gabrielrinaldi / groauth2sessionmanager Goto Github PK

Now developer should refresh token manually. What about doing it in manager implicitly in GET/POST/etc methods?

Initialization method in example has name clientWithBaseURL:clientID:secret:, but must be managerWithBaseURL:clientID:secret:. :)

It would be useful to have an intermediate class I can subclass that just deals with setting a credential. GROAuth2SessionManager could subclass that.

Then I can use one session manager for all my authenticated calls and another for doing the actual auth.

This is more in keeping with out AFOAuth2Client worked:

it is recommended that you use `AFOAuth2Client` exclusively to get an authorization token, which is then passed to another `AFHTTPClient` subclass.

Unless that advise is now out of date?

Refer https://developer.vimeo.com/api/authentication

It's the final request with grant_type = authorization_code, in which Vimeo includes a "user" object to provide some information about who you've authed as. I'm not sure whether this is common practice. It would be pretty straight forward to add more parameters to the success block - but obviously this would be a breaking change. I wonder if other implementations might return information useful to the application in response headers; so maybe we need to pass the operation itself and the responseObject just to be future proof.

I'm going to experiment with this approach in a fork, so I'll be happy to submit a pull request. What do you think about this issue and possible approaches?

There are missing values for kAFOAuthCodeGrantType, kAFOAuthClientCredentialsGrantType, kAFOAuthPasswordCredentialsGrantType, kAFOAuthRefreshGrantType so if any of these values is used then it does not compile

Hello,
is there a reason why

- (void)setAuthorizationHeaderWithToken:(NSString *)token {

is not exposed in headers?

The OAuth2 spec makes no connection between refresh tokens and expiry. It's possible to have one without the other. Specifically - section 4.4 says there SHOULD NOT be a refresh token. While it is rare that iOS applications will make use of this form of auth, I propose to relax the constraints on refresh tokens and expiry

I still got issue AFNetworking (~> 2.4.1) required by GROAuth2SessionManager (0.2.3), it should be AFNetworking ~> 2.5.0

The current release in MacPorts is tied to AFN 2.2.1.
GROAuth2SessionManager.podspec has already been updated for AFN 2.4.1 a few weeks back.

The change in #2/#3 enabled support for iOS6. Is there a reason the podspec should not reflect that compatibility?

If the application is deleted the credential is expected to be deleted as well, so after installing there is no credential

Hey @gabrielrinaldi ! Can you make a new release to the cocoapods trunk for 0.2.3 (or whatever version number you see fit) so we can bring in support for AFNetworking 2.4.1? Thanks.