diff --git a/NXOAuth2Client.podspec b/NXOAuth2Client.podspec index 82bd1fdd..aca05978 100644 --- a/NXOAuth2Client.podspec +++ b/NXOAuth2Client.podspec @@ -33,9 +33,9 @@ Pod::Spec.new do |s| LICENSETEXT } s.summary = 'Client library for OAuth2 (currently built against draft 10 of the OAuth2 spec) but can support several drafts.' - s.homepage = 'https://github.com/nxtbgthng/OAuth2Client' - s.author = { 'nxtbgthng' => 'team@nxtbgthng.com'} - s.source = { :git => 'https://github.com/nxtbgthng/OAuth2Client.git', :tag => "v#{s.version}" } + s.homepage = 'https://github.com/CommonQ/OAuth2Client' + s.author = { 'CommonQ' => 'qukm90@gmail.com'} + s.source = { :git => 'https://github.com/CommonQ/OAuth2Client.git', :tag => "v#{s.version}" } s.source_files = 'NXOAuth2Account+Private.h', 'Sources/', 'Sources/OAuth2Client/' s.frameworks = 'Security' s.requires_arc = true diff --git a/Sources/OAuth2Client/NXOAuth2AccessToken.h b/Sources/OAuth2Client/NXOAuth2AccessToken.h index 0953fcfb..ac6e252c 100644 --- a/Sources/OAuth2Client/NXOAuth2AccessToken.h +++ b/Sources/OAuth2Client/NXOAuth2AccessToken.h @@ -23,6 +23,7 @@ NSDate *expiresAt; NSSet *scope; NSString *responseBody; + NSString * idToken; } @property (nonatomic, readonly) NSString *accessToken; @property (nonatomic, readonly) NSString *refreshToken; @@ -32,6 +33,7 @@ @property (nonatomic, readonly) BOOL hasExpired; @property (nonatomic, readonly) NSSet *scope; @property (nonatomic, readonly) NSString *responseBody; +@property (nonatomic, readonly) NSString *idToken; + (instancetype)tokenWithResponseBody:(NSString *)responseBody; diff --git a/Sources/OAuth2Client/NXOAuth2AccessToken.m b/Sources/OAuth2Client/NXOAuth2AccessToken.m index 4ff590cd..ef45e7d7 100644 --- a/Sources/OAuth2Client/NXOAuth2AccessToken.m +++ b/Sources/OAuth2Client/NXOAuth2AccessToken.m @@ -55,6 +55,7 @@ + (instancetype)tokenWithResponseBody:(NSString *)theResponseBody tokenType:(NSS NSString *anAccessToken = [jsonDict objectForKey:@"access_token"]; NSString *aRefreshToken = [jsonDict objectForKey:@"refresh_token"]; NSObject *scopeObj = [jsonDict objectForKey:@"scope"]; + NSString *idToken = [jsonDict objectForKey:@"id_token"]; // if the response overrides token_type we take it from the response if ([jsonDict objectForKey:@"token_type"]) { @@ -80,7 +81,8 @@ + (instancetype)tokenWithResponseBody:(NSString *)theResponseBody tokenType:(NSS expiresAt:expiryDate scope:scope responseBody:theResponseBody - tokenType:tokenType]; + tokenType:tokenType + idToken:idToken]; } - (instancetype)initWithAccessToken:(NSString *)anAccessToken; @@ -112,10 +114,11 @@ - (instancetype)initWithAccessToken:(NSString *)anAccessToken refreshToken:(NSSt expiresAt:anExpiryDate scope:aScope responseBody:aResponseBody - tokenType:nil]; + tokenType:nil + idToken:nil]; } -- (instancetype)initWithAccessToken:(NSString *)anAccessToken refreshToken:(NSString *)aRefreshToken expiresAt:(NSDate *)anExpiryDate scope:(NSSet *)aScope responseBody:(NSString *)aResponseBody tokenType:(NSString *)aTokenType +- (instancetype)initWithAccessToken:(NSString *)anAccessToken refreshToken:(NSString *)aRefreshToken expiresAt:(NSDate *)anExpiryDate scope:(NSSet *)aScope responseBody:(NSString *)aResponseBody tokenType:(NSString *)aTokenType idToken:(NSString*) aIDToken { // a token object without an actual token is not what we want! NSAssert1(anAccessToken, @"No token from token response: %@", aResponseBody); @@ -131,6 +134,7 @@ - (instancetype)initWithAccessToken:(NSString *)anAccessToken refreshToken:(NSSt scope = aScope ? [aScope copy] : [[NSSet alloc] init]; responseBody = [aResponseBody copy]; tokenType = [aTokenType copy]; + idToken = [aIDToken copy]; } return self; } @@ -151,6 +155,7 @@ - (void)restoreWithOldToken:(NXOAuth2AccessToken *)oldToken; @synthesize scope; @synthesize responseBody; @synthesize tokenType; +@synthesize