I'm currently trying to complete the OAuth dance with the Deezer API.
I have created a Deezer app on their site and full fill required fields.
I'm not using the Deezer SDK as it's deprecated since a long time ago.
I'm loading the request with a WKWebView and the request looks like :
https://connect.deezer.com/oauth/auth.php?app_id=MY_APP_ID&redirect_uri=MY_REDIRECT_URL&response_type=token&perms=basic_access
This open a webview displaying an auth form.
After i login with my deezer account credentials, i'm supposed to be redirected to the previous specified url MY_REDIRECT_URL.
But i intercept the redirection like this :
public func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Swift.Void) {
if !isLoading {
isLoading = true
}
if let redirectedUrl = navigationAction.request.url, redirectedUrl.host == AppConfig.redirectHost {
// extracting token from url
let deezerToken = DeezerURLBuilder.deezerToken(fromUrl: redirectedUrl)
// saving token
PrefUtils.shared.deezerToken = deezerToken
didLogin = true
decisionHandler(.cancel)
return
}
decisionHandler(.allow)
}
I don't want to go to the redirect url because i'm in a iOS app and i hope i could prevent the server step.
I have noticed that the redirectedUrl looks like : https://MY_REDIRECT_URL/#access_token=frazeeFRT188maXzvPiCeTDEjCCbrIGGaCwlkGQra4whmp7rtJ&expires=1468
I don't understand why because from the Deezer API, i should see a code query parameter which i should put in the next request for App Authentication like this :
https://connect.deezer.com/oauth/access_token.php?app_id=MY_APP_ID&secret=MY_APP_SECRET&code=THE_MISSING_CODE
That request was sent with URLSession.shared.data.
So i was assuming that i got the final access_token and continue to request the user info with :
https://api.deezer.com/user/me?access_token=frazeeFRT188maXzvPiCeTDEjCCbrIGGaCwlkGQra4whmp7rtJ
Finally i got an error stating : "An active token must be used to query information about the current user"
I try the first request inside Safari in macOS then i was redirected to MY_REDIRECT_URL. After this i tried the request to get user info and it succeeded, i saw the json response in the Safari.
As i understand, Deezer has set cookies during the redirection in Safari. My guess is requests are completed because of the cookies and when i'm in the iOS App WKWebView is dismiss and subsequent requests are made without these.
To sum up,
why am i getting
(because i ask for it with the access_token without providing 'my app secret request' ?response_type param set to token)
How to properly do OAuth dance with Deezer API in SwiftUI/Swift App without Deezer SDK ?
PS: I didn't try OAuthSwift library as i want to keep it simple.
Thx for any help
EDIT: SOLVED
it was a typo in my url parameter... but it is fully working without a server redirect.