Merge branch 'feature/additionalQueryParams' into develop

Conflicts:
	Sources/OAuth2Client/NXOAuth2Client.m

Author: stigi

Sources/OAuth2Client/NXOAuth2Account.m

@@ -81,7 +81,8 @@ - (NXOAuth2Client *)oauthClient;
             NSURL *authorizeURL = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationAuthorizeURL];
             NSURL *tokenURL = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationTokenURL];
             NSString *tokenType = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationTokenType];
-            
+            NSDictionary *additionalQueryParams = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationAdditionalAuthenticationParameters];
+
             oauthClient = [[NXOAuth2Client alloc] initWithClientID:clientID
                                                       clientSecret:clientSecret
                                                       authorizeURL:authorizeURL
@@ -90,6 +91,10 @@ - (NXOAuth2Client *)oauthClient;
                                                          tokenType:tokenType
                                                         persistent:NO
                                                           delegate:self];
+            if (additionalQueryParams) {
+                oauthClient.additionalAuthenticationParameters = additionalQueryParams;
+            }
+            
         }
     }
     return oauthClient;

Sources/OAuth2Client/NXOAuth2AccountStore.h

@@ -36,6 +36,15 @@ extern NSString * const kNXOAuth2AccountStoreConfigurationScope;
 extern NSString * const kNXOAuth2AccountStoreConfigurationTokenType;
 
 
+/* 
+ * Requires a NSDictionary as a value.
+ * They are passed onto the authentication request as additional query parameters.
+ * The dictionary may not contain the keys "grant_type", "client_id", "client_secret",
+ * "username", "password", "redirect_uri", "code", "assertion_type" and "assertion" are not allowed.
+ */
+extern NSString * const kNXOAuth2AccountStoreConfigurationAdditionalAuthenticationParameters;
+
+
 #pragma mark Account Type
 
 extern NSString * const kNXOAuth2AccountStoreAccountType;

Sources/OAuth2Client/NXOAuth2AccountStore.m

@@ -42,6 +42,7 @@
 NSString * const kNXOAuth2AccountStoreConfigurationRedirectURL = @"kNXOAuth2AccountStoreConfigurationRedirectURL";
 NSString * const kNXOAuth2AccountStoreConfigurationScope = @"kNXOAuth2AccountStoreConfigurationScope";
 NSString * const kNXOAuth2AccountStoreConfigurationTokenType = @"kNXOAuth2AccountStoreConfigurationTokenType";
+NSString * const kNXOAuth2AccountStoreConfigurationAdditionalAuthenticationParameters = @"kNXOAuth2AccountStoreConfigurationAdditionalAuthenticationParameters";
 
 #pragma mark Account Type
 
@@ -388,6 +389,7 @@ - (NXOAuth2Client *)pendingOAuthClientForAccountType:(NSString *)accountType;
             NSURL *authorizeURL = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationAuthorizeURL];
             NSURL *tokenURL = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationTokenURL];
             NSString *tokenType = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationTokenType];
+            NSDictionary *additionalAuthenticationParameters = [configuration objectForKey:kNXOAuth2AccountStoreConfigurationAdditionalAuthenticationParameters];
 
             client = [[NXOAuth2Client alloc] initWithClientID:clientID
                                                  clientSecret:clientSecret
@@ -400,6 +402,11 @@ - (NXOAuth2Client *)pendingOAuthClientForAccountType:(NSString *)accountType;
 
             client.persistent = NO;
 
+            if (additionalAuthenticationParameters != nil) {
+                NSAssert([additionalAuthenticationParameters isKindOfClass:[NSDictionary class]], @"additionalAuthenticationParameters have to be a NSDictionary");
+                client.additionalAuthenticationParameters = additionalAuthenticationParameters;
+            }
+            
             if (scope != nil) {
                 client.desiredScope = scope;
             }

Sources/OAuth2Client/NXOAuth2Client.h

@@ -63,13 +63,15 @@ extern NSString * const NXOAuth2ClientConnectionContextTokenRefresh;
 @property (nonatomic, copy, readonly) NSString *clientId;
 @property (nonatomic, copy, readonly) NSString *clientSecret;
 @property (nonatomic, copy, readonly) NSString *tokenType;
+@property (nonatomic, strong, readwrite) NSDictionary *additionalAuthenticationParameters;
 
 @property (nonatomic, copy) NSSet *desiredScope;
 @property (nonatomic, copy) NSString *userAgent;
 
 @property (nonatomic, strong) NXOAuth2AccessToken    *accessToken;
 @property (nonatomic, unsafe_unretained) NSObject<NXOAuth2ClientDelegate>*    delegate;
 
+
 /*!
  * If set to NO, the access token is not stored any keychain, will be removed if it was.
  * Defaults to YES

Sources/OAuth2Client/NXOAuth2Client.m

@@ -108,6 +108,30 @@ - (void)dealloc;
 @synthesize clientId, clientSecret, tokenType;
 @synthesize desiredScope, userAgent;
 @synthesize delegate, persistent, accessToken, authenticating;
+@synthesize additionalAuthenticationParameters;
+
+- (void)setAdditionalAuthenticationParameters:(NSDictionary *)value;
+{
+    if (value == additionalAuthenticationParameters) return;
+    
+    NSArray *forbiddenKeys = @[ @"grant_type", @"client_id",
+                                @"client_secret",
+                                @"username", @"password",
+                                @"redirect_uri", @"code",
+                                @"assertion_type", @"assertion" ];
+    
+    for (id key in value) {
+        if ([forbiddenKeys containsObject:key]) {
+            [[NSException exceptionWithName:NSInvalidArgumentException
+                                     reason:[NSString stringWithFormat:@"'%@' is not allowed as a key for additionalAuthenticationParameters", key]
+                                   userInfo:nil] raise];
+        }
+    }
+    
+    additionalAuthenticationParameters = value;
+    
+    
+}
 
 - (void)setPersistent:(BOOL)shouldPersist;
 {
@@ -204,6 +228,10 @@ - (NSURL *)authorizationURLWithRedirectURL:(NSURL *)redirectURL;
                                        [redirectURL absoluteString], @"redirect_uri",
                                        nil];
 
+    if (self.additionalAuthenticationParameters) {
+        [parameters addEntriesFromDictionary:self.additionalAuthenticationParameters];
+    }
+    
     if (self.desiredScope.count > 0) {
         [parameters setObject:[[self.desiredScope allObjects] componentsJoinedByString:@" "] forKey:@"scope"];
     }
@@ -294,6 +322,10 @@ - (void)requestTokenWithAuthGrant:(NSString *)authGrant redirectURL:(NSURL *)red
         [parameters setObject:[[self.desiredScope allObjects] componentsJoinedByString:@" "] forKey:@"scope"];
     }
 
+    if (self.additionalAuthenticationParameters) {
+        [parameters addEntriesFromDictionary:self.additionalAuthenticationParameters];
+    }
+    
     authConnection = [[NXOAuth2Connection alloc] initWithRequest:tokenRequest
                                                requestParameters:parameters
                                                      oauthClient:self
@@ -323,6 +355,11 @@ - (void)authenticateWithUsername:(NSString *)username password:(NSString *)passw
     if (self.desiredScope) {
         [parameters setObject:[[self.desiredScope allObjects] componentsJoinedByString:@" "] forKey:@"scope"];
     }
+    
+    if (self.additionalAuthenticationParameters) {
+        [parameters addEntriesFromDictionary:self.additionalAuthenticationParameters];
+    }
+    
     authConnection = [[NXOAuth2Connection alloc] initWithRequest:tokenRequest
                                                requestParameters:parameters
                                                      oauthClient:self