search

nxtbgthng / OAuth2Client

Client library for OAuth2 (currently built against draft 10 of the OAuth2 spec)
855 stars 217 forks source link

How to Get Oauth token using Basic authorization #193

Open alchemistgo87 opened 9 years ago

alchemistgo87 commented 9 years ago

I need to get Oauth token with basic authrization. Right now I have to manually add header with base 64 of server_clientid:server_secret as follows:

+ (void)initialize;

{
    NSSet *scpe=[[NSSet alloc]initWithObjects:@"read",@"write",nil];

    [[NXOAuth2AccountStore sharedStore] setClientID:@"my_server_client_id" secret:@"my_server_secret" scope:scpe authorizationURL:[NSURL URLWithString:@"http://192.168.1.14:8080/oauth/authenticate"] tokenURL:[NSURL URLWithString:@"http://192.168.1.14:8080/oauth/token"] redirectURL:nil keyChainGroup:nil tokenType:@"access_token" forAccountType:@"DNI"];

    NSMutableDictionary *configuration = [NSMutableDictionary dictionaryWithDictionary:[[NXOAuth2AccountStore sharedStore] configurationForAccountType:@"DNI"]];

    NSMutableDictionary *customHeaderFields = [NSMutableDictionary new ];

    [customHeaderFields setValue:@"application/x-www-form-urlencoded" forKey:@"Content-Type"];

    [customHeaderFields setValue:[NSString stringWithFormat:@"Basic %@",[MVHelpers getBase64FromClient:@"my_server_client_id" andSecret:@"my_server_secret"]] forKey:@"Authorization"];

//dictionaryWithObject:@"application/x-www-form-urlencoded" forKey:@"Content-Type"];

    [configuration setObject:customHeaderFields.mutableCopy forKey:kNXOAuth2AccountStoreConfigurationCustomHeaderFields];

    [[NXOAuth2AccountStore sharedStore] setConfiguration:configuration forAccountType:@"DNI"];

}

Is there some proper way to do this?

Also everything works fine(access_token and refresh_tokens are retrieved) with the above, but there is an issue. When the access_token expires, we get a crash as provided in the screen:

screen1 screen2

toto commented 9 years ago

This does not seem like correct OAuth2 instead the key/secret are used as username/password in a basic auth. This is not supported since it's not OAuth2.

alchemistgo87 commented 9 years ago

In oauth2, to retrieve the access_token from server don't we have to use Basic authorization first. After that bearer token is send for each api. What else would you do to login a user?