- OAuth2: add authentication-oauth2.omit-authorization-parameters opt…

…ion to allow omitting parameters from authorization requests (implements owncloud/ios-app#1318)
owncloud · Jan 22, 2024 · b66dc84 · b66dc84
1 parent d9e7c10
commit b66dc84
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.h b/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.h
@@ -67,5 +67,6 @@ extern OCClassSettingsKey OCAuthenticationMethodOAuth2RedirectURI;
 extern OCClassSettingsKey OCAuthenticationMethodOAuth2ClientID;
 extern OCClassSettingsKey OCAuthenticationMethodOAuth2ClientSecret;
 extern OCClassSettingsKey OCAuthenticationMethodOAuth2ExpirationOverrideSeconds;
+extern OCClassSettingsKey OCAuthenticationMethodOAuth2OmitAuthorizationParameters;
 
 NS_ASSUME_NONNULL_END
diff --git a/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.m b/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.m
@@ -158,6 +158,12 @@ + (OCClassSettingsMetadataCollection)classSettingsMetadata
 			OCClassSettingsMetadataKeyDescription 	: @"OAuth2 Expiration Override - lets OAuth2 tokens expire after the provided number of seconds (useful to prompt quick `refresh_token` requests for testing)",
 			OCClassSettingsMetadataKeyStatus	: OCClassSettingsKeyStatusDebugOnly,
 			OCClassSettingsMetadataKeyCategory	: @"OAuth2"
+		},
+		OCAuthenticationMethodOAuth2OmitAuthorizationParameters : @{
+			OCClassSettingsMetadataKeyType 		: OCClassSettingsMetadataTypeStringArray,
+			OCClassSettingsMetadataKeyDescription 	: @"Omit Authorization Request Parameters - parameter names provided here are omitted from OAuth2 authorization requests.",
+			OCClassSettingsMetadataKeyStatus	: OCClassSettingsKeyStatusAdvanced,
+			OCClassSettingsMetadataKeyCategory	: @"OAuth2"
 		}
 	});
 }
@@ -385,6 +391,7 @@ - (void)generateBookmarkAuthenticationDataWithConnection:(OCConnection *)connect
 	if ((options[OCAuthenticationMethodPresentingViewControllerKey] != nil) && (connection!=nil))
 	{
 		NSURL *authorizationRequestURL;
+		NSArray<NSString *> *omitAuthorizationParameters;
 
 		// Generate Authorization Request URL
 		NSDictionary<NSString *,NSString *> *parameters = @{
@@ -406,6 +413,20 @@ - (void)generateBookmarkAuthenticationDataWithConnection:(OCConnection *)connect
 
 		parameters = [self prepareAuthorizationRequestParameters:parameters forConnection:connection options:options];
 
+		// Omit parameters from authorization as per settings (default: none)
+		if ((parameters != nil) && ((omitAuthorizationParameters = [self classSettingForOCClassSettingsKey:OCAuthenticationMethodOAuth2OmitAuthorizationParameters]) != nil))
+		{
+			NSMutableDictionary<NSString *, NSString *> *mutableParameters = [parameters mutableCopy];
+
+			for (NSString *omitParameter in omitAuthorizationParameters)
+			{
+				[mutableParameters removeObjectForKey:omitParameter];
+			}
+
+			parameters = mutableParameters;
+		}
+
+		// Compose authorization request
 		authorizationRequestURL = [[self authorizationEndpointURLForConnection:connection options:options] urlByAppendingQueryParameters:parameters replaceExisting:NO];
 
 		dispatch_async(dispatch_get_main_queue(), ^{
@@ -1110,3 +1131,4 @@ - (void)sendTokenRequestToConnection:(OCConnection *)connection withParameters:(
 OCClassSettingsKey OCAuthenticationMethodOAuth2ClientID = @"oa2-client-id";
 OCClassSettingsKey OCAuthenticationMethodOAuth2ClientSecret = @"oa2-client-secret";
 OCClassSettingsKey OCAuthenticationMethodOAuth2ExpirationOverrideSeconds = @"oa2-expiration-override-seconds";
+OCClassSettingsKey OCAuthenticationMethodOAuth2OmitAuthorizationParameters = @"omit-authorization-parameters";