Pascal Pfiffner

This came up in #133 and at one point did work after #212 , guess it's no longer compiling.

Send a PR!

I'm unable to support this framework at this time. And for this PR, this shouldn't be an option since it's non-standard behavior, this should be a subclass, like all the...

Yeah I should indicate that; still hoping a friend can take over. To clarify, it’s a _non-suggested_ flow since it’s not secure. I want to make it hard to use...

There have recently been some changes there, have you seen them? In `tryToObtainAccessTokenIfNeeded` it will now return the error in the callback (except if it's a 401). This should result...

Given the complexity it adds to that method I'm not sure I see an advantage in this proposal over catching the same error in `authorize()` and then calling `doAuthorize()` there:...

And it's not feasible to catch the error yourself in DataLoader? This patch covers an edge case and I feel it's rather intrusive into the main machinery, I'd prefer a...

Do you know which servers don't support `state`? Not using state opens a gaping security hole and I would prefer if it has to be used.

The risk is in the library being able to be used without state parameter, which I'm not a fan of. How exactly are you starting the flow? Maybe it makes...

Subclass, take a look at e.g. [OAuth2CodeGrantNoTokenType](https://github.com/p2/OAuth2/blob/master/Sources/Flows/OAuth2CodeGrantNoTokenType.swift).