From 92b1630e163a2aa64a0472dba873a283f0e4a5fc Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Fri, 28 Apr 2023 08:45:20 +0200 Subject: [PATCH 01/12] introduce addtional http headers to OIDTokenRequest --- .../Source/AppAuthExampleViewController.m | 9 +- .../Source/AppAuthExampleViewController.m | 9 +- .../Source/AppAuthExampleViewController.swift | 9 +- .../AppAuthTVExampleViewController.m | 3 +- README.md | 12 ++- Source/AppAuthCore/OIDAuthState.m | 3 +- Source/AppAuthCore/OIDAuthorizationRequest.h | 17 +++- Source/AppAuthCore/OIDAuthorizationRequest.m | 31 +++++-- Source/AppAuthCore/OIDAuthorizationResponse.h | 4 +- Source/AppAuthCore/OIDAuthorizationResponse.m | 9 +- Source/AppAuthCore/OIDTokenRequest.h | 12 ++- Source/AppAuthCore/OIDTokenRequest.m | 40 +++++++-- Source/AppAuthTV/OIDTVAuthorizationRequest.h | 4 +- Source/AppAuthTV/OIDTVAuthorizationRequest.m | 12 ++- Source/AppAuthTV/OIDTVAuthorizationResponse.h | 4 +- Source/AppAuthTV/OIDTVAuthorizationResponse.m | 9 +- Source/AppAuthTV/OIDTVTokenRequest.h | 13 ++- Source/AppAuthTV/OIDTVTokenRequest.m | 13 ++- .../OIDTVAuthorizationRequestTests.m | 29 +++++-- .../OIDTVAuthorizationResponseTests.m | 19 ++++- UnitTests/AppAuthTV/OIDTVTokenRequestTests.m | 13 ++- UnitTests/OIDAuthorizationRequestTests.m | 85 ++++++++++++++----- UnitTests/OIDRPProfileCode.m | 3 +- UnitTests/OIDTokenRequestTests.m | 37 ++++++-- 24 files changed, 314 insertions(+), 85 deletions(-) diff --git a/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m b/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m index dc76a8c9c..16168347d 100644 --- a/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m +++ b/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m @@ -177,7 +177,8 @@ - (void)doClientRegistration:(OIDServiceConfiguration *)configuration grantTypes:nil subjectType:nil tokenEndpointAuthMethod:@"client_secret_post" - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs registration request [self logMessage:@"Initiating registration request"]; @@ -206,7 +207,8 @@ - (void)doAuthWithAutoCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request with scope: %@", request.scope]; @@ -239,7 +241,8 @@ - (void)doAuthWithoutCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request %@", request]; diff --git a/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m b/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m index 2c3ebe03e..dc3ac368e 100644 --- a/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m +++ b/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m @@ -179,7 +179,8 @@ - (void)doClientRegistration:(OIDServiceConfiguration *)configuration grantTypes:nil subjectType:nil tokenEndpointAuthMethod:@"client_secret_post" - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs registration request [self logMessage:@"Initiating registration request"]; @@ -208,7 +209,8 @@ - (void)doAuthWithAutoCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request with scope: %@", request.scope]; @@ -241,7 +243,8 @@ - (void)doAuthWithoutCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request %@", request]; diff --git a/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift b/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift index f70540472..dabc27afb 100644 --- a/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift +++ b/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift @@ -349,7 +349,8 @@ extension AppAuthExampleViewController { grantTypes: nil, subjectType: nil, tokenEndpointAuthMethod: "client_secret_post", - additionalParameters: nil) + additionalParameters: nil, + additionalHeaders: nil) // performs registration request self.logMessage("Initiating registration request") @@ -386,7 +387,8 @@ extension AppAuthExampleViewController { scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: redirectURI, responseType: OIDResponseTypeCode, - additionalParameters: nil) + additionalParameters: nil, + additionalHeaders: nil) // performs authentication request logMessage("Initiating authorization request with scope: \(request.scope ?? "DEFAULT_SCOPE")") @@ -422,7 +424,8 @@ extension AppAuthExampleViewController { scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: redirectURI, responseType: OIDResponseTypeCode, - additionalParameters: nil) + additionalParameters: nil, + additionalHeaders: nil) // performs authentication request logMessage("Initiating authorization request with scope: \(request.scope ?? "DEFAULT_SCOPE")") diff --git a/Examples/Example-tvOS/Example-tvOS/AppAuthTVExampleViewController.m b/Examples/Example-tvOS/Example-tvOS/AppAuthTVExampleViewController.m index 3d461619d..e97b0d204 100644 --- a/Examples/Example-tvOS/Example-tvOS/AppAuthTVExampleViewController.m +++ b/Examples/Example-tvOS/Example-tvOS/AppAuthTVExampleViewController.m @@ -176,7 +176,8 @@ - (void)performAuthorizationWithConfiguration:(OIDTVServiceConfiguration *)confi clientId:kClientID clientSecret:kClientSecret scopes:@[ OIDScopeOpenID, OIDScopeProfile ] - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; OIDTVAuthorizationInitialization initBlock = ^(OIDTVAuthorizationResponse *_Nullable response, NSError *_Nullable error) { diff --git a/README.md b/README.md index 78f79959f..6221a66b2 100644 --- a/README.md +++ b/README.md @@ -319,7 +319,8 @@ OIDAuthorizationRequest *request = OIDScopeProfile] redirectURL:kRedirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request AppDelegate *appDelegate = @@ -349,7 +350,8 @@ let request = OIDAuthorizationRequest(configuration: configuration, scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: redirectURI, responseType: OIDResponseTypeCode, - additionalParameters: nil) + additionalParameters: nil, + additionalHeaders:nil) // performs authentication request print("Initiating authorization request with scope: \(request.scope ?? "nil")") @@ -467,7 +469,8 @@ OIDAuthorizationRequest *request = scopes:@[ OIDScopeOpenID ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request __weak __typeof(self) weakSelf = self; _redirectHTTPHandler.currentAuthorizationFlow = @@ -516,7 +519,8 @@ OIDTVAuthorizationRequest *request = clientId:kClientID clientSecret:kClientSecret scopes:@[ OIDScopeOpenID, OIDScopeProfile ] - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; // performs authentication request OIDTVAuthorizationInitialization initBlock = diff --git a/Source/AppAuthCore/OIDAuthState.m b/Source/AppAuthCore/OIDAuthState.m index fe8a16221..0d6400a11 100644 --- a/Source/AppAuthCore/OIDAuthState.m +++ b/Source/AppAuthCore/OIDAuthState.m @@ -442,7 +442,8 @@ - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: scope:nil refreshToken:_refreshToken codeVerifier:nil - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:nil]; } #pragma mark - Stateful Actions diff --git a/Source/AppAuthCore/OIDAuthorizationRequest.h b/Source/AppAuthCore/OIDAuthorizationRequest.h index 594f01d87..40659be22 100644 --- a/Source/AppAuthCore/OIDAuthorizationRequest.h +++ b/Source/AppAuthCore/OIDAuthorizationRequest.h @@ -134,9 +134,14 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; */ @property(nonatomic, readonly, nullable) NSDictionary *additionalParameters; +/*! @brief The client's additional authorization header. + @see https://tools.ietf.org/html/rfc6749#section-3.2 + */ +@property(nonatomic, readonly, nullable) NSDictionary *additionalHeaders; + /*! @internal @brief Unavailable. Please use - @c initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:. + @c initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:additionalHeaders:. */ - (instancetype)init NS_UNAVAILABLE; @@ -148,6 +153,7 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; @param redirectURL The client's redirect URI. @param responseType The expected response type. @param additionalParameters The client's additional authorization parameters. + @param additionalHeaders The client's additional authorization headers. @remarks This convenience initializer generates a state parameter and PKCE challenges automatically. */ @@ -157,7 +163,8 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters; + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders; /*! @brief Creates an authorization request with opinionated defaults (a secure @c state, @c nonce, and PKCE with S256 as the @c code_challenge_method). @@ -168,6 +175,7 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; @param redirectURL The client's redirect URI. @param responseType The expected response type. @param additionalParameters The client's additional authorization parameters. + @param additionalHeaders The client's additional authorization headers. @remarks This convenience initializer generates a state parameter and PKCE challenges automatically. */ @@ -178,7 +186,8 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters; + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders; /*! @brief Designated initializer. @param configuration The service's configuration. @@ -199,6 +208,7 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; @c OIDAuthorizationRequest.codeChallengeS256ForVerifier: is used to create the code challenge. @param additionalParameters The client's additional authorization parameters. + @param additionalHeaders The client's additional authorization headers. */ - (instancetype) initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -213,6 +223,7 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; codeChallenge:(nullable NSString *)codeChallenge codeChallengeMethod:(nullable NSString *)codeChallengeMethod additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders NS_DESIGNATED_INITIALIZER; /*! @brief Constructs the request URI by adding the request parameters to the query component of the diff --git a/Source/AppAuthCore/OIDAuthorizationRequest.m b/Source/AppAuthCore/OIDAuthorizationRequest.m index ccfacda0f..96a5bdbc0 100644 --- a/Source/AppAuthCore/OIDAuthorizationRequest.m +++ b/Source/AppAuthCore/OIDAuthorizationRequest.m @@ -76,6 +76,11 @@ */ static NSString *const kAdditionalParametersKey = @"additionalParameters"; +/*! @brief Key used to encode the @c additionalHeaders property for + @c NSSecureCoding + */ +static NSString *const kAdditionalHeadersKey = @"additionalHeaders"; + /*! @brief Number of random bytes generated for the @ state. */ static NSUInteger const kStateSizeBytes = 32; @@ -102,7 +107,8 @@ - (instancetype)init scopes: redirectURL: responseType: - additionalParameters:) + additionalParameters: + additionalHeaders:) ) /*! @brief Check if the response type is one AppAuth supports @@ -134,6 +140,7 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeChallenge:(nullable NSString *)codeChallenge codeChallengeMethod:(nullable NSString *)codeChallengeMethod additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { self = [super init]; if (self) { @@ -155,6 +162,9 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration _additionalParameters = [[NSDictionary alloc] initWithDictionary:additionalParameters copyItems:YES]; + + _additionalHeaders = + [[NSDictionary alloc] initWithDictionary:additionalHeaders copyItems:YES]; } return self; } @@ -166,7 +176,8 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters { + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { // generates PKCE code verifier and challenge NSString *codeVerifier = [[self class] generateCodeVerifier]; @@ -183,7 +194,8 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeVerifier:codeVerifier codeChallenge:codeChallenge codeChallengeMethod:OIDOAuthorizationRequestCodeChallengeMethodS256 - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } - (instancetype) @@ -192,14 +204,16 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters { + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { return [self initWithConfiguration:configuration clientId:clientID clientSecret:nil scopes:scopes redirectURL:redirectURL responseType:responseType - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } #pragma