some rewriting on the develop branch which also incorporates this merge, just don't have the time ATM to properly finish everything. As for the Pod issue, would it work if you added |
It won't work adding You might want to add a dependency to |
Right now, I should be able to test it using a local pod based on a git submodule. |
Pod dependency would be good, but I have to see how that plays with compiling the module where the Keychain classes are compiled within (which I prefer since I don't use Pods myself). Would be cool if you could report your testing. |
I've been testing the refresh feature (i.e. calling I've been investigating and basically it occurs because Basically, this can be solved either by removing the lines checking for |
Thanks for testing! Yes, possible that these things happen on the latest
|
I've pushed some changes, one is to make SwiftKeychain a dependency in CoocaPods, the other one to not require redirect_url when refreshing a token. I'm not sure how to test the CocoaPods update without pushing, and I don't have a password grant endpoint to test the refresh. If you get a chance let me know how it works! |
It would work if changed as follows, but s.pod_target_xcconfig = { 'OTHER_SWIFT_FLAGS' => '-DIMPORT_SWIFT_KEYCHAIN' } |
just wanted to say that I am also looking forward for the refreshToken support in OAuth2PasswordGrant |
No worries about the duplicate. ;) You can try the develop branch, it's already implemented there but I'll do more testing.
|
will try the develop branch, thanks! |
what would be the best/easiest way to switch from cocoapod to the develop branch? |
Not a CocoaPods guy myself, but looking at the docs it seems something like this could work:
|
thanks again - did not know that is is possible to select the branches in cocoapods - should have RTFM ;-) |
Haven't tested, so I don't know how well it works. |
has problem because the SwiftKeychain stuff is not correctly added to the project |
Ah right; I've just pushed a change to make it a dependency on iOS, can you try again? |
ok, that works, got it running again now I run into the problem that |
Thanks a lot for testing. Let me fix that... |
Alright, should be fixed. |
👍 works! |
Great! @damienrambout This should now also work for you, via CocoaPods. Thanks for testing! |
Finalized in version 2.1 |
🎉 |
Hi,
I'm using
OAuth2PasswordGrant
in my project and I don't think the "password" flow is fully implemented.First,
OAuth2PasswordGrant
will try to use theauthorization_uri
instead of thetoken_uri
to request andaccess_token
using theusername
andpassword
. (This can be hacked by using the a token uri as theauthorization_uri
value).Second, I believe all grant types allow to refresh
access_token
using therefresh_token
. I just see this implemented inOAuth2CodeGrant
. I think all the refresh logic (refreshToken
,doRefreshToken()
, ...) should be shared withOAuth2PasswordGrant
.Cheers.
The text was updated successfully, but these errors were encountered: