Providing state for a oauth.io call with server-side auth (using iOS SDK)

Question

I'm trying to use oauth.io with Twitter or Facebook, with server-side auth, from an iOS app. I can connect to the service using [_oauthio showWithProvider:providerName];, and the connection returns without error. However, what I get is

oauthtest://localhost#oauthio={"status":"error","message":"You must provide a state when server-side auth","provider":"twitter"}

In other words, it requires a state parameter. But there is no obvious way to add this to the call anywhere? Does anyone know how to add this?

UPDATE: I dug down into the oath.io SDK, and spliced a &state=abc into the URL construction inside the showProviderWith: method, but that still gives the same result: connection returns successfully, but content indicates error as above.

Using a different provider, Facebook, I get exactly the same result (though, of course, with "provider":"Facebook")

Answer 1

OK, found the answer by looking at the oauth.io Android SDK: There is a facility to add a state parameter, but it is as a URL-encoded JSON object. So the correct way to pass it in the iOS query string is to have a query parameter opts which has as its value {"state":"STATE_HASH_HERE"}.

The full query string with a state value would thus look like this:

https://oauth.io/auth/twitter?k=<PUBLIC_KEY> &opts=%7B%22state%22%3A%22<STATE_VALUE>%22%7D &redirect_uri=OAuthTest://localhost

(where %7B = {, %22 = ", %3A = :, and %7D = } for the percent encoding of the JSON object.)

The crucial element is the wrapping up inside the opt parameter. None of that is actually included in the oauth.io iOS SDK.

UPDATE: my pull-request has now been merged, and there is a new method which can be used to pass options: [_oauthio showWithProvider:@"twitter" options:@{@"state": <STATE_VALUE>}];. `