Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Mobile and Embedded
  4. QOAuth2AuthorizationCodeFlow for cross platform oauth2
Forum Updated to NodeBB v4.3 + New Features

QOAuth2AuthorizationCodeFlow for cross platform oauth2

Scheduled Pinned Locked Moved Unsolved Mobile and Embedded
8 Posts 3 Posters 549 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    G Offline
    giantguppy
    wrote on last edited by
    #1

    Using QOAuth2AuthorizationCodeFlow for oauth2 sign in, this code works on macOS...

    void WebServices::authenticate()
    {
        QOAuthHttpServerReplyHandler *replyHandler = new QOAuthHttpServerReplyHandler(OAUTH_REDIRECT_PORT, mOauthFlow);
    
        DEBUG_PRINT("replyHandler...\n\tCB[%s]\n\tCBP[%s]\n\tCBT[%s]\n", replyHandler->callback().toUtf8().constData(), replyHandler->callbackPath().toUtf8().constData(), replyHandler->callbackText().toUtf8().constData());
    
        mOauthFlow = new QOAuth2AuthorizationCodeFlow(this);
        mOauthFlow->setScope(OAUTH_SCOPE);
        mOauthFlow->setAuthorizationUrl(QUrl(OAUTH_AUTHORIZE_URL));
        mOauthFlow->setAccessTokenUrl(QUrl(OAUTH_TOKEN_URL));
        mOauthFlow->setClientIdentifier(OAUTH_CLIENT_ID);
        mOauthFlow->setClientIdentifierSharedKey(OAUTH_PUBLIC_KEY);
        mOauthFlow->setReplyHandler(replyHandler);
    
        connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, [=](QUrl url)
        {
            DEBUG_PRINT("Oauth authorize with browser: \n\t%s\n", url.toString().toUtf8().constData());
            QDesktopServices::openUrl(url);
        });
        connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::error, [=](const QString &error, const QString &errorDescription, const QUrl &uri)
        {
            PRINT_ERROR("Oauth failed: %s (%s)\n", errorDescription.toUtf8().constData(), error.toUtf8().constData());
        });
        connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::granted, [=]()
        {
            PRINT("Oauth access granted, token(%d) refresh(%d)\n", mOauthFlow->token().length(), mOauthFlow->refreshToken().length());
            emit returnFromWebBrowser();
        });
        connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::stateChanged, [=](const QString &state)
        {
            DEBUG_PRINT("Oauth state: %s\n", state.toUtf8().constData());
        });
    
        // start the auth flow
        mOauthFlow->grant();
    }
    

    On both platforms, authentication happens in an external web browser (see 'authorizeWithBrowser' above) but the iOS client goes to sleep in the background. Only when I manually bring app to foreground does it receive tokens. Even if this worked, I'm not sure this external browser method is allowed on iOS. I think 'ASWebAuthenticationSession' should be used instead, at least this seems to be the preferred way.

    So I guess my question is, does 'QOAuth2AuthorizationCodeFlow' support 'ASWebAuthenticationSession' and how do I use it? Or am I missing some other way this should be done to support iOS?

    SGaistS 1 Reply Last reply
    0
    • G giantguppy

      Using QOAuth2AuthorizationCodeFlow for oauth2 sign in, this code works on macOS...

      void WebServices::authenticate()
      {
          QOAuthHttpServerReplyHandler *replyHandler = new QOAuthHttpServerReplyHandler(OAUTH_REDIRECT_PORT, mOauthFlow);
      
          DEBUG_PRINT("replyHandler...\n\tCB[%s]\n\tCBP[%s]\n\tCBT[%s]\n", replyHandler->callback().toUtf8().constData(), replyHandler->callbackPath().toUtf8().constData(), replyHandler->callbackText().toUtf8().constData());
      
          mOauthFlow = new QOAuth2AuthorizationCodeFlow(this);
          mOauthFlow->setScope(OAUTH_SCOPE);
          mOauthFlow->setAuthorizationUrl(QUrl(OAUTH_AUTHORIZE_URL));
          mOauthFlow->setAccessTokenUrl(QUrl(OAUTH_TOKEN_URL));
          mOauthFlow->setClientIdentifier(OAUTH_CLIENT_ID);
          mOauthFlow->setClientIdentifierSharedKey(OAUTH_PUBLIC_KEY);
          mOauthFlow->setReplyHandler(replyHandler);
      
          connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, [=](QUrl url)
          {
              DEBUG_PRINT("Oauth authorize with browser: \n\t%s\n", url.toString().toUtf8().constData());
              QDesktopServices::openUrl(url);
          });
          connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::error, [=](const QString &error, const QString &errorDescription, const QUrl &uri)
          {
              PRINT_ERROR("Oauth failed: %s (%s)\n", errorDescription.toUtf8().constData(), error.toUtf8().constData());
          });
          connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::granted, [=]()
          {
              PRINT("Oauth access granted, token(%d) refresh(%d)\n", mOauthFlow->token().length(), mOauthFlow->refreshToken().length());
              emit returnFromWebBrowser();
          });
          connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::stateChanged, [=](const QString &state)
          {
              DEBUG_PRINT("Oauth state: %s\n", state.toUtf8().constData());
          });
      
