box-ios-sdk icon indicating copy to clipboard operation
box-ios-sdk copied to clipboard

Published 20 hours ago verified publisher icon box

Custom callbackURL in BoxSDK not working

Open dabeku opened this issue 3 years ago • 3 comments

  • [x] I have checked that the SDK documentation doesn't solve my issue.
  • [x] I have checked that the API documentation doesn't solve my issue.
  • [x] I have searched the Box Developer Forums and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference).
  • [x] I have searched Issues in this repo and my issue isn't already reported.

Description of the Issue

I'm using the same Box app in Android and iOS (same client_id, client_secret and redirect_uri). Since Android doesn't support urls with scheme boxsdk-***://... I decide to use the custom redirect url (the same I use in Android for oauth2) in the iOS SDK.

let sdk = BoxSDK(clientId: Constant.BOX_CLIENT_ID, clientSecret: Constant.BOX_SECRET, callbackURL: "https://account.box.com/api/oauth2/authorize?client_id=(Constant.BOX_CLIENT_ID)&response_type=code")

After login it says 'invalid_client' although the client_id is correct.

Expected Behavior

The login is successful.

Error Message, Including Stack Trace

invalid_data (in box credential screen after granting access to box)

Versions Used

iOS SDK: 6.0.3 Xcode: 12.4

dabeku avatar Mar 21 '21 05:03 dabeku

I find that choice of callback URL really surprising. I may be mistaken, but I believe that iOS authentication controllers require that you use a custom scheme, so I don't think that that callback URL would be supported.

jlawton avatar Mar 31 '21 08:03 jlawton

AFAIK it's the official callback URL that worked fince since a few years. Could you tell me the "correct" https:// callback URL for iOS?

dabeku avatar Mar 31 '21 17:03 dabeku

Hi @dabeku

Unfortunately there is not any "correct" https://callback for this.

When using OAuth2 authentication in our iOS SDK we use internally ASWebAuthenticationSession. Its implementation requires from us a custom URL scheme which means that neither http or https are valid.

This custom url scheme is required to notify ASWebAuthenticationSession that it's time to back to our app from a browser.

arjankowski avatar Oct 21 '21 15:10 arjankowski

This issue has been automatically marked as stale because it has not been updated in the last 30 days. It will be closed if no further activity occurs within the next 7 days. Feel free to reach out or mention Box SDK team member for further help and resources if they are needed.

stale[bot] avatar Dec 19 '22 19:12 stale[bot]

This issue has been automatically closed due to maximum period of being stale. Thank you for your contribution to Box iOS SDK and feel free to open another PR/issue at any time.

stale[bot] avatar Dec 28 '22 08:12 stale[bot]