“Oops, something went wrong” error when authenticating w OAuth2 and Eventbrite using iOS / swift

Question

I am trying to authenticate w OAuth2 and Eventbrite using iOS / swift. Here is my relevant code snippet:

let oauthswift = OAuth2Swift(
        consumerKey:    Eventbrite["consumerKey"]!,
        consumerSecret: Eventbrite["consumerSecret"]!,
        authorizeUrl:   "https://www.eventbrite.com/oauth/authorize",
        accessTokenUrl: "https://www.eventbrite.com/oauth/token",
        responseType:   "code"
    )
    oauthswift.authorizeWithCallbackURL( NSURL(string: "oauth2-swift://oauth-callback/eventbrite")!, scope: "", state: "",
        success: {
            credential, response, parameters in
            self.showAlertView("Eventbrite", message: "oauth_token:\(credential.oauth_token)")
        }, failure: {(error:NSError!) -> Void in
            println(error.localizedDescription)
    })

However when I go to the eventbrite oauth page after I accept that I want to connect this application with my account I see “Oops, something went wrong” error in eventbrite. The url is: https://www.eventbrite.com/oauth/authorize?client_id={MyClientId}&redirect_uri=oauth2-swift://oauth-callback/eventbrite&response_type=code

I have added the “oauth-swift” URL scheme to info.plist.

Here are my eventbrite App settings: Application URL: http://mywebsite.com OAuth Redirect Uri: oauth-swift://oauth-callback/eventbrite

How can I redirect the user to my app so I can retrieve the access token? The app delegate / openURL function is not called when I try to authenticate w Eventbrite (it gets called when I try w Foursquare and Instagram). Also, I tried OAuth2 with Foursquare and Instagram and it works fine.

Am I missing something specific to OAuth2 w eventbrite w.r.t my app settings, code etc.? Thanks

Answer 1

Couple of things to be cautious when working with OAuth in iOS:

1. If you are planning to distribute your app in the App Store make sure you do not use Safari to authenticate. You have to do this within your app and the best place is using a WebView.
2. Never store your App/Consumer Secret in your iOS App.

Now, how to implement OAuth authentication via WebView?

1. If you are using storyboards drag a WebView in to a ViewController. Also create a class file for the ViewController and create an IBOutlet for the WebView.

2. On the viewDidAppear function of the ViewController set the WebView to load your authorisation url.

   authorisationURL = "https://www.eventbrite.com/oauth/authorize?client_id=YOUR_CLIENT_KEY&response_type=code&redirect_uri=REDIRECT_URI"
   
   self.webView.loadRequest(NSURLRequest(URL: NSURL(string: authorisationURL)!))
   

3. Add UIWebViewDelegate protocol to the ViewController and add function webViewDidFinishLoad(webView: UIWebView). This function will be called whenever the WebView finishes loading a page.

4. Once the user provides access to your App, Eventbrite will redirect you to the redirect uri you provided with the code. e.g. https://localhost?code=xxxx. We can access the code by reading this URL.

   if (webView.request?.URL?.absoluteString!.rangeOfString("code=") != nil) {
       let queryString = webView.request?.URL?.query
       println(queryString)            
       let authenticationCode = queryString!.substringFromIndex(advance(codeContainer!.startIndex, 5))
       // we are advancing 5 characters in order to ignore "code="
   }
   

Now that you have got your code, its time to use your backend to retrieve the access token. Do you have access to a web server? If yes, you just need to pass the code you obtained above to your backend and initiate a POST request from your backend. Eventbrite will respond you with an access token which you can either store in the backend (recommended) or in the client.

    method: 'POST',
    url: 'https://www.eventbrite.com/oauth/token',
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded',
    },
    body: {
      'client_id' : '*******',
      'client_secret' : '********',
      'grant_type' : 'authorization_code',
      'code' : CODE_RECEIVED_FROM_ABOVE
    }

If you do not have access to a web server you can try Parse.com.