          // start the auth flow
          mOauthFlow->grant();
      }
      

      On both platforms, authentication happens in an external web browser (see 'authorizeWithBrowser' above) but the iOS client goes to sleep in the background. Only when I manually bring app to foreground does it receive tokens. Even if this worked, I'm not sure this external browser method is allowed on iOS. I think 'ASWebAuthenticationSession' should be used instead, at least this seems to be the preferred way.

      So I guess my question is, does 'QOAuth2AuthorizationCodeFlow' support 'ASWebAuthenticationSession' and how do I use it? Or am I missing some other way this should be done to support iOS?

      SGaistS Offline
      SGaistS Offline
      SGaist
      Lifetime Qt Champion
      wrote on last edited by
      #2

      Hi,

      Just an educated guess but I think you are likely correct. This would require a new subclass that implements that.

      You can check the bug report system to see if there's something related to this.

      Interested in AI ? www.idiap.ch
      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

      G 1 Reply Last reply
      0
      • SGaistS SGaist

        Hi,

        Just an educated guess but I think you are likely correct. This would require a new subclass that implements that.

        You can check the bug report system to see if there's something related to this.

        G Offline
        G Offline
        giantguppy
        wrote on last edited by
        #3

        @SGaist There are no QOAuth2AuthorizationCodeFlow issues for iOS in the bug tracker.

        Are you telling me that QOAuth2AuthorizationCodeFlow is implemented in a way that doesn't work for iOS? I mean, shouldn't there be some baseline implementation that handles basic use cases for each platform?

        SGaistS 1 Reply Last reply
        0
        • G giantguppy

          @SGaist There are no QOAuth2AuthorizationCodeFlow issues for iOS in the bug tracker.

          Are you telling me that QOAuth2AuthorizationCodeFlow is implemented in a way that doesn't work for iOS? I mean, shouldn't there be some baseline implementation that handles basic use cases for each platform?

          SGaistS Offline
          SGaistS Offline
          SGaist
          Lifetime Qt Champion
          wrote on last edited by
          #4

          Sorry, I misunderstood your intentions.

          If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.

          Interested in AI ? www.idiap.ch
          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

          G N 4 Replies Last reply
          0
          • SGaistS SGaist

            Sorry, I misunderstood your intentions.

            If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.

            G Offline
            G Offline
            giantguppy
            wrote on last edited by
            #5

            @SGaist "best current practice requires that native apps MUST NOT use embedded user-agents to perform authorization requests" according to this docs:
            https://datatracker.ietf.org/doc/html/rfc8252#section-8.12

            I'm not finding any way to configure this differently aside from explicitly redirecting 'authorizeWithBrowser', but I don't know what I would redirect it to.
            https://doc.qt.io/qt-5/qoauth2authorizationcodeflow.html

            And I'm not finding anything on the web about Qt and "ASWebAuthenticationSession".

            1 Reply Last reply
            0
            • SGaistS SGaist

              Sorry, I misunderstood your intentions.

              If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.

              G Offline
              G Offline
              giantguppy
              wrote on last edited by
              #6

              @SGaist ASWebAuthenticationSession doc says "browser is a secure, embedded web view"

              1 Reply Last reply
              0
              • SGaistS SGaist

                Sorry, I misunderstood your intentions.

                If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.

                G Offline
                G Offline
                giantguppy
                wrote on last edited by
                #7

                @SGaist I decide to post on SO: https://stackoverflow.com/questions/76658028/oauth2-with-qt-broken-on-ios-qoauth2authorizationcodeflow

                1 Reply Last reply
                0
                • SGaistS SGaist

                  Sorry, I misunderstood your intentions.

                  If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.

                  N Offline
                  N Offline
                  Norman Dubert
                  wrote on last edited by Norman Dubert
                  #8
                  This post is deleted!
                  1 Reply Last reply
                  1

                  • Login

                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Users
                  • Groups
                  • Search
                  • Get Qt Extensions
                  • Unsolved