Merge pull request #73 from tumblr/remove-three-legged-oauth

irace · irace · commit c4fb542710d4 · 2014-11-11T11:39:31.000-05:00
Remove three legged OAuth
diff --git a/Podfile b/Podfile
@@ -1,9 +1,8 @@
-platform :ios, '5.0'
+source 'https://github.com/CocoaPods/Specs.git'
 
-pod 'TMTumblrSDK', :local => 'TMTumblrSDK.podspec'
+platform :ios, '5.0'
 
-# Can't use podspec directive due to a bug: https://github.com/CocoaPods/CocoaPods/issues/928
-# podspec :name => 'TMTumblrSDK.podspec'
+podspec :name => 'TMTumblrSDK.podspec'
 
 target :test, :exclusive => true do
     link_with 'TMTumblrSDKTests'
diff --git a/README.md b/README.md
@@ -112,7 +112,18 @@ SDK does *not* currently persist these values; you are responsible for storing t
 the API client on subsequent app launches, before making any API requests. This may change in a future
 release.
 
-### OAuth
+### OAuth (OS X only)
+
+Unfortunately, [Apple has started rejecting apps](https://github.com/tumblr/TMTumblrSDK/issues/67#issuecomment-59384303) 
+that use three-legged OAuth via Safari, the preferred way to retrieve access tokens from a security perspective. For 
+the time being, please either:
+
+* [Request xAuth access](http://www.tumblr.com/oauth/apps)
+* Use a web view inside of your application (here's [a TMTumblrSDK fork](https://github.com/felixmo/TMTumblrSDK/) 
+that adds this capability, we may add it to the SDK proper at a later date)
+
+We hope to have more to share on this note shortly.
+
 In your app’s `Info.plist`, specify a custom URL scheme that the browser can
 use to return to your application once the user has permitted or denied
 access to Tumblr:
@@ -130,16 +141,7 @@ access to Tumblr:
 ```
 
 In your app delegate, allow the `TMAPIClient` singleton to handle incoming URL
-requests. On iOS this looks like:
-
-``` objectivec
-- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication
-         annotation:(id)annotation {
-    return [[TMAPIClient sharedInstance] handleOpenURL:url];
-}
-```
-
-And on OS X:
+requests.
 
 ``` objectivec
 - (void)applicationWillFinishLaunching:(NSNotification *)notification {
diff --git a/TMTumblrSDK.podspec b/TMTumblrSDK.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = 'TMTumblrSDK'
-  s.version      = '1.1.1'
+  s.version      = '2.0'
   s.summary      = 'An unopinionated and flexible library for easily integrating Tumblr data into your iOS or OS X application.'
   s.author       = { 'Bryan Irace' => 'bryan@tumblr.com' }
   s.homepage     = 'http://tumblr.github.com/TMTumblrSDK'
diff --git a/TMTumblrSDK.xcodeproj/project.pbxproj b/TMTumblrSDK.xcodeproj/project.pbxproj
diff --git a/TMTumblrSDK/APIClient/TMAPIClient.h b/TMTumblrSDK/APIClient/TMAPIClient.h
@@ -92,15 +92,17 @@ typedef void (^TMAPICallback)(id, NSError *error);
  */
 - (void)sendRequest:(JXHTTPOperation *)request queue:(NSOperationQueue *)queue callback:(TMAPICallback)callback;
 
+#ifdef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
+
 /** @name Authentication */
 
 /**
- Authenticate via three-legged OAuth. 
+ Authenticate via three-legged OAuth.
  
- Your `TMAPIClient` instance's `handleOpenURL:` method must also be called from your `UIApplicationDelegate`'s 
+ Your `TMAPIClient` instance's `handleOpenURL:` method must also be called from your `UIApplicationDelegate`'s
  `application:openURL:sourceApplication:annotation:` method in order to receive the tokens.
  
- This method proxies to an underlying `TMTumblrAuthenticator`. That class can be used on its own but you do not need to 
+ This method proxies to an underlying `TMTumblrAuthenticator`. That class can be used on its own but you do not need to
  invoke it directly if you are including the whole API client in your project.
  
