Saving/Restoring OAuth2 tokens



  • Ok... so I've just about wrestled this into submission... I can authenticate and get myself a token properly. I've set it up so I save said token so I don't have to re-auth every time I start my app (assuming the token hasn't expired, which is checked). I've utilized the setToken() function from QOAuth2AuthorizationCodeFlow... but I see no means of setting the expiration time. I also can't refresh the token when I set it this way.... I'm not altogether positive it's actually usable when done like this. Has anyone figured out a means of saving/restoring the valid tokens for this purpose? Btw, I'm currently using Qt 5.9.0 beta...

    Also, is there a reasonably secure means of encrypting the token for storage at rest? Or the OAuth2 client data, for that matter (currently stored via a qrc-embedded json file)?

    Here's what I'm working with:

    myClass::myClass(const QString & instance, QNetworkAccessManager * nam, QObject * parent) : QOAuth2AuthorizationCodeFlow(nam, parent)
    {
    	QOAuthHttpServerReplyHandler * handler = new QOAuthHttpServerReplyHandler(8080, this);
    	QFile file(instance);
    	file.open(QIODevice::ReadOnly | QIODevice::Text);
    	Q_ASSERT(file.isOpen());
    	const QString contents = file.readAll();
    	QSettings s;
    	file.close();
    	connect(this, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, &QDesktopServices::openUrl);	// works for android & PC
    	connect(this, &QOAuth2AuthorizationCodeFlow::requestFailed, [](const QAbstractOAuth::Error error)
    	{
    		qFatal("OAuth request failed: %d", (int)error);
    	});
    	connect(this, &QAbstractOAuth::granted, [this]()
    	{
    		QSettings s;
    		qDebug("Authorization granted...");
    		s.beginGroup("OAuth2");
    		s.setValue("token", token());
    		s.setValue("expiration", expirationAt());
    		s.endGroup();
    		qDebug("Token:%s\nExpiration:%s", qPrintable(token()), qPrintable(expirationAt().toString()));
    	});
    
    	const QJsonDocument document = QJsonDocument::fromJson(contents.toUtf8());
    	const QJsonObject object = document.object();
    	const QJsonObject settingsObject(object["web"].toObject());
    
    	setClientIdentifier(settingsObject["client_id"].toString());
    	setAuthorizationUrl(settingsObject["auth_uri"].toString());
    	setAccessTokenUrl(settingsObject["token_uri"].toString());
    	setClientIdentifierSharedKey(settingsObject["client_secret"].toString());
    	setScope("https://www.googleapis.com/auth/cloud-platform");
    	setReplyHandler(handler);
    	s.beginGroup("OAuth2");
    	QDateTime expiration = s.value("expiration").toDateTime();
    	if(expiration > QDateTime::currentDateTime())
    	{
    		qDebug("Existing token still valid...");
    		setToken(s.value("token").toString());
    		// refreshAccessToken();	// fails due to a missing "refresh" token?
    		qDebug("Token expires: %s", qPrintable(expirationAt().toString()));	// is blank/unset
    	}
    	else
    	{
    		grant();
    	}
    	s.endGroup();
    }
    


  • Anyone??


  • Lifetime Qt Champion

    Hi,

    The module being pretty new, I'd recommend posting this question on the interest mailing list. You'll find there Qt's developers/maintainers. This forum is more user oriented.


Log in to reply