QOAuthHttpServerReplyHandler Class
Handles loopback redirects by setting up a local HTTP server. More...
Header: | #include <QOAuthHttpServerReplyHandler> |
CMake: | find_package(Qt6 REQUIRED COMPONENTS NetworkAuth) target_link_libraries(mytarget PRIVATE Qt6::NetworkAuth) |
qmake: | QT += networkauth |
Inherits: | QOAuthOobReplyHandler |
Public Functions
QOAuthHttpServerReplyHandler(QObject *parent = nullptr) | |
QOAuthHttpServerReplyHandler(quint16 port, QObject *parent = nullptr) | |
QOAuthHttpServerReplyHandler(const QHostAddress &address, quint16 port, QObject *parent = nullptr) | |
virtual | ~QOAuthHttpServerReplyHandler() |
QString | callbackPath() const |
QString | callbackText() const |
void | close() |
bool | isListening() const |
bool | listen(const QHostAddress &address = QHostAddress::Any, quint16 port = 0) |
bool | listen(const QSslConfiguration &configuration, const QHostAddress &address = QHostAddress::Any, quint16 port = 0) |
quint16 | port() const |
void | setCallbackPath(const QString &path) |
void | setCallbackText(const QString &text) |
Detailed Description
This class serves as a reply handler for OAuth 2.0 authorization processes that use loopback redirection.
The redirect URI is where the authorization server redirects the user-agent (typically, and preferably, the system browser) once the authorization part of the flow is complete. Loopback redirect URIs use http
as the scheme and either localhost or an IP address literal as the host (see IPv4 and IPv6).
QOAuthHttpServerReplyHandler sets up a localhost server. Once the authorization server redirects the browser to this localhost address, the reply handler parses the redirection URI query parameters, and then signals authorization completion with a signal.
To handle other redirect URI schemes, see QOAuthUriSchemeReplyHandler.
The following code illustrates the usage. First, the needed variables:
QOAuth2AuthorizationCodeFlow m_oauth; QOAuthHttpServerReplyHandler *m_handler = nullptr;
Followed up by the OAuth setup (error handling omitted for brevity):
m_oauth.setAuthorizationUrl(QUrl(authorizationUrl)); m_oauth.setAccessTokenUrl(QUrl(accessTokenUrl)); m_oauth.setClientIdentifier(clientIdentifier); m_oauth.setRequestedScope({scope}); m_handler = new QOAuthHttpServerReplyHandler(1234, this); connect(&m_oauth, &QAbstractOAuth::authorizeWithBrowser, this, &QDesktopServices::openUrl); connect(&m_oauth, &QAbstractOAuth::granted, this, [this]() { // Here we use QNetworkRequestFactory to store the access token m_api.setBearerToken(m_oauth.token().toLatin1()); m_handler->close(); });
Finally, we then set up the URI scheme reply-handler:
m_oauth.setReplyHandler(m_handler); // Initiate the authorization if (m_handler->isListening()) { m_oauth.grant(); }
IPv4 and IPv6
Currently if the handler is a loopback address, IPv4 any address, or IPv6 any address, the used callback is in the form of http://localhost:{port}/{path}. Otherwise, for specific IP addresses, the actual IP literal is used. For instance http://192.168.0.2:{port}/{path} in the case of IPv4.
HTTP and HTTPS Callbacks
Since Qt 6.9 it's possible to configure the handler to use https
URI scheme instead of http
. This is done by providing an appropriate QSslConfiguration when calling listen(). Internally the handler will then use QSslServer, and the callback (redirect URL) will be of the form https://localhost:{port}/{path}.
Following example illustrates this:
// Read certificate and private key auto certificates = QSslCertificate::fromPath(sslCertificateFile); QFile keyFile(sslPrivateKeyFile); if (!keyFile.open(QFile::ReadOnly)) { qWarning("Cannot open key file"); return; } QSslKey privateKey(&keyFile, QSsl::Rsa, QSsl::Pem); if (certificates.size() == 0 || privateKey.isNull()) { qWarning("SSL certificate data invalid"); return; } // Create SSL configuration QSslConfiguration configuration = QSslConfiguration::defaultConfiguration(); configuration.setLocalCertificate(certificates.at(0)); configuration.setPrivateKey(privateKey); // Instantiate handler with the SSL configuration m_handler = new QOAuthHttpServerReplyHandler(1234, this); m_handler->listen(configuration);
When possible, it is recommended to use other redirect URI options, see Choosing A Reply Handler and Qt OAuth2 Browser Support.