mark - NSCopying @@ -241,6 +255,9 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { NSDictionary *additionalParameters = [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses forKey:kAdditionalParametersKey]; + NSDictionary *additionalHeaders = + [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses + forKey:kAdditionalHeadersKey]; self = [self initWithConfiguration:configuration clientId:clientID @@ -253,7 +270,8 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { codeVerifier:codeVerifier codeChallenge:codeChallenge codeChallengeMethod:codeChallengeMethod - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; return self; } @@ -270,6 +288,7 @@ - (void)encodeWithCoder:(NSCoder *)aCoder { [aCoder encodeObject:_codeChallenge forKey:kCodeChallengeKey]; [aCoder encodeObject:_codeChallengeMethod forKey:kCodeChallengeMethodKey]; [aCoder encodeObject:_additionalParameters forKey:kAdditionalParametersKey]; + [aCoder encodeObject:_additionalHeaders forKey:kAdditionalHeadersKey]; } #pragma mark - NSObject overrides diff --git a/Source/AppAuthCore/OIDAuthorizationResponse.h b/Source/AppAuthCore/OIDAuthorizationResponse.h index e7552fe59..2a10c81f2 100644 --- a/Source/AppAuthCore/OIDAuthorizationResponse.h +++ b/Source/AppAuthCore/OIDAuthorizationResponse.h @@ -121,7 +121,9 @@ NS_ASSUME_NONNULL_BEGIN @see https://tools.ietf.org/html/rfc6749#section-4.1.3 */ - (nullable OIDTokenRequest *)tokenExchangeRequestWithAdditionalParameters: - (nullable NSDictionary *)additionalParameters; + (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders; @end diff --git a/Source/AppAuthCore/OIDAuthorizationResponse.m b/Source/AppAuthCore/OIDAuthorizationResponse.m index a8f92c75e..5c998a966 100644 --- a/Source/AppAuthCore/OIDAuthorizationResponse.m +++ b/Source/AppAuthCore/OIDAuthorizationResponse.m @@ -184,11 +184,13 @@ - (NSString *)description { #pragma mark - - (OIDTokenRequest *)tokenExchangeRequest { - return [self tokenExchangeRequestWithAdditionalParameters:nil]; + return [self tokenExchangeRequestWithAdditionalParameters:nil additionalHeaders:nil]; } - (OIDTokenRequest *)tokenExchangeRequestWithAdditionalParameters: - (NSDictionary *)additionalParameters { + (NSDictionary *)additionalParameters + additionalHeaders: + (NSDictionary *)additionalHeaders { // TODO: add a unit test to confirm exception is thrown when expected and the request is created // with the correct parameters. if (!_authorizationCode) { @@ -204,7 +206,8 @@ - (OIDTokenRequest *)tokenExchangeRequestWithAdditionalParameters: scope:nil refreshToken:nil codeVerifier:_request.codeVerifier - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } @end diff --git a/Source/AppAuthCore/OIDTokenRequest.h b/Source/AppAuthCore/OIDTokenRequest.h index 399294e8c..e4b12d9ef 100644 --- a/Source/AppAuthCore/OIDTokenRequest.h +++ b/Source/AppAuthCore/OIDTokenRequest.h @@ -95,9 +95,13 @@ NS_ASSUME_NONNULL_BEGIN */ @property(nonatomic, readonly, nullable) NSDictionary *additionalParameters; +/*! @brief The client's additional token request headers. + */ +@property(nonatomic, readonly, nullable) NSDictionary *additionalHeaders; + /*! @internal @brief Unavailable. Please use - initWithConfiguration:grantType:code:redirectURL:clientID:additionalParameters:. + initWithConfiguration:grantType:code:redirectURL:clientID:additionalParameters:additionalHeaders:. */ - (instancetype)init NS_UNAVAILABLE; @@ -113,6 +117,7 @@ NS_ASSUME_NONNULL_BEGIN @param refreshToken The refresh token. @param codeVerifier The PKCE code verifier. @param additionalParameters The client's additional token request parameters. + @param additionalHeaders The client's additional token request headers. */ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration grantType:(NSString *)grantType @@ -123,7 +128,8 @@ NS_ASSUME_NONNULL_BEGIN scopes:(nullable NSArray *)scopes refreshToken:(nullable NSString *)refreshToken codeVerifier:(nullable NSString *)codeVerifier - additionalParameters:(nullable NSDictionary *)additionalParameters; + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeader; /*! @brief Designated initializer. @param configuration The service's configuration. @@ -139,6 +145,7 @@ NS_ASSUME_NONNULL_BEGIN @param refreshToken The refresh token. @param codeVerifier The PKCE code verifier. @param additionalParameters The client's additional token request parameters. + @param additionalHeaders The client's additional token request headers. */ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration grantType:(NSString *)grantType @@ -150,6 +157,7 @@ NS_ASSUME_NONNULL_BEGIN refreshToken:(nullable NSString *)refreshToken codeVerifier:(nullable NSString *)codeVerifier additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeader; NS_DESIGNATED_INITIALIZER; /*! @brief Designated initializer for NSSecureCoding. diff --git a/Source/AppAuthCore/OIDTokenRequest.m b/Source/AppAuthCore/OIDTokenRequest.m index 5ed8a17ef..28185b2f3 100644 --- a/Source/AppAuthCore/OIDTokenRequest.m +++ b/Source/AppAuthCore/OIDTokenRequest.m @@ -67,6 +67,11 @@ */ static NSString *const kAdditionalParametersKey = @"additionalParameters"; +/*! @brief Key used to encode the @c additionalHeaders property for + @c NSSecureCoding + */ +static NSString *const kAdditionalHeadersKey = @"additionalHeaders"; + @implementation OIDTokenRequest - (instancetype)init @@ -80,7 +85,8 @@ - (instancetype)init scope: refreshToken: codeVerifier: - additionalParameters:) + additionalParameters: + additionalHeaders:) ) - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -92,7 +98,8 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scopes:(nullable NSArray *)scopes refreshToken:(nullable NSString *)refreshToken codeVerifier:(nullable NSString *)codeVerifier - additionalParameters:(nullable NSDictionary *)additionalParameters { + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { return [self initWithConfiguration:configuration grantType:grantType authorizationCode:code @@ -102,7 +109,8 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scope:[OIDScopeUtilities scopesWithArray:scopes] refreshToken:refreshToken codeVerifier:(NSString *)codeVerifier - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -114,7 +122,9 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scope:(nullable NSString *)scope refreshToken:(nullable NSString *)refreshToken codeVerifier:(nullable NSString *)codeVerifier - additionalParameters:(nullable NSDictionary *)additionalParameters { + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { +{ self = [super init]; if (self) { _configuration = [configuration copy]; @@ -128,6 +138,8 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration _codeVerifier = [codeVerifier copy]; _additionalParameters = [[NSDictionary alloc] initWithDictionary:additionalParameters copyItems:YES]; + _additionalHeaders = + [[NSDictionary alloc] initWithDictionary:additionalHeaders copyItems:YES]; // Additional validation for the authorization_code grant type if ([_grantType isEqual:OIDGrantTypeAuthorizationCode]) { @@ -174,9 +186,18 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { [NSDictionary class], [NSString class] ]]; + NSDictionary *additionalParameters = - [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses - forKey:kAdditionalParametersKey]; + [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses forKey:kAdditionalParametersKey]; + + + NSSet *additionalHeaderCodingClasses = [NSSet setWithArray:@[ + [NSDictionary class], + [NSString class] + ]]; + + NSDictionary *additionalHeaders = + [aDecoder decodeObjectOfClasses:additionalHeaderCodingClasses forKey:kAdditionalHeadersKey]; self = [super init]; if (self) { @@ -191,6 +212,8 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { _codeVerifier = [codeVerifier copy]; _additionalParameters = [[NSDictionary alloc] initWithDictionary:additionalParameters copyItems:YES]; + _additionalHeaders = + [[NSDictionary alloc] initWithDictionary:additionalHeaders copyItems:YES]; } return self; } @@ -206,6 +229,7 @@ - (void)encodeWithCoder:(NSCoder *)aCoder { [aCoder encodeObject:_refreshToken forKey:kRefreshTokenKey]; [aCoder encodeObject:_codeVerifier forKey:kCodeVerifierKey]; [aCoder encodeObject:_additionalParameters forKey:kAdditionalParametersKey]; + [aCoder encodeObject:_additionalHeaders forKey:kAdditionalHeadersKey]; } #pragma mark - NSObject overrides @@ -305,6 +329,10 @@ - (NSURLRequest *)URLRequest { for (id header in httpHeaders) { [URLRequest setValue:httpHeaders[header] forHTTPHeaderField:header]; } + + for (id header in _additionalHeaders) { + [URLRequest setValue:httpHeaders[header] forHTTPHeaderField:header]; + } return URLRequest; } diff --git a/Source/AppAuthTV/OIDTVAuthorizationRequest.h b/Source/AppAuthTV/OIDTVAuthorizationRequest.h index 2496948f1..ecd7bfe6f 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationRequest.h +++ b/Source/AppAuthTV/OIDTVAuthorizationRequest.h @@ -35,13 +35,15 @@ NS_ASSUME_NONNULL_BEGIN @param clientSecret The client secret. @param scopes An array of scopes to combine into a single scope string per the OAuth2 spec. @param additionalParameters The client's additional authorization parameters. + @param additionalHeaders The client's additional authorization headers. */ - (instancetype) initWithConfiguration:(OIDTVServiceConfiguration *)configuration clientId:(NSString *)clientID clientSecret:(NSString *)clientSecret scopes:(nullable NSArray *)scopes - additionalParameters:(nullable NSDictionary *)additionalParameters; + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders; /*! @brief Constructs an @c NSURLRequest representing the TV authorization request. @return An @c NSURLRequest representing the TV authorization request. diff --git a/Source/AppAuthTV/OIDTVAuthorizationRequest.m b/Source/AppAuthTV/OIDTVAuthorizationRequest.m index da524d388..7ed13e642 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationRequest.m +++ b/Source/AppAuthTV/OIDTVAuthorizationRequest.m @@ -33,7 +33,8 @@ @implementation OIDTVAuthorizationRequest codeVerifier:(nullable NSString *)codeVerifier codeChallenge:(nullable NSString *)codeChallenge codeChallengeMethod:(nullable NSString *)codeChallengeMethod - additionalParameters:(nullable NSDictionary *)additionalParameters { + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { if (![configuration isKindOfClass:[OIDTVServiceConfiguration class]]) { NSAssert([configuration isKindOfClass:[OIDTVServiceConfiguration class]], @@ -53,7 +54,8 @@ @implementation OIDTVAuthorizationRequest codeVerifier:codeVerifier codeChallenge:codeChallenge codeChallengeMethod:codeChallengeMethod - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } - (instancetype) @@ -61,14 +63,16 @@ @implementation OIDTVAuthorizationRequest clientId:(NSString *)clientID clientSecret:(NSString *)clientSecret scopes:(nullable NSArray *)scopes - additionalParameters:(nullable NSDictionary *)additionalParameters { + additionalParameters:(nullable NSDictionary *)additionalParameters + additionalHeaders:(nullable NSDictionary *)additionalHeaders { return [self initWithConfiguration:configuration clientId:clientID clientSecret:clientSecret scopes:scopes redirectURL:[[NSURL alloc] initWithString:@""] responseType:OIDResponseTypeCode - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } #pragma mark - NSObject overrides diff --git a/Source/AppAuthTV/OIDTVAuthorizationResponse.h b/Source/AppAuthTV/OIDTVAuthorizationResponse.h index d3bed1e97..d158c0cf7 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationResponse.h +++ b/Source/AppAuthTV/OIDTVAuthorizationResponse.h @@ -85,7 +85,9 @@ NS_ASSUME_NONNULL_BEGIN @see https://tools.ietf.org/html/rfc8628#section-3.4 */ - (nullable OIDTVTokenRequest *)tokenPollRequestWithAdditionalParameters: - (nullable NSDictionary *)additionalParameters; + (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders; @end diff --git a/Source/AppAuthTV/OIDTVAuthorizationResponse.m b/Source/AppAuthTV/OIDTVAuthorizationResponse.m