idToken; - (NSString*)tokenType { @@ -191,6 +196,7 @@ - (void)encodeWithCoder:(NSCoder *)aCoder [aCoder encodeObject:expiresAt forKey:@"expiresAt"]; [aCoder encodeObject:scope forKey:@"scope"]; [aCoder encodeObject:responseBody forKey:@"responseBody"]; + [aCoder encodeObject:idToken forKey:@"id_token"]; if (tokenType) { [aCoder encodeObject:tokenType forKey:@"tokenType"]; } @@ -213,6 +219,7 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder scope = [[aDecoder decodeObjectForKey:@"scope"] copy]; responseBody = [[aDecoder decodeObjectForKey:@"responseBody"] copy]; tokenType = [[aDecoder decodeObjectForKey:@"tokenType"] copy]; + idToken = [[aDecoder decodeObjectForKey:@"id_token"] copy]; } return self; } diff --git a/Sources/OAuth2Client/NXOAuth2AccountStore.h b/Sources/OAuth2Client/NXOAuth2AccountStore.h index 9325e8bf..22d927ed 100644 --- a/Sources/OAuth2Client/NXOAuth2AccountStore.h +++ b/Sources/OAuth2Client/NXOAuth2AccountStore.h @@ -144,6 +144,7 @@ typedef void(^NXOAuth2PreparedAuthorizationURLHandler)(NSURL *preparedURL); #pragma mark Handle OAuth Redirects - (BOOL)handleRedirectURL:(NSURL *)URL; -- (BOOL)handleRedirectURL:(NSURL *)aURL error: (NSError**) error; +- (BOOL)handleRedirectURL:(NSURL *)URL isLinkedin:(BOOL)isLinkedin; +- (BOOL)handleRedirectURL:(NSURL *)aURL isLinkedin:(BOOL)isLinkedin error: (NSError**) error; @end diff --git a/Sources/OAuth2Client/NXOAuth2AccountStore.m b/Sources/OAuth2Client/NXOAuth2AccountStore.m index 7f8978b2..6db6a5fd 100644 --- a/Sources/OAuth2Client/NXOAuth2AccountStore.m +++ b/Sources/OAuth2Client/NXOAuth2AccountStore.m @@ -375,7 +375,51 @@ - (NXOAuth2TrustedCertificatesHandler)trustedCertificatesHandlerForAccountType:( #pragma mark Handle OAuth Redirects - (BOOL)handleRedirectURL:(NSURL *)aURL { - return [self handleRedirectURL:aURL error:nil]; + return [self handleRedirectURL:aURL isLinkedin:NO error:nil]; +} + +-(BOOL)handleRedirectURL:(NSURL *)URL isLinkedin:(BOOL)isLinkedin +{ + return [self handleRedirectURL:URL isLinkedin:isLinkedin error:nil]; +} + +- (BOOL)handleRedirectURL:(NSURL *)aURL isLinkedin:(BOOL)isLinkedin error:(NSError **)error +{ + + __block NSURL *fixedRedirectURL = nil; + NSSet *accountTypes; + + @synchronized (self.configurations) { + accountTypes = [self.configurations keysOfEntriesPassingTest:^(id key, id obj, BOOL *stop) { + NSDictionary *configuration = obj; + NSURL *redirectURL = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationRedirectURL]; + if ( [[[aURL absoluteString] lowercaseString] hasPrefix:[[redirectURL absoluteString] lowercaseString]]) { + + // WORKAROUND: The URL which is passed to this method may be lower case also the scheme is registered in camel case. Therefor replace the prefix with the stored redirectURL. + if (fixedRedirectURL == nil) { + fixedRedirectURL = [self fixRedirectURL: aURL storedURL:redirectURL]; + } + + return YES; + } else { + return NO; + } + }]; + } + + NSString* accountType; + if (isLinkedin) { + accountType = @"LinkedinESN"; + }else{ + accountType=@"ESN"; + } + + NXOAuth2Client *client = [self pendingOAuthClientForAccountType:accountType]; + if ([client openRedirectURL:fixedRedirectURL error:error]) { + return YES; + } + + return NO; } - (BOOL)handleRedirectURL:(NSURL *)aURL error: (NSError**) error diff --git a/Sources/OAuth2Client/NXOAuth2Client.m b/Sources/OAuth2Client/NXOAuth2Client.m index 7e017539..34d5f61b 100644 --- a/Sources/OAuth2Client/NXOAuth2Client.m +++ b/Sources/OAuth2Client/NXOAuth2Client.m @@ -311,7 +311,7 @@ - (void)requestTokenWithAuthGrant:(NSString *)authGrant redirectURL:(NSURL *)red NSMutableDictionary *parameters = [NSMutableDictionary dictionaryWithObjectsAndKeys: @"authorization_code", @"grant_type", clientId, @"client_id", - clientSecret, @"client_secret", + //clientSecret, @"client_secret", [redirectURL absoluteString], @"redirect_uri", authGrant, @"code", nil];