I've created a new project and generated a new OAuth 2.0 Client ID but there doesn't appear to be any client secret available within credentials. The documentation for OAuth 2.0 for Mobile & Desktop Apps:Step 5 states that this parameter needs to be provided.
Heres a request:
▿ https://oauth2.googleapis.com/token
▿ url : Optional<URL>
▿ some : https://oauth2.googleapis.com/token
- _url : https://oauth2.googleapis.com/token
- cachePolicy : 0
- timeoutInterval : 30.0
- mainDocumentURL : nil
- networkServiceType : __C.NSURLRequestNetworkServiceType
- allowsCellularAccess : true
▿ httpMethod : Optional<String>
- some : "POST"
▿ allHTTPHeaderFields : Optional<Dictionary<String, String>>
▿ some : 1 element
▿ 0 : 2 elements
- key : "Content-Type"
- value : "application/x-www-form-urlencoded; charset=utf-8"
▿ httpBody : Optional<Data>
▿ some : 372 bytes
- count : 372
▿ pointer : 0x00007fce7b5186f0
- pointerValue : 140524808931056
- httpBodyStream : nil
- httpShouldHandleCookies : true
- httpShouldUsePipelining : false
The request body data contains the exact same parameter values for client_id, redirect_uri and code_verifier used to successfully obtain a valid authorisation code.
Any request with no client_secret or using an empty string returns 400.
Any request using anything but an empty string returns 401, invalid_client error.
Here's a link to the documentation:
https://developers.google.com/identity/protocols/oauth2/native-app#ios
Here's a link to the project:
https://github.com/PJCSpencer/SwiftOAuth2Client
Any ideas?