index 71b9e8f04..7ad1ca596 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationResponse.m +++ b/Source/AppAuthTV/OIDTVAuthorizationResponse.m @@ -149,17 +149,20 @@ - (NSString *)description { #pragma mark - - (OIDTVTokenRequest *)tokenPollRequest { - return [self tokenPollRequestWithAdditionalParameters:nil]; + return [self tokenPollRequestWithAdditionalParameters:nil additionalHeaders:nil]; } - (OIDTVTokenRequest *)tokenPollRequestWithAdditionalParameters: - (NSDictionary *)additionalParameters { + (NSDictionary *)additionalParameters + additionalHeaders: + (NSDictionary *)additionalHeaders { return [[OIDTVTokenRequest alloc] initWithConfiguration:(OIDTVServiceConfiguration *)self.request.configuration deviceCode:_deviceCode clientID:self.request.clientID clientSecret:self.request.clientSecret - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; } @end diff --git a/Source/AppAuthTV/OIDTVTokenRequest.h b/Source/AppAuthTV/OIDTVTokenRequest.h index 5a81c7434..021dc9b9d 100644 --- a/Source/AppAuthTV/OIDTVTokenRequest.h +++ b/Source/AppAuthTV/OIDTVTokenRequest.h @@ -35,14 +35,14 @@ NS_ASSUME_NONNULL_BEGIN /*! @internal @brief Unavailable. Please use - @c initWithConfiguration:deviceCode:clientID:clientSecret:additionalParameters: + @c initWithConfiguration:deviceCode:clientID:clientSecret:additionalParameters:additionalHeaders: or @c initWithCoder:. */ - (instancetype)init NS_UNAVAILABLE; /*! @internal @brief Unavailable. Please use - @c initWithConfiguration:deviceCode:clientID:clientSecret:additionalParameters: + @c initWithConfiguration:deviceCode:clientID:clientSecret:additionalParameters:additionalHeaders: or @c initWithCoder:. */ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -56,11 +56,13 @@ NS_ASSUME_NONNULL_BEGIN codeVerifier:(nullable NSString *)codeVerifier additionalParameters: (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders NS_UNAVAILABLE; /*! @internal @brief Unavailable. Please use - @c initWithConfiguration:deviceCode:clientID:clientSecret:additionalParameters: + @c initWithConfiguration:deviceCode:clientID:clientSecret:additionalParameters:additionalHeaders: or @c initWithCoder:. */ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -74,6 +76,8 @@ NS_ASSUME_NONNULL_BEGIN codeVerifier:(nullable NSString *)codeVerifier additionalParameters: (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders NS_UNAVAILABLE; /*! @brief Designated initializer. @@ -82,6 +86,7 @@ NS_ASSUME_NONNULL_BEGIN @param clientID The client identifier. @param clientSecret The client secret (nullable). @param additionalParameters The client's additional token request parameters. + @param additionalHeaders The client's additional token request headers. */ - (instancetype)initWithConfiguration:(OIDTVServiceConfiguration *)configuration deviceCode:(NSString *)deviceCode @@ -89,6 +94,8 @@ NS_ASSUME_NONNULL_BEGIN clientSecret:(nullable NSString *)clientSecret additionalParameters: (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders NS_DESIGNATED_INITIALIZER; /*! @brief Designated initializer for NSSecureCoding. diff --git a/Source/AppAuthTV/OIDTVTokenRequest.m b/Source/AppAuthTV/OIDTVTokenRequest.m index 88874a817..ed5e4d3f2 100644 --- a/Source/AppAuthTV/OIDTVTokenRequest.m +++ b/Source/AppAuthTV/OIDTVTokenRequest.m @@ -43,6 +43,7 @@ - (instancetype)init OID_UNAVAILABLE_USE_INITIALIZER(@selector clientID: clientSecret: additionalParameters: + additionalHeaders: )) - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -56,12 +57,15 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeVerifier:(nullable NSString *)codeVerifier additionalParameters: (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders OID_UNAVAILABLE_USE_INITIALIZER(@selector (initWithConfiguration: deviceCode: clientID: clientSecret: additionalParameters: + additionalHeaders: )) - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -75,19 +79,23 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeVerifier:(nullable NSString *)codeVerifier additionalParameters: (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders OID_UNAVAILABLE_USE_INITIALIZER(@selector (initWithConfiguration: deviceCode: clientID: clientSecret: additionalParameters: + additionalHeaders: )) - (instancetype)initWithConfiguration:(OIDTVServiceConfiguration *)configuration deviceCode:(NSString *)deviceCode clientID:(NSString *)clientID clientSecret:(NSString *)clientSecret - additionalParameters:(NSDictionary *)additionalParameters { + additionalParameters:(NSDictionary *)additionalParameters + additionalHeaders:(NSDictionary *)additionalHeaders { self = [super initWithConfiguration:configuration grantType:kOIDTVDeviceTokenGrantType authorizationCode:nil @@ -97,7 +105,8 @@ - (instancetype)initWithConfiguration:(OIDTVServiceConfiguration *)configuration scope:nil refreshToken:nil codeVerifier:nil - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; if (self) { _deviceCode = [deviceCode copy]; diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m b/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m index 7b1d19c95..6ab74139a 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m @@ -48,6 +48,14 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; +/*! @brief Test key for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderKey = @"B"; + +/*! @brief Test value for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderValue = @"2"; + /*! @brief Test key for the @c clientID parameter in the HTTP request. */ static NSString *const kTestClientIDKey = @"client_id"; @@ -123,13 +131,16 @@ - (void)testInitializer { NSString *testScopeString = [OIDScopeUtilities scopesWithArray:testScopes]; NSDictionary *testAdditionalParameters = @{kTestAdditionalParameterKey : kTestAdditionalParameterValue}; + NSDictionary *testAdditionalHeaders = + @{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}; OIDTVAuthorizationRequest *authRequest = [[OIDTVAuthorizationRequest alloc] initWithConfiguration:serviceConfiguration clientId:kTestClientID clientSecret:kTestClientSecret scopes:testScopes - additionalParameters:testAdditionalParameters]; + additionalParameters:testAdditionalParameters + additionalHeaders:testAdditionalHeaders]; NSURL *authRequestDeviceAuthorizationEndpoint = ((OIDTVServiceConfiguration *)authRequest.configuration).deviceAuthorizationEndpoint; @@ -138,6 +149,7 @@ - (void)testInitializer { XCTAssertEqualObjects(authRequest.clientSecret, kTestClientSecret); XCTAssertEqualObjects(authRequest.scope, testScopeString); XCTAssertEqualObjects(authRequest.additionalParameters, testAdditionalParameters); + XCTAssertEqualObjects(authRequest.additionalHeaders, testAdditionalHeaders); XCTAssertEqualObjects(authRequest.responseType, OIDResponseTypeCode); XCTAssertEqualObjects(authRequest.redirectURL, [[NSURL alloc] initWithString:@""]); XCTAssertEqualObjects(authRequestDeviceAuthorizationEndpoint, @@ -156,7 +168,8 @@ - (void)testCopying { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; OIDTVAuthorizationRequest *authRequestCopy = [authRequest copy]; NSURL *authRequestCopyDeviceAuthorizationEndpoint = @@ -178,7 +191,8 @@ - (void)testSecureCoding { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; NSData *data = [NSKeyedArchiver archivedDataWithRootObject:authRequest]; OIDTVAuthorizationRequest *authRequestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data]; @@ -200,7 +214,8 @@ - (void)testURLRequestBasicClientAuth { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; NSURLRequest *URLRequest = [authRequest URLRequest]; @@ -231,7 +246,8 @@ - (void)testURLRequestScopes { clientId:kTestClientID clientSecret:kTestClientSecret scopes:@[ kTestScope, kTestScopeA ] - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; NSURLRequest *URLRequest = [authRequest URLRequest]; @@ -262,7 +278,8 @@ - (void)testURLRequestAdditionalParams { clientId:kTestClientID clientSecret:kTestClientSecret scopes:@[ kTestScope, kTestScopeA ] - additionalParameters:@{kTestAdditionalParameterKey : kTestAdditionalParameterValue}]; + additionalParameters:@{kTestAdditionalParameterKey : kTestAdditionalParameterValue} + additionalHeaders:@{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}]; NSURLRequest *URLRequest = [authRequest URLRequest]; diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m index a6d1bb2f5..1cb66d7f7 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m @@ -45,6 +45,14 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; +/*! @brief Test key for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderKey = @"B"; + +/*! @brief Test value for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderValue = @"2"; + /*! @brief Test value for the @c clientID property. */ static NSString *const kTestClientID = @"ClientID"; @@ -124,7 +132,8 @@ - (OIDTVAuthorizationRequest *)testAuthorizationRequest { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; return request; } @@ -265,19 +274,23 @@ - (void)testTokenPollRequest { /*! @brief Tests the @c tokenPollRequestWithAdditionalParameters method with one additional parameter. */ -- (void)testTokenPollRequestWithAdditionalParameters { +- (void)testTokenPollRequestWithAdditionalParametersAdditionalHeaders { OIDTVAuthorizationResponse *testResponse = [self testAuthorizationResponse]; NSDictionary *testAdditionalParameters = @{kTestAdditionalParameterKey : kTestAdditionalParameterValue}; + + NSDictionary *testAdditionalHeaders = + @{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}; OIDTVTokenRequest *pollRequest = - [testResponse tokenPollRequestWithAdditionalParameters:testAdditionalParameters]; + [testResponse tokenPollRequestWithAdditionalParameters:testAdditionalParameters additionalHeaders:testAdditionalHeaders]; XCTAssertEqualObjects(pollRequest.deviceCode, kTestDeviceCode); XCTAssertEqualObjects(pollRequest.clientID, kTestClientID); XCTAssertEqualObjects(pollRequest.clientSecret, kTestClientSecret); XCTAssertEqualObjects(pollRequest.additionalParameters, testAdditionalParameters); + XCTAssertEqualObjects(pollRequest.additionalHeaders, testAdditionalHeaders); } @end diff --git a/UnitTests/AppAuthTV/OIDTVTokenRequestTests.m b/UnitTests/AppAuthTV/OIDTVTokenRequestTests.m index cf0bf4963..4778a227b 100644 --- a/UnitTests/AppAuthTV/OIDTVTokenRequestTests.m +++ b/UnitTests/AppAuthTV/OIDTVTokenRequestTests.m @@ -50,6 +50,14 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; +/*! @brief Test key for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderKey = @"B"; + +/*! @brief Test value for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderValue = @"2"; + /*! @brief Test key for the @c clientID parameter in the HTTP request. */ static NSString *const kTestClientIDKey = @"client_id"; @@ -121,7 +129,8 @@ - (OIDTVTokenRequest *)testTokenRequest { deviceCode:kDeviceCodeValue clientID:kTestClientID clientSecret:kTestClientSecret - additionalParameters:@{kTestAdditionalParameterKey : kTestAdditionalParameterValue}]; + additionalParameters:@{kTestAdditionalParameterKey : kTestAdditionalParameterValue} + additionalHeaders:@{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}]; } /*! @brief Tests the initializer @@ -139,6 +148,8 @@ - (void)testInitializer { XCTAssertEqualObjects(request.clientSecret, kTestClientSecret); XCTAssertEqualObjects(request.additionalParameters, @{kTestAdditionalParameterKey:kTestAdditionalParameterValue}); + XCTAssertEqualObjects(request.additionalHeaders, + @{kTestAdditionalHeaderKey:kTestAdditionalHeaderValue}); } /*! @brief Tests the @c NSCopying implementation by round-tripping an instance through the copying diff --git a/UnitTests/OIDAuthorizationRequestTests.m b/UnitTests/OIDAuthorizationRequestTests.m index 06bfc6c13..b82c42cb9 100644 --- a/UnitTests/OIDAuthorizationRequestTests.m +++ b/UnitTests/OIDAuthorizationRequestTests.m @@ -69,6 +69,14 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; +/*! @brief Test key for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderKey = @"B"; + +/*! @brief Test value for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderValue = @"2"; + /*! @brief Test value for the @c state property. */ static NSString *const kTestState = @"State"; @@ -147,6 +155,8 @@ + (NSString *)codeChallengeMethod { + (OIDAuthorizationRequest *)testInstance { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration @@ -160,7 +170,8 @@ + (OIDAuthorizationRequest *)testInstance { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; return request; } @@ -178,7 +189,8 @@ + (OIDAuthorizationRequest *)testInstanceCodeFlow { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; return request; } @@ -196,7 +208,8 @@ + (OIDAuthorizationRequest *)testInstanceCodeFlowClientAuth { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; return request; } @@ -205,6 +218,8 @@ + (OIDAuthorizationRequest *)testInstanceCodeFlowClientAuth { - (void)testScopeInitializerWithManyScopesAndNoClientSecret { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration @@ -212,7 +227,8 @@ - (void)testScopeInitializerWithManyScopesAndNoClientSecret { scopes:@[ kTestScope, kTestScopeA ] redirectURL:[NSURL URLWithString:kTestRedirectURL] responseType:OIDResponseTypeCode - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; XCTAssertEqualObjects(request.responseType, @"code", @""); XCTAssertEqualObjects(request.scope, kTestScopesMerged, @""); @@ -221,11 +237,15 @@ - (void)testScopeInitializerWithManyScopesAndNoClientSecret { XCTAssertEqualObjects(request.redirectURL, [NSURL URLWithString:kTestRedirectURL], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); } - (void)testScopeInitializerWithManyScopesAndClientSecret { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration @@ -234,7 +254,8 @@ - (void)testScopeInitializerWithManyScopesAndClientSecret { scopes:@[ kTestScope, kTestScopeA ] redirectURL:[NSURL URLWithString:kTestRedirectURL] responseType:OIDResponseTypeCode - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; XCTAssertEqualObjects(request.responseType, @"code", @""); XCTAssertEqualObjects(request.scope, kTestScopesMerged, @""); @@ -243,6 +264,8 @@ - (void)testScopeInitializerWithManyScopesAndClientSecret { XCTAssertEqualObjects(request.redirectURL, [NSURL URLWithString:kTestRedirectURL], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); } /*! @brief Tests the @c NSCopying implementation by round-tripping an instance through the copying @@ -263,6 +286,8 @@ - (void)testCopying { XCTAssertEqualObjects(request.codeChallengeMethod, [[self class] codeChallengeMethod], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); OIDAuthorizationRequest *requestCopy = [request copy]; @@ -279,6 +304,8 @@ - (void)testCopying { XCTAssertEqualObjects(requestCopy.codeChallengeMethod, request.codeChallengeMethod, @""); XCTAssertEqualObjects(requestCopy.additionalParameters, request.additionalParameters, @""); + XCTAssertEqualObjects(requestCopy.additionalHeaders, + request.additionalHeaders, @""); } /*! @brief Tests the @c NSSecureCoding by round-tripping an instance through the coding process and @@ -298,6 +325,8 @@ - (void)testSecureCoding { XCTAssertEqualObjects(request.codeChallengeMethod, [[self class] codeChallengeMethod], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); NSData *data = [NSKeyedArchiver archivedDataWithRootObject:request]; OIDAuthorizationRequest *requestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data]; @@ -320,6 +349,8 @@ - (void)testSecureCoding { XCTAssertEqualObjects(requestCopy.codeChallengeMethod, [[self class] codeChallengeMethod], @""); XCTAssertEqualObjects(requestCopy.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertEqualObjects(requestCopy.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); } /*! @brief Tests the scope string logic to make sure the disallowed characters are properly @@ -334,63 +365,72 @@ - (void)testDisallowedCharactersInScopes { scopes:@[ kTestInvalidScope1 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertThrows( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestInvalidScope2 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertThrows( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestInvalidScope3 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertThrows( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestInvalidScope4 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope1 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope2 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope3 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope4 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope5 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil], @""); + additionalParameters:nil + additionalHeaders:nil], @""); } /*! @brief Returns a character set with all legal PKCE characters for the codeVerifier. @return Character set representing all legal codeVerifier characters. @@ -441,6 +481,8 @@ - (void)testPKCEVerifierRecommendations { - (void)testSupportedResponseTypes { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; NSString *scope = [OIDScopeUtilities scopesWithArray:@[ kTestScope, kTestScopeA ]]; @@ -457,7 +499,8 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters] + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders] ); // https://tools.ietf.org/html/rfc6749#section-3.1.1 says the order of values does not matter @@ -473,7 +516,8 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters] + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders] ); XCTAssertThrows( @@ -488,7 +532,8 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters] + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders] ); XCTAssertThrows( @@ -503,7 +548,8 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters] + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders] ); XCTAssertNoThrow( @@ -518,7 +564,8 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters] + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders] ); } diff --git a/UnitTests/OIDRPProfileCode.m b/UnitTests/OIDRPProfileCode.m index 1c37b1f30..84dff8203 100644 --- a/UnitTests/OIDRPProfileCode.m +++ b/UnitTests/OIDRPProfileCode.m @@ -220,7 +220,8 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test scopes:scope redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil]; + additionalParameters:nil + additionalHeaders:nil]; self->_coordinator = [[OIDAuthorizationUICoordinatorNonInteractive alloc] init]; diff --git a/UnitTests/OIDTokenRequestTests.m b/UnitTests/OIDTokenRequestTests.m index 4211ef70a..a668f64c8 100644 --- a/UnitTests/OIDTokenRequestTests.m +++ b/UnitTests/OIDTokenRequestTests.m @@ -48,6 +48,14 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; +/*! @brief Test key for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderKey = @"B"; + +/*! @brief Test value for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderValue = @"2"; + @implementation OIDTokenRequestTests + (OIDTokenRequest *)testInstance { @@ -56,6 +64,9 @@ + (OIDTokenRequest *)testInstance { [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope]; NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; + OIDTokenRequest *request = [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration grantType:OIDGrantTypeAuthorizationCode @@ -66,7 +77,8 @@ + (OIDTokenRequest *)testInstance { scopes:scopesArray refreshToken:kRefreshTokenTestValue codeVerifier:authResponse.request.codeVerifier - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; return request; } @@ -76,6 +88,9 @@ + (OIDTokenRequest *)testInstanceCodeExchange { [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope]; NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; + OIDTokenRequest *request = [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration grantType:OIDGrantTypeAuthorizationCode @@ -86,7 +101,8 @@ + (OIDTokenRequest *)testInstanceCodeExchange { scopes:scopesArray refreshToken:kRefreshTokenTestValue codeVerifier:authResponse.request.codeVerifier - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; return request; } @@ -96,6 +112,9 @@ + (OIDTokenRequest *)testInstanceCodeExchangeClientAuth { [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope]; NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; + OIDTokenRequest *request = [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration grantType:OIDGrantTypeAuthorizationCode @@ -106,7 +125,8 @@ + (OIDTokenRequest *)testInstanceCodeExchangeClientAuth { scopes:scopesArray refreshToken:kRefreshTokenTestValue codeVerifier:authResponse.request.codeVerifier - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; return request; } @@ -116,6 +136,9 @@ + (OIDTokenRequest *)testInstanceRefresh { [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope]; NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; + OIDTokenRequest *request = [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration grantType:OIDGrantTypeAuthorizationCode @@ -126,7 +149,8 @@ + (OIDTokenRequest *)testInstanceRefresh { scopes:scopesArray refreshToken:kRefreshTokenTestValue codeVerifier:authResponse.request.codeVerifier - additionalParameters:additionalParameters]; + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; return request; } @@ -248,6 +272,8 @@ - (void)testAuthorizationCodeNullRedirectURL { [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope]; NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; XCTAssertThrows([[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration grantType:OIDGrantTypeAuthorizationCode authorizationCode:authResponse.authorizationCode @@ -257,7 +283,8 @@ - (void)testAuthorizationCodeNullRedirectURL { scopes:scopesArray refreshToken:kRefreshTokenTestValue codeVerifier:authResponse.request.codeVerifier - additionalParameters:additionalParameters], @""); + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders], @""); } @end From 0c1fe870bc1ecc2791bc4e9b391d24b682049e35 Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 8 Jun 2023 08:39:42 +0200 Subject: [PATCH 02/12] #770 revert changes to OIDAuthorizationRequest --- .../Source/AppAuthExampleViewController.m | 6 ++-- .../Source/AppAuthExampleViewController.m | 6 ++-- .../Source/AppAuthExampleViewController.swift | 6 ++-- README.md | 9 ++---- Source/AppAuthCore/OIDAuthorizationRequest.h | 17 ++-------- Source/AppAuthCore/OIDAuthorizationRequest.m | 31 ++++--------------- 6 files changed, 18 insertions(+), 57 deletions(-) diff --git a/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m b/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m index 16168347d..4d58cf9d2 100644 --- a/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m +++ b/Examples/Example-iOS_ObjC-Carthage/Source/AppAuthExampleViewController.m @@ -207,8 +207,7 @@ - (void)doAuthWithAutoCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request with scope: %@", request.scope]; @@ -241,8 +240,7 @@ - (void)doAuthWithoutCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request %@", request]; diff --git a/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m b/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m index dc3ac368e..d67c7b73d 100644 --- a/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m +++ b/Examples/Example-iOS_ObjC/Source/AppAuthExampleViewController.m @@ -209,8 +209,7 @@ - (void)doAuthWithAutoCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request with scope: %@", request.scope]; @@ -243,8 +242,7 @@ - (void)doAuthWithoutCodeExchange:(OIDServiceConfiguration *)configuration scopes:@[ OIDScopeOpenID, OIDScopeProfile ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; // performs authentication request AppDelegate *appDelegate = (AppDelegate *) [UIApplication sharedApplication].delegate; [self logMessage:@"Initiating authorization request %@", request]; diff --git a/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift b/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift index dabc27afb..91cf79fa4 100644 --- a/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift +++ b/Examples/Example-iOS_Swift-Carthage/Source/AppAuthExampleViewController.swift @@ -387,8 +387,7 @@ extension AppAuthExampleViewController { scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: redirectURI, responseType: OIDResponseTypeCode, - additionalParameters: nil, - additionalHeaders: nil) + additionalParameters: nil) // performs authentication request logMessage("Initiating authorization request with scope: \(request.scope ?? "DEFAULT_SCOPE")") @@ -424,8 +423,7 @@ extension AppAuthExampleViewController { scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: redirectURI, responseType: OIDResponseTypeCode, - additionalParameters: nil, - additionalHeaders: nil) + additionalParameters: nil) // performs authentication request logMessage("Initiating authorization request with scope: \(request.scope ?? "DEFAULT_SCOPE")") diff --git a/README.md b/README.md index 6221a66b2..53085b3c4 100644 --- a/README.md +++ b/README.md @@ -319,8 +319,7 @@ OIDAuthorizationRequest *request = OIDScopeProfile] redirectURL:kRedirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; // performs authentication request AppDelegate *appDelegate = @@ -350,8 +349,7 @@ let request = OIDAuthorizationRequest(configuration: configuration, scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: redirectURI, responseType: OIDResponseTypeCode, - additionalParameters: nil, - additionalHeaders:nil) + additionalParameters: nil) // performs authentication request print("Initiating authorization request with scope: \(request.scope ?? "nil")") @@ -469,8 +467,7 @@ OIDAuthorizationRequest *request = scopes:@[ OIDScopeOpenID ] redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; // performs authentication request __weak __typeof(self) weakSelf = self; _redirectHTTPHandler.currentAuthorizationFlow = diff --git a/Source/AppAuthCore/OIDAuthorizationRequest.h b/Source/AppAuthCore/OIDAuthorizationRequest.h index 40659be22..594f01d87 100644 --- a/Source/AppAuthCore/OIDAuthorizationRequest.h +++ b/Source/AppAuthCore/OIDAuthorizationRequest.h @@ -134,14 +134,9 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; */ @property(nonatomic, readonly, nullable) NSDictionary *additionalParameters; -/*! @brief The client's additional authorization header. - @see https://tools.ietf.org/html/rfc6749#section-3.2 - */ -@property(nonatomic, readonly, nullable) NSDictionary *additionalHeaders; - /*! @internal @brief Unavailable. Please use - @c initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:additionalHeaders:. + @c initWithConfiguration:clientId:scopes:redirectURL:responseType:additionalParameters:. */ - (instancetype)init NS_UNAVAILABLE; @@ -153,7 +148,6 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; @param redirectURL The client's redirect URI. @param responseType The expected response type. @param additionalParameters The client's additional authorization parameters. - @param additionalHeaders The client's additional authorization headers. @remarks This convenience initializer generates a state parameter and PKCE challenges automatically. */ @@ -163,8 +157,7 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders; + additionalParameters:(nullable NSDictionary *)additionalParameters; /*! @brief Creates an authorization request with opinionated defaults (a secure @c state, @c nonce, and PKCE with S256 as the @c code_challenge_method). @@ -175,7 +168,6 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; @param redirectURL The client's redirect URI. @param responseType The expected response type. @param additionalParameters The client's additional authorization parameters. - @param additionalHeaders The client's additional authorization headers. @remarks This convenience initializer generates a state parameter and PKCE challenges automatically. */ @@ -186,8 +178,7 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders; + additionalParameters:(nullable NSDictionary *)additionalParameters; /*! @brief Designated initializer. @param configuration The service's configuration. @@ -208,7 +199,6 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; @c OIDAuthorizationRequest.codeChallengeS256ForVerifier: is used to create the code challenge. @param additionalParameters The client's additional authorization parameters. - @param additionalHeaders The client's additional authorization headers. */ - (instancetype) initWithConfiguration:(OIDServiceConfiguration *)configuration @@ -223,7 +213,6 @@ extern NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256; codeChallenge:(nullable NSString *)codeChallenge codeChallengeMethod:(nullable NSString *)codeChallengeMethod additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders NS_DESIGNATED_INITIALIZER; /*! @brief Constructs the request URI by adding the request parameters to the query component of the diff --git a/Source/AppAuthCore/OIDAuthorizationRequest.m b/Source/AppAuthCore/OIDAuthorizationRequest.m index 96a5bdbc0..ccfacda0f 100644 --- a/Source/AppAuthCore/OIDAuthorizationRequest.m +++ b/Source/AppAuthCore/OIDAuthorizationRequest.m @@ -76,11 +76,6 @@ */ static NSString *const kAdditionalParametersKey = @"additionalParameters"; -/*! @brief Key used to encode the @c additionalHeaders property for - @c NSSecureCoding - */ -static NSString *const kAdditionalHeadersKey = @"additionalHeaders"; - /*! @brief Number of random bytes generated for the @ state. */ static NSUInteger const kStateSizeBytes = 32; @@ -107,8 +102,7 @@ - (instancetype)init scopes: redirectURL: responseType: - additionalParameters: - additionalHeaders:) + additionalParameters:) ) /*! @brief Check if the response type is one AppAuth supports @@ -140,7 +134,6 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeChallenge:(nullable NSString *)codeChallenge codeChallengeMethod:(nullable NSString *)codeChallengeMethod additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders { self = [super init]; if (self) { @@ -162,9 +155,6 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration _additionalParameters = [[NSDictionary alloc] initWithDictionary:additionalParameters copyItems:YES]; - - _additionalHeaders = - [[NSDictionary alloc] initWithDictionary:additionalHeaders copyItems:YES]; } return self; } @@ -176,8 +166,7 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders { + additionalParameters:(nullable NSDictionary *)additionalParameters { // generates PKCE code verifier and challenge NSString *codeVerifier = [[self class] generateCodeVerifier]; @@ -194,8 +183,7 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeVerifier:codeVerifier codeChallenge:codeChallenge codeChallengeMethod:OIDOAuthorizationRequestCodeChallengeMethodS256 - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; } - (instancetype) @@ -204,16 +192,14 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration scopes:(nullable NSArray *)scopes redirectURL:(NSURL *)redirectURL responseType:(NSString *)responseType - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders { + additionalParameters:(nullable NSDictionary *)additionalParameters { return [self initWithConfiguration:configuration clientId:clientID clientSecret:nil scopes:scopes redirectURL:redirectURL responseType:responseType - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; } #pragma mark - NSCopying @@ -255,9 +241,6 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { NSDictionary *additionalParameters = [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses forKey:kAdditionalParametersKey]; - NSDictionary *additionalHeaders = - [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses - forKey:kAdditionalHeadersKey]; self = [self initWithConfiguration:configuration clientId:clientID @@ -270,8 +253,7 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { codeVerifier:codeVerifier codeChallenge:codeChallenge codeChallengeMethod:codeChallengeMethod - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; return self; } @@ -288,7 +270,6 @@ - (void)encodeWithCoder:(NSCoder *)aCoder { [aCoder encodeObject:_codeChallenge forKey:kCodeChallengeKey]; [aCoder encodeObject:_codeChallengeMethod forKey:kCodeChallengeMethodKey]; [aCoder encodeObject:_additionalParameters forKey:kAdditionalParametersKey]; - [aCoder encodeObject:_additionalHeaders forKey:kAdditionalHeadersKey]; } #pragma mark - NSObject overrides From 1999582cf13296bb017889ab484ee9a1dbb7a3ef Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 8 Jun 2023 08:56:48 +0200 Subject: [PATCH 03/12] fix compilation and indentation --- Source/AppAuthCore/OIDTokenRequest.m | 7 +++---- UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m | 2 +- UnitTests/OIDTokenRequestTests.m | 4 ++-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Source/AppAuthCore/OIDTokenRequest.m b/Source/AppAuthCore/OIDTokenRequest.m index 28185b2f3..08b0dafec 100644 --- a/Source/AppAuthCore/OIDTokenRequest.m +++ b/Source/AppAuthCore/OIDTokenRequest.m @@ -124,7 +124,6 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration codeVerifier:(nullable NSString *)codeVerifier additionalParameters:(nullable NSDictionary *)additionalParameters additionalHeaders:(nullable NSDictionary *)additionalHeaders { -{ self = [super init]; if (self) { _configuration = [configuration copy]; @@ -139,7 +138,7 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration _additionalParameters = [[NSDictionary alloc] initWithDictionary:additionalParameters copyItems:YES]; _additionalHeaders = - [[NSDictionary alloc] initWithDictionary:additionalHeaders copyItems:YES]; + [[NSDictionary alloc] initWithDictionary:additionalHeaders copyItems:YES]; // Additional validation for the authorization_code grant type if ([_grantType isEqual:OIDGrantTypeAuthorizationCode]) { @@ -188,7 +187,7 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { ]]; NSDictionary *additionalParameters = - [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses forKey:kAdditionalParametersKey]; + [aDecoder decodeObjectOfClasses:additionalParameterCodingClasses forKey:kAdditionalParametersKey]; NSSet *additionalHeaderCodingClasses = [NSSet setWithArray:@[ @@ -197,7 +196,7 @@ - (instancetype)initWithCoder:(NSCoder *)aDecoder { ]]; NSDictionary *additionalHeaders = - [aDecoder decodeObjectOfClasses:additionalHeaderCodingClasses forKey:kAdditionalHeadersKey]; + [aDecoder decodeObjectOfClasses:additionalHeaderCodingClasses forKey:kAdditionalHeadersKey]; self = [super init]; if (self) { diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m index 1cb66d7f7..fdfbe54bc 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m @@ -284,7 +284,7 @@ - (void)testTokenPollRequestWithAdditionalParametersAdditionalHeaders { @{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}; OIDTVTokenRequest *pollRequest = - [testResponse tokenPollRequestWithAdditionalParameters:testAdditionalParameters additionalHeaders:testAdditionalHeaders]; + [testResponse tokenPollRequestWithAdditionalParameters:testAdditionalParameters additionalHeaders:testAdditionalHeaders]; XCTAssertEqualObjects(pollRequest.deviceCode, kTestDeviceCode); XCTAssertEqualObjects(pollRequest.clientID, kTestClientID); diff --git a/UnitTests/OIDTokenRequestTests.m b/UnitTests/OIDTokenRequestTests.m index a668f64c8..da1fb1f11 100644 --- a/UnitTests/OIDTokenRequestTests.m +++ b/UnitTests/OIDTokenRequestTests.m @@ -113,7 +113,7 @@ + (OIDTokenRequest *)testInstanceCodeExchangeClientAuth { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; NSDictionary *additionalHeaders = - @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDTokenRequest *request = [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration @@ -137,7 +137,7 @@ + (OIDTokenRequest *)testInstanceRefresh { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; NSDictionary *additionalHeaders = - @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; + @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDTokenRequest *request = [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration