QOAuth2AuthorizationCodeFlow for cross platform oauth2
-
wrote on 10 Jul 2023, 18:30 last edited by
Using QOAuth2AuthorizationCodeFlow for oauth2 sign in, this code works on macOS...
void WebServices::authenticate() { QOAuthHttpServerReplyHandler *replyHandler = new QOAuthHttpServerReplyHandler(OAUTH_REDIRECT_PORT, mOauthFlow); DEBUG_PRINT("replyHandler...\n\tCB[%s]\n\tCBP[%s]\n\tCBT[%s]\n", replyHandler->callback().toUtf8().constData(), replyHandler->callbackPath().toUtf8().constData(), replyHandler->callbackText().toUtf8().constData()); mOauthFlow = new QOAuth2AuthorizationCodeFlow(this); mOauthFlow->setScope(OAUTH_SCOPE); mOauthFlow->setAuthorizationUrl(QUrl(OAUTH_AUTHORIZE_URL)); mOauthFlow->setAccessTokenUrl(QUrl(OAUTH_TOKEN_URL)); mOauthFlow->setClientIdentifier(OAUTH_CLIENT_ID); mOauthFlow->setClientIdentifierSharedKey(OAUTH_PUBLIC_KEY); mOauthFlow->setReplyHandler(replyHandler); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, [=](QUrl url) { DEBUG_PRINT("Oauth authorize with browser: \n\t%s\n", url.toString().toUtf8().constData()); QDesktopServices::openUrl(url); }); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::error, [=](const QString &error, const QString &errorDescription, const QUrl &uri) { PRINT_ERROR("Oauth failed: %s (%s)\n", errorDescription.toUtf8().constData(), error.toUtf8().constData()); }); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::granted, [=]() { PRINT("Oauth access granted, token(%d) refresh(%d)\n", mOauthFlow->token().length(), mOauthFlow->refreshToken().length()); emit returnFromWebBrowser(); }); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::stateChanged, [=](const QString &state) { DEBUG_PRINT("Oauth state: %s\n", state.toUtf8().constData()); }); // start the auth flow mOauthFlow->grant(); }On both platforms, authentication happens in an external web browser (see 'authorizeWithBrowser' above) but the iOS client goes to sleep in the background. Only when I manually bring app to foreground does it receive tokens. Even if this worked, I'm not sure this external browser method is allowed on iOS. I think 'ASWebAuthenticationSession' should be used instead, at least this seems to be the preferred way.
So I guess my question is, does 'QOAuth2AuthorizationCodeFlow' support 'ASWebAuthenticationSession' and how do I use it? Or am I missing some other way this should be done to support iOS?
-
Using QOAuth2AuthorizationCodeFlow for oauth2 sign in, this code works on macOS...
void WebServices::authenticate() { QOAuthHttpServerReplyHandler *replyHandler = new QOAuthHttpServerReplyHandler(OAUTH_REDIRECT_PORT, mOauthFlow); DEBUG_PRINT("replyHandler...\n\tCB[%s]\n\tCBP[%s]\n\tCBT[%s]\n", replyHandler->callback().toUtf8().constData(), replyHandler->callbackPath().toUtf8().constData(), replyHandler->callbackText().toUtf8().constData()); mOauthFlow = new QOAuth2AuthorizationCodeFlow(this); mOauthFlow->setScope(OAUTH_SCOPE); mOauthFlow->setAuthorizationUrl(QUrl(OAUTH_AUTHORIZE_URL)); mOauthFlow->setAccessTokenUrl(QUrl(OAUTH_TOKEN_URL)); mOauthFlow->setClientIdentifier(OAUTH_CLIENT_ID); mOauthFlow->setClientIdentifierSharedKey(OAUTH_PUBLIC_KEY); mOauthFlow->setReplyHandler(replyHandler); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, [=](QUrl url) { DEBUG_PRINT("Oauth authorize with browser: \n\t%s\n", url.toString().toUtf8().constData()); QDesktopServices::openUrl(url); }); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::error, [=](const QString &error, const QString &errorDescription, const QUrl &uri) { PRINT_ERROR("Oauth failed: %s (%s)\n", errorDescription.toUtf8().constData(), error.toUtf8().constData()); }); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::granted, [=]() { PRINT("Oauth access granted, token(%d) refresh(%d)\n", mOauthFlow->token().length(), mOauthFlow->refreshToken().length()); emit returnFromWebBrowser(); }); connect(mOauthFlow, &QOAuth2AuthorizationCodeFlow::stateChanged, [=](const QString &state) { DEBUG_PRINT("Oauth state: %s\n", state.toUtf8().constData()); }); // start the auth flow mOauthFlow->grant(); }On both platforms, authentication happens in an external web browser (see 'authorizeWithBrowser' above) but the iOS client goes to sleep in the background. Only when I manually bring app to foreground does it receive tokens. Even if this worked, I'm not sure this external browser method is allowed on iOS. I think 'ASWebAuthenticationSession' should be used instead, at least this seems to be the preferred way.
So I guess my question is, does 'QOAuth2AuthorizationCodeFlow' support 'ASWebAuthenticationSession' and how do I use it? Or am I missing some other way this should be done to support iOS?
Hi,
Just an educated guess but I think you are likely correct. This would require a new subclass that implements that.
You can check the bug report system to see if there's something related to this.
-
Hi,
Just an educated guess but I think you are likely correct. This would require a new subclass that implements that.
You can check the bug report system to see if there's something related to this.
wrote on 10 Jul 2023, 19:02 last edited by@SGaist There are no QOAuth2AuthorizationCodeFlow issues for iOS in the bug tracker.
Are you telling me that QOAuth2AuthorizationCodeFlow is implemented in a way that doesn't work for iOS? I mean, shouldn't there be some baseline implementation that handles basic use cases for each platform?
-
@SGaist There are no QOAuth2AuthorizationCodeFlow issues for iOS in the bug tracker.
Are you telling me that QOAuth2AuthorizationCodeFlow is implemented in a way that doesn't work for iOS? I mean, shouldn't there be some baseline implementation that handles basic use cases for each platform?
Sorry, I misunderstood your intentions.
If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.
-
Sorry, I misunderstood your intentions.
If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.
wrote on 10 Jul 2023, 23:54 last edited by@SGaist "best current practice requires that native apps MUST NOT use embedded user-agents to perform authorization requests" according to this docs:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.12I'm not finding any way to configure this differently aside from explicitly redirecting 'authorizeWithBrowser', but I don't know what I would redirect it to.
https://doc.qt.io/qt-5/qoauth2authorizationcodeflow.htmlAnd I'm not finding anything on the web about Qt and "ASWebAuthenticationSession".
-
Sorry, I misunderstood your intentions.
If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.
wrote on 11 Jul 2023, 00:03 last edited by@SGaist ASWebAuthenticationSession doc says "browser is a secure, embedded web view"
-
Sorry, I misunderstood your intentions.
If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.
wrote on 11 Jul 2023, 00:24 last edited by -
Sorry, I misunderstood your intentions.
If memory serves well iOS provides an option to trigger an in app browser to follow this flow so you stay within the app however, I don't know how to trigger it.
wrote on 4 Jan 2024, 17:31 last edited by Norman Dubert 1 Apr 2024, 17:32This post is deleted!