{"id":20038501,"url":"https://github.com/yahoo/tdoauth","last_synced_at":"2025-04-05T03:12:38.260Z","repository":{"id":1409226,"uuid":"1474805","full_name":"yahoo/TDOAuth","owner":"yahoo","description":"A BSD-licensed single-header-single-source OAuth1 implementation.","archived":false,"fork":false,"pushed_at":"2023-02-13T21:40:40.000Z","size":256,"stargazers_count":249,"open_issues_count":0,"forks_count":94,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-03-29T02:09:10.052Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yahoo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2011-03-13T15:44:43.000Z","updated_at":"2024-08-26T12:06:02.000Z","dependencies_parsed_at":"2023-07-06T13:16:10.225Z","dependency_job_id":null,"html_url":"https://github.com/yahoo/TDOAuth","commit_stats":{"total_commits":106,"total_committers":34,"mean_commits":"3.1176470588235294","dds":0.8773584905660378,"last_synced_commit":"5658e9970c93805cd3052c23ce0038d6b4360168"},"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2FTDOAuth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2FTDOAuth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2FTDOAuth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2FTDOAuth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yahoo","download_url":"https://codeload.github.com/yahoo/TDOAuth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247280272,"owners_count":20912967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T10:29:34.345Z","updated_at":"2025-04-05T03:12:38.242Z","avatar_url":"https://github.com/yahoo.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TDOAuth\n\n[![CI Status](https://github.com/yahoo/TDOAuth/workflows/TDOAuth%20CI/badge.svg?branch=master)](https://github.com/yahoo/TDOAuth/actions)\n[![Swift Package Manager compatible](https://img.shields.io/badge/Swift%20Package%20Manager-compatible-brightgreen.svg)](https://github.com/apple/swift-package-manager)\n[![Version](https://img.shields.io/cocoapods/v/TDOAuth.svg?style=flat)](https://cocoapods.org/pods/TDOAuth)\n[![License](https://img.shields.io/cocoapods/l/TDOAuth.svg?style=flat)](https://cocoapods.org/pods/TDOAuth)\n[![Platform](https://img.shields.io/cocoapods/p/TDOAuth.svg?style=flat)](https://cocoapods.org/pods/TDOAuth)\n\n## Example\n\nTo run the example project, clone the repo, and run `pod install` from the Example directory first.\n\n## Requirements\n\nSwift 4, 4.2 or 5. The pure-Swift subspec has no dependencies.\n\n## Installation\n\n### CocoaPods\n\nTDOAuth is available through [CocoaPods](https://cocoapods.org). To install\nit, simply add the following line to your Podfile:\n\n```ruby\npod 'TDOAuth'\n```\n\n### SwiftPM\n\nAdd `.package(url: \"https://github.com/yahoo/TDOAuth.git\", from: \"1.6.0\")` to your `package.swift`\n\n## Usage (Swift)\n\n### Two-Legged OAuth (Client \u0026 Server Only)\n\nThe two legs of two-legged OAuth are the client and server. This method of authentication is suitable for verifying access from a blessed first-party. If you have only a consumer secret and consumer key, this the method you would use:\n\n```swift\nlet consumerSecret = \"my-consumer-secret\"\nlet consumerKey = \"my-consmer-key\"\n\n/// Generate our OAuth1 signer\nlet oauth1: OAuth1\u003cHMACSigner\u003e = {\n    let secrets = SharedSecrets(consumerSecret: consumerSecret)\n    let sha1Signer = HMACSigner(algorithm: .sha1, material: secrets)\n    return OAuth1(withConsumerKey: consumerKey, signer: sha1Signer)\n}()\n\n/// Feed requests into our OAuth1 signer to produce signed versions of those requests.\n/// The only modificataion to the provided request is setting the Authorization HTTP header.