From 72d5284e23ef30ed1c3853e1c4f01464c6ea96d2 Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 8 Jun 2023 09:05:06 +0200 Subject: [PATCH 04/12] fix unit tests for OIDAuthorizationRequest without headers --- Source/AppAuthTV/OIDTVAuthorizationRequest.h | 4 +- Source/AppAuthTV/OIDTVAuthorizationRequest.m | 12 +-- .../OIDTVAuthorizationRequestTests.m | 29 ++----- .../OIDTVAuthorizationResponseTests.m | 3 +- UnitTests/OIDAuthorizationRequestTests.m | 85 +++++-------------- UnitTests/OIDRPProfileCode.m | 3 +- 6 files changed, 32 insertions(+), 104 deletions(-) diff --git a/Source/AppAuthTV/OIDTVAuthorizationRequest.h b/Source/AppAuthTV/OIDTVAuthorizationRequest.h index ecd7bfe6f..2496948f1 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationRequest.h +++ b/Source/AppAuthTV/OIDTVAuthorizationRequest.h @@ -35,15 +35,13 @@ NS_ASSUME_NONNULL_BEGIN @param clientSecret The client secret. @param scopes An array of scopes to combine into a single scope string per the OAuth2 spec. @param additionalParameters The client's additional authorization parameters. - @param additionalHeaders The client's additional authorization headers. */ - (instancetype) initWithConfiguration:(OIDTVServiceConfiguration *)configuration clientId:(NSString *)clientID clientSecret:(NSString *)clientSecret scopes:(nullable NSArray *)scopes - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders; + additionalParameters:(nullable NSDictionary *)additionalParameters; /*! @brief Constructs an @c NSURLRequest representing the TV authorization request. @return An @c NSURLRequest representing the TV authorization request. diff --git a/Source/AppAuthTV/OIDTVAuthorizationRequest.m b/Source/AppAuthTV/OIDTVAuthorizationRequest.m index 7ed13e642..da524d388 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationRequest.m +++ b/Source/AppAuthTV/OIDTVAuthorizationRequest.m @@ -33,8 +33,7 @@ @implementation OIDTVAuthorizationRequest codeVerifier:(nullable NSString *)codeVerifier codeChallenge:(nullable NSString *)codeChallenge codeChallengeMethod:(nullable NSString *)codeChallengeMethod - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders { + additionalParameters:(nullable NSDictionary *)additionalParameters { if (![configuration isKindOfClass:[OIDTVServiceConfiguration class]]) { NSAssert([configuration isKindOfClass:[OIDTVServiceConfiguration class]], @@ -54,8 +53,7 @@ @implementation OIDTVAuthorizationRequest codeVerifier:codeVerifier codeChallenge:codeChallenge codeChallengeMethod:codeChallengeMethod - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; } - (instancetype) @@ -63,16 +61,14 @@ @implementation OIDTVAuthorizationRequest clientId:(NSString *)clientID clientSecret:(NSString *)clientSecret scopes:(nullable NSArray *)scopes - additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeaders { + additionalParameters:(nullable NSDictionary *)additionalParameters { return [self initWithConfiguration:configuration clientId:clientID clientSecret:clientSecret scopes:scopes redirectURL:[[NSURL alloc] initWithString:@""] responseType:OIDResponseTypeCode - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; } #pragma mark - NSObject overrides diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m b/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m index 6ab74139a..7b1d19c95 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationRequestTests.m @@ -48,14 +48,6 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; -/*! @brief Test key for the @c additionalHeaders property. - */ -static NSString *const kTestAdditionalHeaderKey = @"B"; - -/*! @brief Test value for the @c additionalHeaders property. - */ -static NSString *const kTestAdditionalHeaderValue = @"2"; - /*! @brief Test key for the @c clientID parameter in the HTTP request. */ static NSString *const kTestClientIDKey = @"client_id"; @@ -131,16 +123,13 @@ - (void)testInitializer { NSString *testScopeString = [OIDScopeUtilities scopesWithArray:testScopes]; NSDictionary *testAdditionalParameters = @{kTestAdditionalParameterKey : kTestAdditionalParameterValue}; - NSDictionary *testAdditionalHeaders = - @{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}; OIDTVAuthorizationRequest *authRequest = [[OIDTVAuthorizationRequest alloc] initWithConfiguration:serviceConfiguration clientId:kTestClientID clientSecret:kTestClientSecret scopes:testScopes - additionalParameters:testAdditionalParameters - additionalHeaders:testAdditionalHeaders]; + additionalParameters:testAdditionalParameters]; NSURL *authRequestDeviceAuthorizationEndpoint = ((OIDTVServiceConfiguration *)authRequest.configuration).deviceAuthorizationEndpoint; @@ -149,7 +138,6 @@ - (void)testInitializer { XCTAssertEqualObjects(authRequest.clientSecret, kTestClientSecret); XCTAssertEqualObjects(authRequest.scope, testScopeString); XCTAssertEqualObjects(authRequest.additionalParameters, testAdditionalParameters); - XCTAssertEqualObjects(authRequest.additionalHeaders, testAdditionalHeaders); XCTAssertEqualObjects(authRequest.responseType, OIDResponseTypeCode); XCTAssertEqualObjects(authRequest.redirectURL, [[NSURL alloc] initWithString:@""]); XCTAssertEqualObjects(authRequestDeviceAuthorizationEndpoint, @@ -168,8 +156,7 @@ - (void)testCopying { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; OIDTVAuthorizationRequest *authRequestCopy = [authRequest copy]; NSURL *authRequestCopyDeviceAuthorizationEndpoint = @@ -191,8 +178,7 @@ - (void)testSecureCoding { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; NSData *data = [NSKeyedArchiver archivedDataWithRootObject:authRequest]; OIDTVAuthorizationRequest *authRequestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data]; @@ -214,8 +200,7 @@ - (void)testURLRequestBasicClientAuth { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; NSURLRequest *URLRequest = [authRequest URLRequest]; @@ -246,8 +231,7 @@ - (void)testURLRequestScopes { clientId:kTestClientID clientSecret:kTestClientSecret scopes:@[ kTestScope, kTestScopeA ] - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; NSURLRequest *URLRequest = [authRequest URLRequest]; @@ -278,8 +262,7 @@ - (void)testURLRequestAdditionalParams { clientId:kTestClientID clientSecret:kTestClientSecret scopes:@[ kTestScope, kTestScopeA ] - additionalParameters:@{kTestAdditionalParameterKey : kTestAdditionalParameterValue} - additionalHeaders:@{kTestAdditionalHeaderKey : kTestAdditionalHeaderValue}]; + additionalParameters:@{kTestAdditionalParameterKey : kTestAdditionalParameterValue}]; NSURLRequest *URLRequest = [authRequest URLRequest]; diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m index fdfbe54bc..b5f90de7e 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m @@ -132,8 +132,7 @@ - (OIDTVAuthorizationRequest *)testAuthorizationRequest { clientId:kTestClientID clientSecret:kTestClientSecret scopes:nil - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; return request; } diff --git a/UnitTests/OIDAuthorizationRequestTests.m b/UnitTests/OIDAuthorizationRequestTests.m index b82c42cb9..06bfc6c13 100644 --- a/UnitTests/OIDAuthorizationRequestTests.m +++ b/UnitTests/OIDAuthorizationRequestTests.m @@ -69,14 +69,6 @@ */ static NSString *const kTestAdditionalParameterValue = @"1"; -/*! @brief Test key for the @c additionalHeaders property. - */ -static NSString *const kTestAdditionalHeaderKey = @"B"; - -/*! @brief Test value for the @c additionalHeaders property. - */ -static NSString *const kTestAdditionalHeaderValue = @"2"; - /*! @brief Test value for the @c state property. */ static NSString *const kTestState = @"State"; @@ -155,8 +147,6 @@ + (NSString *)codeChallengeMethod { + (OIDAuthorizationRequest *)testInstance { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; - NSDictionary *additionalHeaders = - @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration @@ -170,8 +160,7 @@ + (OIDAuthorizationRequest *)testInstance { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; return request; } @@ -189,8 +178,7 @@ + (OIDAuthorizationRequest *)testInstanceCodeFlow { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; return request; } @@ -208,8 +196,7 @@ + (OIDAuthorizationRequest *)testInstanceCodeFlowClientAuth { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; return request; } @@ -218,8 +205,6 @@ + (OIDAuthorizationRequest *)testInstanceCodeFlowClientAuth { - (void)testScopeInitializerWithManyScopesAndNoClientSecret { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; - NSDictionary *additionalHeaders = - @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration @@ -227,8 +212,7 @@ - (void)testScopeInitializerWithManyScopesAndNoClientSecret { scopes:@[ kTestScope, kTestScopeA ] redirectURL:[NSURL URLWithString:kTestRedirectURL] responseType:OIDResponseTypeCode - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; XCTAssertEqualObjects(request.responseType, @"code", @""); XCTAssertEqualObjects(request.scope, kTestScopesMerged, @""); @@ -237,15 +221,11 @@ - (void)testScopeInitializerWithManyScopesAndNoClientSecret { XCTAssertEqualObjects(request.redirectURL, [NSURL URLWithString:kTestRedirectURL], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); - XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], - kTestAdditionalHeaderValue, @""); } - (void)testScopeInitializerWithManyScopesAndClientSecret { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; - NSDictionary *additionalHeaders = - @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration @@ -254,8 +234,7 @@ - (void)testScopeInitializerWithManyScopesAndClientSecret { scopes:@[ kTestScope, kTestScopeA ] redirectURL:[NSURL URLWithString:kTestRedirectURL] responseType:OIDResponseTypeCode - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders]; + additionalParameters:additionalParameters]; XCTAssertEqualObjects(request.responseType, @"code", @""); XCTAssertEqualObjects(request.scope, kTestScopesMerged, @""); @@ -264,8 +243,6 @@ - (void)testScopeInitializerWithManyScopesAndClientSecret { XCTAssertEqualObjects(request.redirectURL, [NSURL URLWithString:kTestRedirectURL], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); - XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], - kTestAdditionalHeaderValue, @""); } /*! @brief Tests the @c NSCopying implementation by round-tripping an instance through the copying @@ -286,8 +263,6 @@ - (void)testCopying { XCTAssertEqualObjects(request.codeChallengeMethod, [[self class] codeChallengeMethod], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); - XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], - kTestAdditionalHeaderValue, @""); OIDAuthorizationRequest *requestCopy = [request copy]; @@ -304,8 +279,6 @@ - (void)testCopying { XCTAssertEqualObjects(requestCopy.codeChallengeMethod, request.codeChallengeMethod, @""); XCTAssertEqualObjects(requestCopy.additionalParameters, request.additionalParameters, @""); - XCTAssertEqualObjects(requestCopy.additionalHeaders, - request.additionalHeaders, @""); } /*! @brief Tests the @c NSSecureCoding by round-tripping an instance through the coding process and @@ -325,8 +298,6 @@ - (void)testSecureCoding { XCTAssertEqualObjects(request.codeChallengeMethod, [[self class] codeChallengeMethod], @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); - XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], - kTestAdditionalHeaderValue, @""); NSData *data = [NSKeyedArchiver archivedDataWithRootObject:request]; OIDAuthorizationRequest *requestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data]; @@ -349,8 +320,6 @@ - (void)testSecureCoding { XCTAssertEqualObjects(requestCopy.codeChallengeMethod, [[self class] codeChallengeMethod], @""); XCTAssertEqualObjects(requestCopy.