Oauth2 ssl support
-
Is there any solution for oauth with ssl?
If callback is https://127.0.0.1:1234, andoauth2.setModifyParametersFunction([](QAbstractOAuth::Stage stage, QVariantMap *parameters) { (*parameters)["redirect_uri"] = QUrl("https://127.0.0.1:1234/"); });
response crashes with
qt.networkauth.replyhandler: Invalid operation
qt.networkauth.replyhandler: Invalid MethodI cant register callback with http schema, its restricted from host site.
-
Hi,
On which OS are you running ?
Do you have OpenSSL installed ? -
Did you rebuild Qt yourself ?
Can you share a minimal compilable example that shows the issue ?
-
@SGaist its pure. Without any rebuild.
LoginWrapper::LoginWrapper(QObject *parent): QObject(parent) { auto replyHandler = new QOAuthHttpServerReplyHandler(17801, this); oauth2.setReplyHandler(replyHandler); oauth2.setAuthorizationUrl(authorize_url); oauth2.setAccessTokenUrl(access_token_url); oauth2.setClientIdentifier(QString("...")); oauth2.setClientIdentifierSharedKey(QString("...")); oauth2.setModifyParametersFunction([](QAbstractOAuth::Stage stage, QVariantMap *parameters) { (*parameters)["redirect_uri"] = QUrl("https://127.0.0.1:17801/"); }); connect(&oauth2, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, &QDesktopServices::openUrl); } void LoginWrapper::grant() { oauth2.grant(); connect(&oauth2, &QOAuth2AuthorizationCodeFlow::statusChanged, [=]( QAbstractOAuth::Status status) { if (status == QAbstractOAuth::Status::Granted) { qDebug() << "Granted"; } else { qDebug() << "Not granted"; } }); }
This one call url, auth and after access it redirect to https://127.0.0.1:17801/?code=some_code
With error on firefox PR_END_OF_FILE_ERROR. There is no proxy, vpn or any block from firewall.
If i custom change url to http://... in browser and press enter, it granded token. -
Which service are you trying to access for authentication ?
-
In order to reproduce your issue, you should at least provide the complete class, here it's impossible to build it without adding the missing bits and pieces.
As for your error, do you really have https setup properly on your host machine ?
-
@SGaist said in Oauth2 ssl support:
As for your error, do you really have https setup properly on your host machine ?
Did you check this ?
-
Well, you should know if you have setup an ssl enabled server on your local machine.
-
@SGaist QOAuthHttpServerReplyHandler ala replyHandler .... as far as I know isn't ssl aware. I think it needs some qsslsocket magic somewhere for services that are enforcing https callbacks... :'(
currently stuck with this problem.
-
@CHIO-CHIO said in Oauth2 ssl support:
I do. LibreSSL 2.8.3
Qt is built against OpenSSL 1.1, which is incompatible with OpenSSL 1.0.
LibreSSL is forked from OpenSSL 1.0 and made many changes after that.
You cannot use LibreSSL with Qt. You need OpenSSL 1.1
How to check that?
Before you try complex OAuth handshaking, make sure that you can do a simple GET operation on a HTTPS website (using
QNetworkAccessManager::get()
-
@JKSH hello JKSH
even with openssl 1.1 it still fails if the web service the you're trying to access is wrongly enforcing https on the redirect_uri - localhost loopback (against what section 8.3 in the rfc8252 says)
glanced at the QOAuthHttpServerReplyHandler code and I can't see any QSslSocket foo :(
I get the same errors as OP, and firefox kicks back with PR_END_OF_FILE_ERROR.
If you manually replace https for http in the callback url after authorizeWithBrowser everything works as expected (TemporaryCredentials get exchanged for a Token and status becomes granted)
The actual credentials/token exchanges are all over https... just not the callback with the code argument.
To repeat the issue, you need to try and connect to a web service that is enforcing https on oauth2 callback (redirect_uri), add a QOAuthHttpServerReplyHandler listening on that port, and modify the redirect_uri parameter to match the https uri setup in the web service.
-
Seems like you do know of such a service.
Can you provide a minimal example with setup instructions so that it can be reproduce ?
-