Using QWebSocket for authentication using HTTPS protocol with web sockets
-
Hi
I have a server that supports several authentication types:
- cookies
-basic
-digest
While using QWebSocker class without authentication is working I don't see how I can connect to my server when using authentication credentials. I have understood that for basic authentication one uses the Authentication header, but I don't see any method in QWebSocket that allows this. Could someone tell me how can I use QWebSocket with authentication credentials ?
thanks
Bogdan - cookies
-
I'm in a similar situation. I came across this bug report:
https://bugreports.qt.io/browse/QTBUG-40842
which led me to this commit review:
https://codereview.qt-project.org/#/c/108125/
So, the support for this has been added to the dev branch, but I don't yet see it merged into any upcoming releases. I cloned the repo from git and cherrypicked the commit into the 5.5 branch and am building the entire thing now. Hope to test it tomorrow.
I'm also hoping this gets merged into the 5.5 RC. In the meantime, plan B (dirty hack) is to add the auth token to the request URI as a query string parameter (over SSL), then put a shim on the server side to copy it into the request header before the auth library gets ahold of it.
-
Hi and welcome to devnet,
It's been integrated to the dev branch so if it's not in for 5.5 it should be for 5.6
-
I'm in a similar situation. I came across this bug report:
https://bugreports.qt.io/browse/QTBUG-40842
which led me to this commit review:
https://codereview.qt-project.org/#/c/108125/
So, the support for this has been added to the dev branch, but I don't yet see it merged into any upcoming releases. I cloned the repo from git and cherrypicked the commit into the 5.5 branch and am building the entire thing now. Hope to test it tomorrow.
I'm also hoping this gets merged into the 5.5 RC. In the meantime, plan B (dirty hack) is to add the auth token to the request URI as a query string parameter (over SSL), then put a shim on the server side to copy it into the request header before the auth library gets ahold of it.
@whereness Hi
I have found the same bug report but probably it will take some time before QWebSocket will have methods for authentication. Your hack should work provided that changes are made server side. Another option might be to provide a local certificate and the associated key (not tested).regards
Bogdan -
I tested the cherrypicked commit I referenced above. It appears to not be a complete implementation. The QWebSocket::open(const QNetworkRequest &request) method indeed sets the private request member to what you pass in, and it does retrieve your host, url, etc. from it, however it does not retrieve any headers you set in the QNetworkRequest object you pass in when it builds the handshake request, so none of your added headers go out in the handshake request. Also, I ran across mention of this being "since 5.6". So, plan B...
-
I tested the cherrypicked commit I referenced above. It appears to not be a complete implementation. The QWebSocket::open(const QNetworkRequest &request) method indeed sets the private request member to what you pass in, and it does retrieve your host, url, etc. from it, however it does not retrieve any headers you set in the QNetworkRequest object you pass in when it builds the handshake request, so none of your added headers go out in the handshake request. Also, I ran across mention of this being "since 5.6". So, plan B...
@whereness for me the solution was to use websocketpp