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); - XCTAssertEqualObjects(requestCopy.additionalHeaders[kTestAdditionalHeaderKey], - kTestAdditionalHeaderValue, @""); } /*! @brief Tests the scope string logic to make sure the disallowed characters are properly @@ -365,72 +334,63 @@ - (void)testDisallowedCharactersInScopes { scopes:@[ kTestInvalidScope1 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertThrows( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestInvalidScope2 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertThrows( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestInvalidScope3 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertThrows( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestInvalidScope4 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope1 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope2 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope3 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope4 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); XCTAssertNoThrow( [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration clientId:kTestClientID scopes:@[ kTestValidScope5 ] redirectURL:redirectURL responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil], @""); + additionalParameters:nil], @""); } /*! @brief Returns a character set with all legal PKCE characters for the codeVerifier. @return Character set representing all legal codeVerifier characters. @@ -481,8 +441,6 @@ - (void)testPKCEVerifierRecommendations { - (void)testSupportedResponseTypes { NSDictionary *additionalParameters = @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; - NSDictionary *additionalHeaders = - @{ kTestAdditionalHeaderKey : kTestAdditionalHeaderValue }; OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance]; NSString *scope = [OIDScopeUtilities scopesWithArray:@[ kTestScope, kTestScopeA ]]; @@ -499,8 +457,7 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders] + additionalParameters:additionalParameters] ); // https://tools.ietf.org/html/rfc6749#section-3.1.1 says the order of values does not matter @@ -516,8 +473,7 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders] + additionalParameters:additionalParameters] ); XCTAssertThrows( @@ -532,8 +488,7 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders] + additionalParameters:additionalParameters] ); XCTAssertThrows( @@ -548,8 +503,7 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders] + additionalParameters:additionalParameters] ); XCTAssertNoThrow( @@ -564,8 +518,7 @@ - (void)testSupportedResponseTypes { codeVerifier:kTestCodeVerifier codeChallenge:[[self class] codeChallenge] codeChallengeMethod:[[self class] codeChallengeMethod] - additionalParameters:additionalParameters - additionalHeaders:additionalHeaders] + additionalParameters:additionalParameters] ); } diff --git a/UnitTests/OIDRPProfileCode.m b/UnitTests/OIDRPProfileCode.m index 84dff8203..1c37b1f30 100644 --- a/UnitTests/OIDRPProfileCode.m +++ b/UnitTests/OIDRPProfileCode.m @@ -220,8 +220,7 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test scopes:scope redirectURL:redirectURI responseType:OIDResponseTypeCode - additionalParameters:nil - additionalHeaders:nil]; + additionalParameters:nil]; self->_coordinator = [[OIDAuthorizationUICoordinatorNonInteractive alloc] init]; From 9120094ad7e2673eba7e17603f40bb4eded82a7b Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 8 Jun 2023 09:11:58 +0200 Subject: [PATCH 05/12] add tokenRefreshRequests with additional headers --- Source/AppAuthCore/OIDAuthState.h | 25 +++++++++++++++++ Source/AppAuthCore/OIDAuthState.m | 46 +++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/Source/AppAuthCore/OIDAuthState.h b/Source/AppAuthCore/OIDAuthState.h index 68697d2ca..843e70bf8 100644 --- a/Source/AppAuthCore/OIDAuthState.h +++ b/Source/AppAuthCore/OIDAuthState.h @@ -267,6 +267,31 @@ typedef void (^OIDAuthStateAuthorizationCallback)(OIDAuthState *_Nullable authSt - (nullable OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: (nullable NSDictionary *)additionalParameters; +/*! @brief Creates a token request suitable for refreshing an access token. + @param additionalParameters Additional parameters for the token request. + @param additionalHeaders Additional headers for the token request. + @return A @c OIDTokenRequest suitable for using a refresh token to obtain a new access token. + @discussion After performing the refresh, call @c OIDAuthState.updateWithTokenResponse:error: + to update the authorization state based on the response. Rather than doing the token refresh + yourself, you should use @c OIDAuthState.performActionWithFreshTokens:. + @see https://tools.ietf.org/html/rfc6749#section-1.5 + */ +- (nullable OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: + (nullable NSDictionary *)additionalParameters + additionalHeaders: + (nullable NSDictionary *)additionalHeaders; + +/*! @brief Creates a token request suitable for refreshing an access token. + @param additionalHeaders Additional parameters for the token request. + @return A @c OIDTokenRequest suitable for using a refresh token to obtain a new access token. + @discussion After performing the refresh, call @c OIDAuthState.updateWithTokenResponse:error: + to update the authorization state based on the response. Rather than doing the token refresh + yourself, you should use @c OIDAuthState.performActionWithFreshTokens:. + @see https://tools.ietf.org/html/rfc6749#section-1.5 + */ +- (nullable OIDTokenRequest *)tokenRefreshRequestWithAdditionalHeaders: + (nullable NSDictionary *)additionalHeaders; + @end NS_ASSUME_NONNULL_END diff --git a/Source/AppAuthCore/OIDAuthState.m b/Source/AppAuthCore/OIDAuthState.m index 0d6400a11..2d44b3116 100644 --- a/Source/AppAuthCore/OIDAuthState.m +++ b/Source/AppAuthCore/OIDAuthState.m @@ -446,6 +446,52 @@ - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: additionalHeaders:nil]; } +- (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: + (NSDictionary *)additionalParameters + additionalHeaders: + (NSDictionary *)additionalHeaders { + + // TODO: Add unit test to confirm exception is thrown when expected + + if (!_refreshToken) { + [OIDErrorUtilities raiseException:kRefreshTokenRequestException]; + } + return [[OIDTokenRequest alloc] + initWithConfiguration:_lastAuthorizationResponse.request.configuration + grantType:OIDGrantTypeRefreshToken + authorizationCode:nil + redirectURL:nil + clientID:_lastAuthorizationResponse.request.clientID + clientSecret:_lastAuthorizationResponse.request.clientSecret + scope:nil + refreshToken:_refreshToken + codeVerifier:nil + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; +} + +- (OIDTokenRequest *)tokenRefreshRequestWithAdditionalHeaders: + (NSDictionary *)additionalHeaders { + + // TODO: Add unit test to confirm exception is thrown when expected + + if (!_refreshToken) { + [OIDErrorUtilities raiseException:kRefreshTokenRequestException]; + } + return [[OIDTokenRequest alloc] + initWithConfiguration:_lastAuthorizationResponse.request.configuration + grantType:OIDGrantTypeRefreshToken + authorizationCode:nil + redirectURL:nil + clientID:_lastAuthorizationResponse.request.clientID + clientSecret:_lastAuthorizationResponse.request.clientSecret + scope:nil + refreshToken:_refreshToken + codeVerifier:nil + additionalParameters:nil + additionalHeaders:additionalHeaders]; +} + #pragma mark - Stateful Actions - (void)didChangeState { From 9c42f1548288ca07f0711166459e72929826850a Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 8 Jun 2023 09:14:58 +0200 Subject: [PATCH 06/12] add tokenRefreshRequests with additional headers also to OIDTVAuthorizationResponse --- Source/AppAuthTV/OIDTVAuthorizationResponse.h | 17 ++++++++++++++ Source/AppAuthTV/OIDTVAuthorizationResponse.m | 22 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/Source/AppAuthTV/OIDTVAuthorizationResponse.h b/Source/AppAuthTV/OIDTVAuthorizationResponse.h index d158c0cf7..c57847c6e 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationResponse.h +++ b/Source/AppAuthTV/OIDTVAuthorizationResponse.h @@ -84,6 +84,23 @@ NS_ASSUME_NONNULL_BEGIN @return A @c OIDTVTokenRequest suitable for polling the token endpoint. @see https://tools.ietf.org/html/rfc8628#section-3.4 */ +- (nullable OIDTVTokenRequest *)tokenPollRequestWithAdditionalParameters: + (nullable NSDictionary *)additionalParameters; + +/*! @brief Creates a token request suitable for polling the token endpoint with the @c deviceCode. + @param additionalHeaders Additional headers for the token request. + @return A @c OIDTVTokenRequest suitable for polling the token endpoint. + @see https://tools.ietf.org/html/rfc8628#section-3.4 + */ +- (nullable OIDTVTokenRequest *)tokenPollRequestWithAdditionalHeaders: + (nullable NSDictionary *)additionalHeaders; + +/*! @brief Creates a token request suitable for polling the token endpoint with the @c deviceCode. + @param additionalParameters Additional parameters for the token request. + @param additionalHeaders Additional headers for the token request. + @return A @c OIDTVTokenRequest suitable for polling the token endpoint. + @see https://tools.ietf.org/html/rfc8628#section-3.4 + */ - (nullable OIDTVTokenRequest *)tokenPollRequestWithAdditionalParameters: (nullable NSDictionary *)additionalParameters additionalHeaders: diff --git a/Source/AppAuthTV/OIDTVAuthorizationResponse.m b/Source/AppAuthTV/OIDTVAuthorizationResponse.m index 7ad1ca596..b45fc85f3 100644 --- a/Source/AppAuthTV/OIDTVAuthorizationResponse.m +++ b/Source/AppAuthTV/OIDTVAuthorizationResponse.m @@ -152,6 +152,28 @@ - (OIDTVTokenRequest *)tokenPollRequest { return [self tokenPollRequestWithAdditionalParameters:nil additionalHeaders:nil]; } +- (OIDTVTokenRequest *)tokenPollRequestWithAdditionalParameters: + (NSDictionary *)additionalParameters { + return [[OIDTVTokenRequest alloc] + initWithConfiguration:(OIDTVServiceConfiguration *)self.request.configuration + deviceCode:_deviceCode + clientID:self.request.clientID + clientSecret:self.request.clientSecret + additionalParameters:additionalParameters + additionalHeaders:nil]; +} + +- (OIDTVTokenRequest *)tokenPollRequestWithAdditionalHeaders: + (NSDictionary *)additionalHeaders { + return [[OIDTVTokenRequest alloc] + initWithConfiguration:(OIDTVServiceConfiguration *)self.request.configuration + deviceCode:_deviceCode + clientID:self.request.clientID + clientSecret:self.request.clientSecret + additionalParameters:nil + additionalHeaders:additionalHeaders]; +} + - (OIDTVTokenRequest *)tokenPollRequestWithAdditionalParameters: (NSDictionary *)additionalParameters additionalHeaders: From aa6ab81210cce64439bba01428f8f61e0a90e9dc Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Tue, 13 Jun 2023 09:33:37 +0200 Subject: [PATCH 07/12] add XCTAsserts at copying and secureCoding for additonalHeaders --- UnitTests/OIDTokenRequestTests.m | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/UnitTests/OIDTokenRequestTests.m b/UnitTests/OIDTokenRequestTests.m index da1fb1f11..2550df18d 100644 --- a/UnitTests/OIDTokenRequestTests.m +++ b/UnitTests/OIDTokenRequestTests.m @@ -186,6 +186,12 @@ - (void)testCopying { kTestAdditionalParameterValue, @"The request's kTestAdditionalParameterKey additional parameter should " "be equal to kTestAdditionalParameterValue."); + XCTAssertNotNil(request.additionalHeaders, + @"Request's additionalHeaders field should not be nil."); + XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, + @"The request's kTestAdditionalHeaderKey additional parameter should " + "be equal to kTestAdditionalHeaderValue."); OIDTokenRequest *requestCopy = [request copy]; @@ -205,6 +211,9 @@ - (void)testCopying { XCTAssertNotNil(requestCopy.additionalParameters, @""); XCTAssertEqualObjects(requestCopy.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertNotNil(requestCopy.additionalHeaders, @""); + XCTAssertEqualObjects(requestCopy.