new Withings token refresh endpoint breaks OAuthSwift

[ceramicatheist]

Description:

Withings recently sent out this announcement to their api users:

Important: Deprecating access and refresh tokens endpoints

As part of our continual improvement, we are migrating the OAuth 2.0 endpoints. The deprecated services will continue to operate normally until September 2021. Please review the article below to get more information on the breaking change.

with more detail here: https://support.withings.com/hc/en-us/articles/360016745358-Deprecating-access-and-refresh-tokens-endpoints
and here: http://developer.withings.com/api-reference#operation/oauth2-refreshaccesstoken

Unfortunately, the new endpoint:

• requires a parameter action, with value "requesttoken"
• requires parameter grant_type to equal "refresh_token" (not "authorization_code");
• and has the response structured differently: the keys of the response are now just body and status, with the former keys, including code, all in an object down below body.

This breaks OAuthSwift. The parameters it sends when getting or renewing an access token are wrong, and so Withings responds with an error. Looking at the source, it's also clear that the new response format would not be correctly parsed.

Handling of the above is all hard-coded in OAuthSwift, with no obvious way to override with e.g. a subclass: while certain functions are open, the functions they themselves call are private, so I can't intercept either the parameter construction or the response parsing. I reviewed #628, and it does not address the problem: non-public methods of OAuth2Swift make replacing the relevant methods not possible.

What should be done here? Is this properly dealt with at the OAuthSwift end or the Withings end? Could there be a strategy for handling this bizarre token-refresh endpoint that I'm not seeing?

I will send Withings a note pointing at this ticket to see if they have anything to contribute.

OAuth Provider:

Withings

OAuth Version:

• Version 1
• Version 2

OS (Please fill the version) :

• iOS : 14.6
• OSX :
• TVOS :
• WatchOS :

Installation method:

• Carthage
• CocoaPods
• Swift Package Manager
• Manually

Library version:

• head
• v2.1.0
• v2.0.0
• v1.4.1
• other: (Please fill in the version you are using.)

Xcode version:

• 11.4 (Swift 5.2)

• 11.x (Swift 5.1)

• 10.x (Swift 5.0)

• other: (Please fill in the version you are using.)

• objective c

[phimage]

We are open to code modification if they not break other services

It could be some way to override and some variable to configure for this specific service ( a bool for instance, there is already some, yes because no body was to use same spec 😭 )

Making all public/open could make code less maintenable and have a lot of breaking change. So it depends.
So I prefer new parameter with default value, or configuration var when possible