- SDK Version: 34.0.0
- Platforms(ios/android/both): iOS
Bug?
AppAuth is not sending the client ID or client secret when making the second request for the refresh and access tokens, using the authorization code.
Background:
I have a custom OAuth2 provider setup on a rails app using the Doorkeeper gem. I can see the request come in and that it is missing the client id and client secret. As a result, Doorkeeper’s /oauth/token
endpoint comes back with a HTTP status of 400.
Is this a bug, or is my AppAuth configuration incorrect? ( I tried multiple configs and also looked at the react-native-app-auth and AppAuth-iOS documentation for additional help since they explain more about the settings ). I even tried setting the client id and client secret again as additionalParameters
Code:
let returnUrl = Linking.makeUrl('example-auth-session')
const config = {
serviceConfiguration: {
authorizationEndpoint: 'https://example.herokuapp.com/oauth/authorize',
tokenEndpoint: 'https://example.herokuapp.com/oauth/token',
revocationEndpoint: 'https://example.herokuapp.com/oauth/revoke'
},
clientId: 'abc123',
clientSecret: 'xyv890',
scopes: [''],
redirectUrl: returnUrl,
additionalParameters: {
clientId: 'abc123',
clientSecret: 'xyv890',
}
};
console.log("config", config)
const tokenResponse = await AppAuth.authAsync(config); // 400 error after authentication when requesting refresh and access tokens
console.log("Token Response:", tokenResponse)
The client secret won’t be embedded in the production app. I’m just trying to get this example working first. Thanks for the help!