The primary use cases for a localhost https
handler should be limited to development-time, or tightly controlled and provisioned environments. For example, some Authorization Servers won't allow plain http
redirect URIs at all, in which case this can add to development convenience.
From security perspective, while using SSL/TLS does encrypt the localhost traffic, OAuth2 has also other security mechanisms in place such as PKCE. Under no circumstances you should distribute private certificate keys along with the application.
Note: Browsers will issue severe warnings if the certificate is not trusted. This is typical with self-signed certificates, whose use should be limited to development-time.
Member Function Documentation
[explicit]
QOAuthHttpServerReplyHandler::QOAuthHttpServerReplyHandler(QObject *parent = nullptr)
Constructs a QOAuthHttpServerReplyHandler object using parent as a parent object. Calls listen() with port 0
and address Null.
See also listen().
[explicit]
QOAuthHttpServerReplyHandler::QOAuthHttpServerReplyHandler(quint16 port, QObject *parent = nullptr)
Constructs a QOAuthHttpServerReplyHandler object using parent as a parent object. Calls listen() with port and address Null.
See also listen().
[explicit]
QOAuthHttpServerReplyHandler::QOAuthHttpServerReplyHandler(const QHostAddress &address, quint16 port, QObject *parent = nullptr)
Constructs a QOAuthHttpServerReplyHandler object using parent as a parent object. Calls listen() with address and port.
See also listen().
[virtual noexcept]
QOAuthHttpServerReplyHandler::~QOAuthHttpServerReplyHandler()
Destroys the QOAuthHttpServerReplyHandler object. Stops listening for connections / redirections.
See also close().
QString QOAuthHttpServerReplyHandler::callbackPath() const
Returns the path that is used as the path component of the callback() / OAuth2 redirect_uri parameter.
See also setCallbackPath().
QString QOAuthHttpServerReplyHandler::callbackText() const
Returns the text that is used in response to the redirection at the end of the authorization stage.
The text is wrapped in a simple HTML page, and displayed to the user by the browser / user-agent which did the redirection.
The default text is
Callback received. Feel free to close this page.
See also setCallbackText().
void QOAuthHttpServerReplyHandler::close()
Tells this handler to stop listening for connections / redirections.
See also listen().
bool QOAuthHttpServerReplyHandler::isListening() const
Returns true
if this handler is currently listening, and false
otherwise.
See also listen() and close().
bool QOAuthHttpServerReplyHandler::listen(const QHostAddress &address = QHostAddress::Any, quint16 port = 0)
Tells this handler to listen for incoming connections / redirections on address and port. Returns true
if listening is successful, and false
otherwise.
Active listening is only required when performing the initial authorization phase, typically initiated by a QOAuth2AuthorizationCodeFlow::grant() call.
It is recommended to close the listener after successful authorization. Listening is not needed for requesting access tokens or refreshing them.
If this function is called with Null as the address, the handler will attempt to listen to LocalHost, and if that fails, LocalHostIPv6.
See also IPv4 and IPv6.
See also close(), isListening(), and QTcpServer::listen().
bool QOAuthHttpServerReplyHandler::listen(const QSslConfiguration &configuration, const QHostAddress &address = QHostAddress::Any, quint16 port = 0)
Tells this handler to listen for incoming https
connections / redirections on address and port. Returns true
if listening is successful, and false
otherwise.
See HTTP and HTTPS Callbacks for further information.
See also listen(const QHostAddress &, quint16), close(), isListening(), QSslServer, and QTcpServer::listen().
quint16 QOAuthHttpServerReplyHandler::port() const
Returns the port on which this handler is listening, otherwise returns 0.
See also listen() and isListening().
void QOAuthHttpServerReplyHandler::setCallbackPath(const QString &path)
Sets path to be used as the path component of the callback().
See also callbackPath().
void QOAuthHttpServerReplyHandler::setCallbackText(const QString &text)
Sets text to be used in response to the redirection at the end of the authorization stage.
See also callbackText().
© 2024 The Qt Company Ltd. Documentation contributions included herein are the copyrights of their respective owners. The documentation provided herein is licensed under the terms of the GNU Free Documentation License version 1.3 as published by the Free Software Foundation. Qt and respective logos are trademarks of The Qt Company Ltd. in Finland and/or other countries worldwide. All other trademarks are property of their respective owners.