diff --git a/Source/AppAuthCore/OIDTokenRequest.m b/Source/AppAuthCore/OIDTokenRequest.m index 08b0dafec..e09e5577d 100644 --- a/Source/AppAuthCore/OIDTokenRequest.m +++ b/Source/AppAuthCore/OIDTokenRequest.m @@ -330,7 +330,7 @@ - (NSURLRequest *)URLRequest { } for (id header in _additionalHeaders) { - [URLRequest setValue:httpHeaders[header] forHTTPHeaderField:header]; + [URLRequest setValue:_additionalHeaders[header] forHTTPHeaderField:header]; } return URLRequest; diff --git a/UnitTests/OIDTokenRequestTests.m b/UnitTests/OIDTokenRequestTests.m index 2aa865238..20ba691ca 100644 --- a/UnitTests/OIDTokenRequestTests.m +++ b/UnitTests/OIDTokenRequestTests.m @@ -56,6 +56,14 @@ */ static NSString *const kTestAdditionalHeaderValue = @"2"; +/*! @brief Test key for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderKey2 = @"C"; + +/*! @brief Test value for the @c additionalHeaders property. + */ +static NSString *const kTestAdditionalHeaderValue2 = @"3"; + @implementation OIDTokenRequestTests + (OIDTokenRequest *)testInstance { @@ -154,6 +162,32 @@ + (OIDTokenRequest *)testInstanceRefresh { return request; } ++ (OIDTokenRequest *)testInstanceAdditionalHeaders { + OIDAuthorizationResponse *authResponse = [OIDAuthorizationResponseTests testInstance]; + NSArray *scopesArray = + [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope]; + NSDictionary *additionalParameters = + @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue }; + NSDictionary *additionalHeaders = @{ + kTestAdditionalHeaderKey : kTestAdditionalHeaderValue, + kTestAdditionalHeaderKey2 : kTestAdditionalHeaderValue2 + }; + + OIDTokenRequest *request = + [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration + grantType:OIDGrantTypeAuthorizationCode + authorizationCode:authResponse.authorizationCode + redirectURL:authResponse.request.redirectURL + clientID:authResponse.request.clientID + clientSecret:authResponse.request.clientSecret + scopes:scopesArray + refreshToken:kRefreshTokenTestValue + codeVerifier:authResponse.request.codeVerifier + additionalParameters:additionalParameters + additionalHeaders:additionalHeaders]; + return request; +} + /*! @brief Tests the @c NSCopying implementation by round-tripping an instance through the copying process and checking to make sure the source and destination instances are equivalent. */ @@ -239,6 +273,10 @@ - (void)testSecureCoding { XCTAssertNotNil(request.additionalHeaders, @""); XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey], kTestAdditionalHeaderValue, @""); + + NSURLRequest *urlRequest = [request URLRequest]; + XCTAssertEqualObjects([urlRequest.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue); NSData *data = [NSKeyedArchiver archivedDataWithRootObject:request]; OIDTokenRequest *requestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data]; @@ -263,6 +301,10 @@ - (void)testSecureCoding { XCTAssertNotNil(requestCopy.additionalHeaders, @""); XCTAssertEqualObjects(requestCopy.additionalHeaders[kTestAdditionalHeaderKey], kTestAdditionalHeaderValue, @""); + + NSURLRequest *urlrequestCopy = [requestCopy URLRequest]; + XCTAssertEqualObjects([urlrequestCopy.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue); } - (void)testURLRequestNoClientAuth { @@ -302,6 +344,17 @@ - (void)testAuthorizationCodeNullRedirectURL { additionalHeaders:additionalHeaders], @""); } +- (void)testThatAdditionalHeadersAreInTokenRequest { + OIDTokenRequest *request = [[self class] testInstanceAdditionalHeaders]; + NSURLRequest* urlRequest = [request URLRequest]; + + XCTAssertEqualObjects([urlRequest.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey], + kTestAdditionalHeaderValue); + + XCTAssertEqualObjects([urlRequest.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey2], + kTestAdditionalHeaderValue2); +} + @end #pragma GCC diagnostic pop