QOAuth2AuthorizationCodeFlow and problem with redirect_uri

shav · wrote on 11 May 2018, 08:41

Hello everyone!

In my application with Qt I'm trying integrate API with OAuth 2 technology. In my situation redirect_uri looks like "urn:ietf:wg:oauth:2.0:oob". The code which I'm using looks like:

        auto replyHandler = new ShikimoriOAuthServerReplyHandler(this);
        connect(replyHandler, &ShikimoriOAuthServerReplyHandler::tokensReceived, [](const QVariantMap &tokens) {
            qDebug()<<"tokens:"<<tokens;
        });
        connect(replyHandler, &ShikimoriOAuthServerReplyHandler::callbackReceived, [](const QVariantMap &values) {
            qDebug()<<"values:"<<values;
        });
        connect(replyHandler, &ShikimoriOAuthServerReplyHandler::replyDataReceived, [](const QByteArray &data) {
            qDebug()<<"data:"<<data;
        });
        connect(replyHandler, &ShikimoriOAuthServerReplyHandler::callbackDataReceived, [](const QByteArray &data) {
            qDebug()<<"data:"<<data;
        });
        m_oauth2 = new QOAuth2AuthorizationCodeFlow(this);
        m_oauth2->setReplyHandler(replyHandler);
        m_oauth2->setContentType(QAbstractOAuth2::ContentType::Json);
        m_oauth2->setClientIdentifier(m_ClientID);
        m_oauth2->setClientIdentifierSharedKey(m_ClientSecret);
        m_oauth2->setUserAgent(ShikimoriHelpers::userAgentForShikimoriRequests());
        m_oauth2->setAuthorizationUrl(QUrl("https://shikimori.org/oauth/authorize"));
        m_oauth2->setAccessTokenUrl(QUrl("https://shikimori.org/oauth/token"));
        connect(m_oauth2, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, &QDesktopServices::openUrl);
        connect(m_oauth2, &QOAuth2AuthorizationCodeFlow::statusChanged, [](QAbstractOAuth::Status status) {
            switch (status) {
                case QAbstractOAuth::Status::Granted: {
                    qDebug()<<"status: Granted";
                    break;
                }
                case QAbstractOAuth::Status::NotAuthenticated: {
                    qDebug()<<"status: NotAuthenticated";
                    break;
                }
                case QAbstractOAuth::Status::TemporaryCredentialsReceived: {
                    qDebug()<<"status: TemporaryCredentialsReceived";
                    break;
                }
                case QAbstractOAuth::Status::RefreshingToken: {
                    qDebug()<<"status: RefreshingToken";
                    break;
                }
            }
        });
        connect(m_oauth2, &QOAuth2AuthorizationCodeFlow::replyDataReceived, [](QByteArray data){
            qDebug()<<"data:"<<data;
        });
        m_oauth2->grant();

When I start this code I see the web browser with code but my application doesn't receive any signals and callback from browser and I can't get token for authorize on the backend.
My question is what I'm doing wrong and where I can find good example which using redirect_uri as urn:ietf:wg:oauth:2.0:oob?

Yuriy_KHA · wrote on 15 Aug 2018, 06:56

Hello Andrew!

Could you please answer me, have you succeed in solving this task, because I have got the same problem now and can`t find any solution. If an answer is "yes", would you be so kind to share information about the way you have done this?

shav · wrote on 17 Aug 2018, 07:27

Hello Yuriy_KHA!

Sorry for the later answer but I didn't find any solutions for this. I using web view with catching redirect of request. Something like this I'm using on iOS when I don't have special SDK and need to use OAuth2 authorization.

Laszlo LG · 19 Nov 2018, 10:56

I'm using oauth2 with Microsoft Graph API and I could perform some basic queries using the web server created by QOAuthHttpServerReplyHandler on http / localhost.

When I registered my app on https://apps.dev.microsoft.com I had the option to specify platform: native application (with similar URI as you specified and this URL https://login.microsoftonline.com/common/oauth2/nativeclient) or web application (where I could specify http://localhost:myport as it is configured in the call of QOAuthHttpServerReplyHandler ).

I don't see how the ShikimoriOAuthServerReplyHandler defines the redirect url but I guess it is the same as you specified "urn:ietf:wg:oauth:2.0:oob". Maybe I misunderstood something but I think with the nativeclient link the user gets redirected to a page where user should copy some tokens from the page and paste to your app. By using the web application your app can directly communicate with the oauth2 server.

I followed the steps of the following guide to see the details of the communication with wireshark:

https://www.peter.hartmann.tk/single-post/2013/04/08/How-to-decrypt-SSL-traffic-of-Qt-programs-in-Wireshark

Have you resolved this meanwhile and what was your solution?

shav · wrote on 19 Nov 2018, 10:56

Hello @Laszlo-LG,

The answer to you question about my solutions of this problem will be and YES and NO. I can tell YES because My application is working for now with OAuth2 authorisation. My solution is a using URL scheme for application. This schemes are using when you need to open your application from the other application or from the email. I'm setting as a redirect url my url scheme. When my application received redirect url My application gets correct token. Also I can tell NO because the url scheme is not a best solution. I think can be done more universal solution for this.

ihaveajob · wrote on 19 Dec 2020, 02:00

In our efforts trying to authenticate our Qt app with Google SSO, we had to use http://127.0.0.1:1234/ as our redirect URI, ignoring the documented advice. If we pick the first URL that Google provides, our app never hears back from the login flow.