Oauth2 ssl support

CHIO-CHIO

@SGaist sorry for late answer.
Macos 11.2.2
I do. LibreSSL 2.8.3

SGaist

Did you rebuild Qt yourself ?

Can you share a minimal compilable example that shows the issue ?

CHIO-CHIO

@SGaist its pure. Without any rebuild.

LoginWrapper::LoginWrapper(QObject *parent): QObject(parent)
{
    auto replyHandler = new QOAuthHttpServerReplyHandler(17801, this);
    oauth2.setReplyHandler(replyHandler);
    oauth2.setAuthorizationUrl(authorize_url);
    oauth2.setAccessTokenUrl(access_token_url);
    oauth2.setClientIdentifier(QString("..."));
    oauth2.setClientIdentifierSharedKey(QString("..."));
    oauth2.setModifyParametersFunction([](QAbstractOAuth::Stage stage, QVariantMap *parameters) {
        (*parameters)["redirect_uri"] = QUrl("https://127.0.0.1:17801/"); 
    });

   connect(&oauth2, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, &QDesktopServices::openUrl);
}

void LoginWrapper::grant()
{
    oauth2.grant();
    connect(&oauth2, &QOAuth2AuthorizationCodeFlow::statusChanged, [=](
            QAbstractOAuth::Status status) {
        if (status == QAbstractOAuth::Status::Granted) {
            qDebug() << "Granted";
        }
        else {
            qDebug() << "Not granted";
        }
    });
}

This one call url, auth and after access it redirect to https://127.0.0.1:17801/?code=some_code
With error on firefox PR_END_OF_FILE_ERROR. There is no proxy, vpn or any block from firewall.
If i custom change url to http://... in browser and press enter, it granded token.

SGaist

Which service are you trying to access for authentication ?

CHIO-CHIO

https://shikimori.one/oauth

SGaist

In order to reproduce your issue, you should at least provide the complete class, here it's impossible to build it without adding the missing bits and pieces.

As for your error, do you really have https setup properly on your host machine ?

CHIO-CHIO

@SGaist i can share here, its 5 short files.

SGaist

@SGaist said in Oauth2 ssl support:

As for your error, do you really have https setup properly on your host machine ?

Did you check this ?

CHIO-CHIO

How to check that?

SGaist

Well, you should know if you have setup an ssl enabled server on your local machine.

testmonkey

@SGaist QOAuthHttpServerReplyHandler ala replyHandler .... as far as I know isn't ssl aware. I think it needs some qsslsocket magic somewhere for services that are enforcing https callbacks... :'(

currently stuck with this problem.

JKSH

@CHIO-CHIO said in Oauth2 ssl support:

I do. LibreSSL 2.8.3

Qt is built against OpenSSL 1.1, which is incompatible with OpenSSL 1.0.

LibreSSL is forked from OpenSSL 1.0 and made many changes after that.

You cannot use LibreSSL with Qt. You need OpenSSL 1.1

How to check that?

Before you try complex OAuth handshaking, make sure that you can do a simple GET operation on a HTTPS website (using QNetworkAccessManager::get()

testmonkey

@JKSH hello JKSH

even with openssl 1.1 it still fails if the web service the you're trying to access is wrongly enforcing https on the redirect_uri - localhost loopback (against what section 8.3 in the rfc8252 says)

glanced at the QOAuthHttpServerReplyHandler code and I can't see any QSslSocket foo :(

I get the same errors as OP, and firefox kicks back with PR_END_OF_FILE_ERROR.

If you manually replace https for http in the callback url after authorizeWithBrowser everything works as expected (TemporaryCredentials get exchanged for a Token and status becomes granted)

The actual credentials/token exchanges are all over https... just not the callback with the code argument.

To repeat the issue, you need to try and connect to a web service that is enforcing https on oauth2 callback (redirect_uri), add a QOAuthHttpServerReplyHandler listening on that port, and modify the redirect_uri parameter to match the https uri setup in the web service.

SGaist

Seems like you do know of such a service.

Can you provide a minimal example with setup instructions so that it can be reproduce ?