From b66dc8431ea634337fa7f97f5021f312282f09c0 Mon Sep 17 00:00:00 2001 From: Felix Schwarz Date: Mon, 22 Jan 2024 12:11:52 +0100 Subject: [PATCH] - OAuth2: add authentication-oauth2.omit-authorization-parameters option to allow omitting parameters from authorization requests (implements https://github.com/owncloud/ios-app/issues/1318) --- .../OCAuthenticationMethodOAuth2.h | 1 + .../OCAuthenticationMethodOAuth2.m | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.h b/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.h index ed394f6a..fd1b8e10 100644 --- a/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.h +++ b/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.h @@ -67,5 +67,6 @@ extern OCClassSettingsKey OCAuthenticationMethodOAuth2RedirectURI; extern OCClassSettingsKey OCAuthenticationMethodOAuth2ClientID; extern OCClassSettingsKey OCAuthenticationMethodOAuth2ClientSecret; extern OCClassSettingsKey OCAuthenticationMethodOAuth2ExpirationOverrideSeconds; +extern OCClassSettingsKey OCAuthenticationMethodOAuth2OmitAuthorizationParameters; NS_ASSUME_NONNULL_END diff --git a/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.m b/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.m index f77ce43f..d8ea4a2f 100644 --- a/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.m +++ b/ownCloudSDK/Authentication/OCAuthenticationMethodOAuth2.m @@ -158,6 +158,12 @@ + (OCClassSettingsMetadataCollection)classSettingsMetadata OCClassSettingsMetadataKeyDescription : @"OAuth2 Expiration Override - lets OAuth2 tokens expire after the provided number of seconds (useful to prompt quick `refresh_token` requests for testing)", OCClassSettingsMetadataKeyStatus : OCClassSettingsKeyStatusDebugOnly, OCClassSettingsMetadataKeyCategory : @"OAuth2" + }, + OCAuthenticationMethodOAuth2OmitAuthorizationParameters : @{ + OCClassSettingsMetadataKeyType : OCClassSettingsMetadataTypeStringArray, + OCClassSettingsMetadataKeyDescription : @"Omit Authorization Request Parameters - parameter names provided here are omitted from OAuth2 authorization requests.", + OCClassSettingsMetadataKeyStatus : OCClassSettingsKeyStatusAdvanced, + OCClassSettingsMetadataKeyCategory : @"OAuth2" } }); } @@ -385,6 +391,7 @@ - (void)generateBookmarkAuthenticationDataWithConnection:(OCConnection *)connect if ((options[OCAuthenticationMethodPresentingViewControllerKey] != nil) && (connection!=nil)) { NSURL *authorizationRequestURL; + NSArray *omitAuthorizationParameters; // Generate Authorization Request URL NSDictionary *parameters = @{ @@ -406,6 +413,20 @@ - (void)generateBookmarkAuthenticationDataWithConnection:(OCConnection *)connect parameters = [self prepareAuthorizationRequestParameters:parameters forConnection:connection options:options]; + // Omit parameters from authorization as per settings (default: none) + if ((parameters != nil) && ((omitAuthorizationParameters = [self classSettingForOCClassSettingsKey:OCAuthenticationMethodOAuth2OmitAuthorizationParameters]) != nil)) + { + NSMutableDictionary *mutableParameters = [parameters mutableCopy]; + + for (NSString *omitParameter in omitAuthorizationParameters) + { + [mutableParameters removeObjectForKey:omitParameter]; + } + + parameters = mutableParameters; + } + + // Compose authorization request authorizationRequestURL = [[self authorizationEndpointURLForConnection:connection options:options] urlByAppendingQueryParameters:parameters replaceExisting:NO]; dispatch_async(dispatch_get_main_queue(), ^{ @@ -1110,3 +1131,4 @@ - (void)sendTokenRequestToConnection:(OCConnection *)connection withParameters:( OCClassSettingsKey OCAuthenticationMethodOAuth2ClientID = @"oa2-client-id"; OCClassSettingsKey OCAuthenticationMethodOAuth2ClientSecret = @"oa2-client-secret"; OCClassSettingsKey OCAuthenticationMethodOAuth2ExpirationOverrideSeconds = @"oa2-expiration-override-seconds"; +OCClassSettingsKey OCAuthenticationMethodOAuth2OmitAuthorizationParameters = @"omit-authorization-parameters";