\nfunc signRequest(_ request: URLRequest) -\u003e URLRequest? {\n    return oauth1.sign(request: request)\n}\n```\n\n### Three-Legged OAuth (Client, Server \u0026 Third-party)\n\nThree-legged OAuth is a version suitable for authenticating a third-party to access a user's data. This method introduces a second set of key \u0026 secret for the third party:\n\n```swift\nlet consumerSecret = \"my-consumer-secret\"\nlet consumerKey = \"my-consmer-key\"\nlet accessToken: String? = \"access-token\"\nlet accessTokenSecret: String? = \"token-secret\"\n\n\n/// Generate our OAuth1 signer\nlet oauth1: OAuth1\u003cHMACSigner\u003e = {\n    let secrets = SharedSecrets(consumerSecret: consumerSecret, accessTokenSecret: accessTokenSecret)\n    let sha1Signer = HMACSigner(algorithm: .sha1, material: secrets)\n    return OAuth1(withConsumerKey: consumerKey, accessToken: accessToken, signer: sha1Signer)\n}()\n\n/// Feed requests into our OAuth1 signer to produce signed versions of those requests.\n/// The only modificataion to the provided request is setting the Authorization HTTP header.\nfunc signRequest(_ request: URLRequest) -\u003e URLRequest? {\n    return oauth1.sign(request: request)\n}\n```\n\n### Signing Methods\n\nIn the examples above, we use SHA-1 HMAC to sign generate the signatures. You may want to use a more secure hashing algorithm since SHA-1 is quite weak now. TDOAuth supports more secure SHA-2 signing by default, as well as arbitrary signing (Bring Your Own Algorithm).\n\nSupported SHA-2 variants:\n- SHA-224\n- SHA-256\n- SHA-384\n- SHA-512\n\nExample for SHA-256\n```swift\nlet signer: OAuth1\u003cHMACSigner\u003e = HMACSigner(algorithm: .sha256, material: secrets)\n```\n\n#### Plain text Signing\n\nPlain text signing is useful mainly for debugging or use over strictly pinned SSL connections. The keys are not secured in any way, so it is very bad idea to use this strategy without pinned SSL.\n\nExample for PlainText signing\n```swift\nlet signer: OAuth1\u003cPlaintextSigner\u003e = PlaintextSigner(keyMaterial: secrets)\n```\n\n#### Custom Signing\n\nTo provide your own custom signing, implement the `OAuth1Signer` protocol:\n```swift\npublic protocol OAuth1Signer {\n\n    associatedtype KeyMaterial\n\n    var signatureMethod: String { get }\n\n    init(keyMaterial: KeyMaterial)\n\n    func sign(_ value: String) -\u003e String\n}\n```\n\nFor a simple example, see the implementation in `PlaintextSigner.swift`.\n\n## Usage (Legacy Objective-C)\n\nUsing the Objective-C API is not recommended. It is provided for backwards compatability with the old TDOAuth Obj-C API. While the underlying code uses the exact same Swift code as above, the legacy TDOAuth API imposed significant opinions on the requests, and those opinions were replicated in the new compatability API. For example, a User-Agent header is generated and added automatically to your request. Handling for POST and form-data has a lot of caveats and edge cases around encoding.\n\nWhile the Swift API simply signs whatever `URLRequest` you provide it, the Objective-C API generates a new `NSURLRequest` for you as part of the signing process. As a result you may need to carefully alter the returned request instance to suit your needs (be sure not to break the signature).\n\n**Use the Swift API!**\n\nObjective-C API Example\n```objc\n@import TDOAuth;\n\nNSURLRequest * request = [TDOAuth URLRequestForPath:@\"/v1/service/name\"\n                         parameters:@{ \"count\": @10, \"format\": \"json\" }\n                               host:@\"api.example.com\"\n                        consumerKey:@\"my-consumer-key\"\n                     consumerSecret:@\"my-consumer-secret\"\n                        accessToken:@\"my-token\"\n                        tokenSecret:@\"my-token-secret\"\n                             scheme:@\"https\"\n                      requestMethod:@\"GET\"\n                       dataEncoding:TDOAuthContentTypeUrlEncodedForm\n                       headerValues:@{ \"Accept\": \"application/json\" }\n                    signatureMethod:TDOAuthSignatureMethodHmacSha1;\n```\n\n## Author\n\nAdam Kaplan, adamkaplan@yahooinc.com\n\n## License\n\nTDOAuth is available under the MIT license. See the LICENSE file for more info.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyahoo%2Ftdoauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyahoo%2Ftdoauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyahoo%2Ftdoauth/lists"}