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); } /*! @brief Tests the @c NSSecureCoding by round-tripping an instance through the coding process and @@ -227,6 +236,9 @@ - (void)testSecureCoding { XCTAssertNotNil(request.additionalParameters, @""); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertNotNil(request.additionalHeaders, @""); + XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); NSData *data = [NSKeyedArchiver archivedDataWithRootObject:request]; OIDTokenRequest *requestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data]; @@ -248,6 +260,9 @@ - (void)testSecureCoding { XCTAssertNotNil(requestCopy.additionalParameters, @""); XCTAssertEqualObjects(requestCopy.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @""); + XCTAssertNotNil(requestCopy.additionalHeaders, @""); + XCTAssertEqualObjects(requestCopy.additionalHeaders[kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue, @""); } - (void)testURLRequestNoClientAuth { From 3298b6316ac5c7064a9cca38497df724ae8bd3ef Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Wed, 14 Jun 2023 08:42:09 +0200 Subject: [PATCH 08/12] #770 remove TODOs from OIDAuthState and add unit tests for thrown exception(s) --- Source/AppAuthCore/OIDAuthState.m | 6 ------ UnitTests/OIDAuthStateTests.m | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/Source/AppAuthCore/OIDAuthState.m b/Source/AppAuthCore/OIDAuthState.m index 2d44b3116..d2512235c 100644 --- a/Source/AppAuthCore/OIDAuthState.m +++ b/Source/AppAuthCore/OIDAuthState.m @@ -427,8 +427,6 @@ - (OIDTokenRequest *)tokenRefreshRequest { - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: (NSDictionary *)additionalParameters { - // TODO: Add unit test to confirm exception is thrown when expected - if (!_refreshToken) { [OIDErrorUtilities raiseException:kRefreshTokenRequestException]; } @@ -451,8 +449,6 @@ - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: additionalHeaders: (NSDictionary *)additionalHeaders { - // TODO: Add unit test to confirm exception is thrown when expected - if (!_refreshToken) { [OIDErrorUtilities raiseException:kRefreshTokenRequestException]; } @@ -473,8 +469,6 @@ - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters: - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalHeaders: (NSDictionary *)additionalHeaders { - // TODO: Add unit test to confirm exception is thrown when expected - if (!_refreshToken) { [OIDErrorUtilities raiseException:kRefreshTokenRequestException]; } diff --git a/UnitTests/OIDAuthStateTests.m b/UnitTests/OIDAuthStateTests.m index 4d7c3a8b7..1ef116e3f 100644 --- a/UnitTests/OIDAuthStateTests.m +++ b/UnitTests/OIDAuthStateTests.m @@ -435,6 +435,21 @@ - (void)testIsTokenFreshHandlesTokenWithoutExpirationTime { XCTAssertEqual([authState isTokenFresh], YES, @""); } +- (void)testThatRefreshTokenExceptionWillBeRaisedForTokenRequestWithAdditionalParameters { + OIDAuthState *authState = [[OIDAuthState alloc] initWithAuthorizationResponse:nil tokenResponse:nil registrationResponse:nil]; + XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalParameters:nil], NSException, @"Attempted to create a token refresh request from a token response with no refresh token."); +} + +- (void)testThatRefreshTokenExceptionWillBeRaisedForTokenRequestWithAdditionalHeaders { + OIDAuthState *authState = [[OIDAuthState alloc] initWithAuthorizationResponse:nil tokenResponse:nil registrationResponse:nil]; + XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalHeaders:nil], NSException, @"Attempted to create a token refresh request from a token response with no refresh token."); +} + +- (void)testThatRefreshTokenExceptionWillBeRaisedForTokenRequestWithAdditionalParametersAndHeaders { + OIDAuthState *authState = [[OIDAuthState alloc] initWithAuthorizationResponse:nil tokenResponse:nil registrationResponse:nil]; + XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalHeaders:nil], NSException, @"Attempted to create a token refresh request from a token response with no refresh token."); +} + @end #pragma GCC diagnostic pop From 46d16b961eeeab3c30289142ac046174b57629e5 Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 15 Jun 2023 07:45:15 +0200 Subject: [PATCH 09/12] #770 move kRefreshTokenRequestException to OIDAuthState header; limit lines in test to 100 char limit; use kRefreshTokenRequestException in tests; --- Source/AppAuthCore/OIDAuthState.h | 6 ++++++ Source/AppAuthCore/OIDAuthState.m | 6 ------ UnitTests/OIDAuthStateTests.m | 12 +++++++++--- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Source/AppAuthCore/OIDAuthState.h b/Source/AppAuthCore/OIDAuthState.h index 843e70bf8..46c78a831 100644 --- a/Source/AppAuthCore/OIDAuthState.h +++ b/Source/AppAuthCore/OIDAuthState.h @@ -48,6 +48,12 @@ typedef void (^OIDAuthStateAction)(NSString *_Nullable accessToken, typedef void (^OIDAuthStateAuthorizationCallback)(OIDAuthState *_Nullable authState, NSError *_Nullable error); +/*! @brief The exception thrown when a developer tries to create a refresh request from an + authorization request with no authorization code. + */ +static NSString *const kRefreshTokenRequestException = + @"Attempted to create a token refresh request from a token response with no refresh token."; + /*! @brief A convenience class that retains the auth state between @c OIDAuthorizationResponse%s and @c OIDTokenResponse%s. */ diff --git a/Source/AppAuthCore/OIDAuthState.m b/Source/AppAuthCore/OIDAuthState.m index d2512235c..cb5a22a1e 100644 --- a/Source/AppAuthCore/OIDAuthState.m +++ b/Source/AppAuthCore/OIDAuthState.m @@ -55,12 +55,6 @@ */ static NSString *const kAuthorizationErrorKey = @"authorizationError"; -/*! @brief The exception thrown when a developer tries to create a refresh request from an - authorization request with no authorization code. - */ -static NSString *const kRefreshTokenRequestException = - @"Attempted to create a token refresh request from a token response with no refresh token."; - /*! @brief Number of seconds the access token is refreshed before it actually expires. */ static const NSUInteger kExpiryTimeTolerance = 60; diff --git a/UnitTests/OIDAuthStateTests.m b/UnitTests/OIDAuthStateTests.m index 1ef116e3f..d12f2a831 100644 --- a/UnitTests/OIDAuthStateTests.m +++ b/UnitTests/OIDAuthStateTests.m @@ -437,17 +437,23 @@ - (void)testIsTokenFreshHandlesTokenWithoutExpirationTime { - (void)testThatRefreshTokenExceptionWillBeRaisedForTokenRequestWithAdditionalParameters { OIDAuthState *authState = [[OIDAuthState alloc] initWithAuthorizationResponse:nil tokenResponse:nil registrationResponse:nil]; - XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalParameters:nil], NSException, @"Attempted to create a token refresh request from a token response with no refresh token."); + XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalParameters:nil], + NSException, + kRefreshTokenRequestException); } - (void)testThatRefreshTokenExceptionWillBeRaisedForTokenRequestWithAdditionalHeaders { OIDAuthState *authState = [[OIDAuthState alloc] initWithAuthorizationResponse:nil tokenResponse:nil registrationResponse:nil]; - XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalHeaders:nil], NSException, @"Attempted to create a token refresh request from a token response with no refresh token."); + XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalHeaders:nil], + NSException, + kRefreshTokenRequestException); } - (void)testThatRefreshTokenExceptionWillBeRaisedForTokenRequestWithAdditionalParametersAndHeaders { OIDAuthState *authState = [[OIDAuthState alloc] initWithAuthorizationResponse:nil tokenResponse:nil registrationResponse:nil]; - XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalHeaders:nil], NSException, @"Attempted to create a token refresh request from a token response with no refresh token."); + XCTAssertThrowsSpecificNamed([authState tokenRefreshRequestWithAdditionalHeaders:nil], + NSException, + kRefreshTokenRequestException); } @end From 1863aa3ae171fd20662de9757af542e3ba51ba2e Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Wed, 21 Jun 2023 09:55:17 +0200 Subject: [PATCH 10/12] fix formatting in OIDTokenRequestTests.m --- UnitTests/OIDTokenRequestTests.m | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/UnitTests/OIDTokenRequestTests.m b/UnitTests/OIDTokenRequestTests.m index 2550df18d..2aa865238 100644 --- a/UnitTests/OIDTokenRequestTests.m +++ b/UnitTests/OIDTokenRequestTests.m @@ -181,13 +181,13 @@ - (void)testCopying { XCTAssertEqualObjects(request.codeVerifier, authResponse.request.codeVerifier, @"Request and response codeVerifiers should be equal."); XCTAssertNotNil(request.additionalParameters, - @"Request's additionalParameters field should not be nil."); + @"Request's additionalParameters field should not be nil."); XCTAssertEqualObjects(request.additionalParameters[kTestAdditionalParameterKey], kTestAdditionalParameterValue, @"The request's kTestAdditionalParameterKey additional parameter should " "be equal to kTestAdditionalParameterValue."); XCTAssertNotNil(request.additionalHeaders, - @"Request's additionalHeaders field should not be nil."); + @"Request's additionalHeaders field should not be nil."); XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], kTestAdditionalHeaderValue, @"The request's kTestAdditionalHeaderKey additional parameter should " From 741d1e1bad1c6935d7708bb1eb3277515b35f88c Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Thu, 22 Jun 2023 10:29:15 +0200 Subject: [PATCH 11/12] #770 fix CI --- Source/AppAuthCore/OIDTokenRequest.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Source/AppAuthCore/OIDTokenRequest.h b/Source/AppAuthCore/OIDTokenRequest.h index e4b12d9ef..1d161cd08 100644 --- a/Source/AppAuthCore/OIDTokenRequest.h +++ b/Source/AppAuthCore/OIDTokenRequest.h @@ -129,7 +129,7 @@ NS_ASSUME_NONNULL_BEGIN refreshToken:(nullable NSString *)refreshToken codeVerifier:(nullable NSString *)codeVerifier additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeader; + additionalHeaders:(nullable NSDictionary *)additionalHeaders; /*! @brief Designated initializer. @param configuration The service's configuration. @@ -157,7 +157,7 @@ NS_ASSUME_NONNULL_BEGIN refreshToken:(nullable NSString *)refreshToken codeVerifier:(nullable NSString *)codeVerifier additionalParameters:(nullable NSDictionary *)additionalParameters - additionalHeaders:(nullable NSDictionary *)additionalHeader; + additionalHeaders:(nullable NSDictionary *)additionalHeaders NS_DESIGNATED_INITIALIZER; /*! @brief Designated initializer for NSSecureCoding. From 15fc1e6514b5e9bad43b074d22932db055101c7b Mon Sep 17 00:00:00 2001 From: Vitalij Dadaschjanz Date: Mon, 26 Jun 2023 11:29:23 +0200 Subject: [PATCH 12/12] fix tvOS test --- UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.h | 6 +++--- UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.h b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.h index 32497c854..2ffbc5775 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.h +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.h @@ -48,10 +48,10 @@ NS_ASSUME_NONNULL_BEGIN */ - (void)testTokenPollRequest; -/*! @brief Tests the @c tokenPollRequestWithAdditionalParameters method with one additional - parameter. +/*! @brief Tests the @c testTokenPollRequestWithAdditionalParametersAdditionalHeaders method with one additional + parameter and one additional header. */ -- (void)testTokenPollRequestWithAdditionalParameters; +- (void)testTokenPollRequestWithAdditionalParametersAdditionalHeaders; @end diff --git a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m index b5f90de7e..288228e88 100644 --- a/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m +++ b/UnitTests/AppAuthTV/OIDTVAuthorizationResponseTests.m @@ -270,8 +270,8 @@ - (void)testTokenPollRequest { XCTAssertEqualObjects(pollRequest.additionalParameters, @{}); } -/*! @brief Tests the @c tokenPollRequestWithAdditionalParameters method with one additional - parameter. +/*! @brief Tests the @c testTokenPollRequestWithAdditionalParametersAdditionalHeaders method with one additional + parameter and one additional header. */ - (void)testTokenPollRequestWithAdditionalParametersAdditionalHeaders { OIDTVAuthorizationResponse *testResponse = [self testAuthorizationResponse];