QOAuth2AuthorizationCodeFlow and problem with redirect_uri

  • Hello everyone!

    In my application with Qt I'm trying integrate API with OAuth 2 technology. In my situation redirect_uri looks like "urn:ietf:wg:oauth:2.0:oob". The code which I'm using looks like:

            auto replyHandler = new ShikimoriOAuthServerReplyHandler(this);
            connect(replyHandler, &ShikimoriOAuthServerReplyHandler::tokensReceived, [](const QVariantMap &tokens) {
            connect(replyHandler, &ShikimoriOAuthServerReplyHandler::callbackReceived, [](const QVariantMap &values) {
            connect(replyHandler, &ShikimoriOAuthServerReplyHandler::replyDataReceived, [](const QByteArray &data) {
            connect(replyHandler, &ShikimoriOAuthServerReplyHandler::callbackDataReceived, [](const QByteArray &data) {
            m_oauth2 = new QOAuth2AuthorizationCodeFlow(this);
            connect(m_oauth2, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, &QDesktopServices::openUrl);
            connect(m_oauth2, &QOAuth2AuthorizationCodeFlow::statusChanged, [](QAbstractOAuth::Status status) {
                switch (status) {
                    case QAbstractOAuth::Status::Granted: {
                        qDebug()<<"status: Granted";
                    case QAbstractOAuth::Status::NotAuthenticated: {
                        qDebug()<<"status: NotAuthenticated";
                    case QAbstractOAuth::Status::TemporaryCredentialsReceived: {
                        qDebug()<<"status: TemporaryCredentialsReceived";
                    case QAbstractOAuth::Status::RefreshingToken: {
                        qDebug()<<"status: RefreshingToken";
            connect(m_oauth2, &QOAuth2AuthorizationCodeFlow::replyDataReceived, [](QByteArray data){

    When I start this code I see the web browser with code but my application doesn't receive any signals and callback from browser and I can't get token for authorize on the backend.
    My question is what I'm doing wrong and where I can find good example which using redirect_uri as urn:ietf:wg:oauth:2.0:oob?

  • Hello Andrew!

    Could you please answer me, have you succeed in solving this task, because I have got the same problem now and can`t find any solution. If an answer is "yes", would you be so kind to share information about the way you have done this?

  • Hello Yuriy_KHA!

    Sorry for the later answer but I didn't find any solutions for this. I using web view with catching redirect of request. Something like this I'm using on iOS when I don't have special SDK and need to use OAuth2 authorization.

  • I'm using oauth2 with Microsoft Graph API and I could perform some basic queries using the web server created by QOAuthHttpServerReplyHandler on http / localhost.

    When I registered my app on https://apps.dev.microsoft.com I had the option to specify platform: native application (with similar URI as you specified and this URL https://login.microsoftonline.com/common/oauth2/nativeclient) or web application (where I could specify http://localhost:myport as it is configured in the call of QOAuthHttpServerReplyHandler ).

    I don't see how the ShikimoriOAuthServerReplyHandler defines the redirect url but I guess it is the same as you specified "urn:ietf:wg:oauth:2.0:oob". Maybe I misunderstood something but I think with the nativeclient link the user gets redirected to a page where user should copy some tokens from the page and paste to your app. By using the web application your app can directly communicate with the oauth2 server.

    I followed the steps of the following guide to see the details of the communication with wireshark:


    Have you resolved this meanwhile and what was your solution?

  • Hello @Laszlo-LG,

    The answer to you question about my solutions of this problem will be and YES and NO. I can tell YES because My application is working for now with OAuth2 authorisation. My solution is a using URL scheme for application. This schemes are using when you need to open your application from the other application or from the email. I'm setting as a redirect url my url scheme. When my application received redirect url My application gets correct token. Also I can tell NO because the url scheme is not a best solution. I think can be done more universal solution for this.

  • In our efforts trying to authenticate our Qt app with Google SSO, we had to use as our redirect URI, ignoring the documented advice. If we pick the first URL that Google provides, our app never hears back from the login flow.