  @param URLScheme a URL scheme that your application can handle requests to.
@@ -109,7 +111,7 @@ typedef void (^TMAPICallback)(id, NSError *error);
 
 /**
  Authenticate via three-legged OAuth. This should be called from your `UIApplicationDelegate`'s
- `application:openURL:sourceApplication:annotation:` method in order to receive the tokens. 
+ `application:openURL:sourceApplication:annotation:` method in order to receive the tokens.
  
  This method proxies to an underlying `TMTumblrAuthenticator`. That class can be used on its own but you do not need to
  invoke it directly if you are including the whole API client in your project.
@@ -118,6 +120,8 @@ typedef void (^TMAPICallback)(id, NSError *error);
  */
 - (BOOL)handleOpenURL:(NSURL *)url;
 
+#endif
+
 /**
  Authenticate via xAuth. Please note that xAuth access [must be specifically requested](http://www.tumblr.com/oauth/apps) 
  for your application.
diff --git a/TMTumblrSDK/APIClient/TMAPIClient.m b/TMTumblrSDK/APIClient/TMAPIClient.m
@@ -35,20 +35,24 @@ + (instancetype)sharedInstance {
 
 #pragma mark - Authentication
 
+#ifdef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
+
 - (void)authenticate:(NSString *)URLScheme callback:(void(^)(NSError *))callback {
     [[TMTumblrAuthenticator sharedInstance] authenticate:URLScheme
                                                 callback:^(NSString *token, NSString *secret, NSError *error) {
-        self.OAuthToken = token;
-        self.OAuthTokenSecret = secret;
-        
-        callback(error);
-    }];
+                                                    self.OAuthToken = token;
+                                                    self.OAuthTokenSecret = secret;
+                                                    
+                                                    callback(error);
+                                                }];
 }
 
 - (BOOL)handleOpenURL:(NSURL *)url {
     return [[TMTumblrAuthenticator sharedInstance] handleOpenURL:url];
 }
 
+#endif
+
 - (void)xAuth:(NSString *)emailAddress password:(NSString *)password callback:(void(^)(NSError *))callback {
     return [[TMTumblrAuthenticator sharedInstance] xAuth:emailAddress password:password
                                                 callback:^(NSString *token, NSString *secret, NSError *error) {
diff --git a/TMTumblrSDK/Authentication/TMTumblrAuthenticator.h b/TMTumblrSDK/Authentication/TMTumblrAuthenticator.h
@@ -21,6 +21,8 @@ typedef void (^TMAuthenticationCallback)(NSString *, NSString *, NSError *);
 
 + (TMTumblrAuthenticator *)sharedInstance;
 
+#ifdef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
+
 /**
  Authenticate via three-legged OAuth.
  
@@ -39,6 +41,8 @@ typedef void (^TMAuthenticationCallback)(NSString *, NSString *, NSError *);
  */
 - (BOOL)handleOpenURL:(NSURL *)url;
 
+#endif
+
 /**
  Authenticate via xAuth.
  
diff --git a/TMTumblrSDK/Authentication/TMTumblrAuthenticator.m b/TMTumblrSDK/Authentication/TMTumblrAuthenticator.m
@@ -41,6 +41,8 @@ + (id)sharedInstance {
     return instance;
 }
 
+#ifdef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
+
 - (void)authenticate:(NSString *)URLScheme callback:(TMAuthenticationCallback)callback {
     // Clear token secret in case authentication was previously started but not finished
     self.threeLeggedOAuthTokenSecret = nil;
@@ -73,12 +75,8 @@ - (void)authenticate:(NSString *)URLScheme callback:(TMAuthenticationCallback)ca
                               [NSString stringWithFormat:@"https://www.tumblr.com/oauth/authorize?oauth_token=%@",
                                responseParameters[@"oauth_token"]]];
             
-#if __IPHONE_OS_VERSION_MIN_REQUIRED
-            [[UIApplication sharedApplication] openURL:authURL];
-#else
             [[NSWorkspace sharedWorkspace] openURL:authURL];
-#endif
-
+            
         } else {
             if (callback) {
                 callback(nil, nil, errorWithStatusCode(statusCode));
@@ -150,6 +148,8 @@ - (BOOL)handleOpenURL:(NSURL *)url {
     return YES;
 }
 
+#endif
+
 - (void)xAuth:(NSString *)emailAddress password:(NSString *)password callback:(TMAuthenticationCallback)callback {
     NSDictionary *requestParameters = @{
         @"x_auth_username" : emailAddress,
