PySide6.QtNetworkAuth.QAbstractOAuth2¶
- class QAbstractOAuth2¶
The
QAbstractOAuth2
class is the base of all implementations of OAuth 2 authentication methods. More…Inherited by:
QOAuth2DeviceAuthorizationFlow
,QOAuth2AuthorizationCodeFlow
Synopsis¶
Properties¶
autoRefreshᅟ
- This property enables or disables automatic refresh of the access tokengrantedScopeTokensᅟ
- This property holds the scope granted by the authorization servernonceModeᅟ
- This property holds the current nonce mode (whether or not nonce is used)requestedScopeTokensᅟ
- This property holds the desired scope which defines the permissions requested by the clientscopeᅟ
- This property holds the desired scope which defines the permissions requested by the client
Methods¶
def
__init__()
def
autoRefresh()
def
expirationAt()
def
idToken()
def
nonce()
def
nonceMode()
def
refreshToken()
def
responseType()
def
scope()
def
setAutoRefresh()
def
setNonce()
def
setNonceMode()
def
setScope()
def
setState()
def
setTokenUrl()
def
setUserAgent()
def
state()
def
tokenUrl()
def
userAgent()
Virtual methods¶
Slots¶
Signals¶
def
error()
def
idTokenChanged()
def
nonceChanged()
def
scopeChanged()
def
stateChanged()
Note
This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE
Detailed Description¶
The class defines the basic interface of the OAuth 2 authentication classes. By inheriting this class, you can create custom authentication methods using the OAuth 2 standard for different web services.
A description of how OAuth 2 works can be found in: The OAuth 2.0 Authorization Framework
- class NonceMode¶
List of available nonce modes.
Constant
Description
QAbstractOAuth2.NonceMode.Automatic
Nonce is sent if the
requested scope
containsopenid
. This is the default mode, and sendsnonce
only when it’s relevant to OIDC authentication flows.QAbstractOAuth2.NonceMode.Enabled
Nonce is sent during authorization stage.
QAbstractOAuth2.NonceMode.Disabled
Nonce is not sent during authorization stage.
See also
nonce
Qt OAuth2 OverviewAdded in version 6.9.
Note
Properties can be used directly when
from __feature__ import true_property
is used or via accessor functions otherwise.- property autoRefreshᅟ: bool¶
This property holds This property enables or disables automatic refresh of the access token..
This property enables or disables the automatic refresh of the access token. This is useful for applications that require uninterrupted authorization without user intervention.
If this property is
true
,refreshTokens()
will be automatically called when the token is about to expire and a validrefreshToken
exists.See also
refreshLeadTime
accessTokenAboutToExpire()
- Access functions:
This property holds the client shared key used as a password if the server requires authentication to request the token.
- Access functions:
This property holds the expiration time of the current access token. An invalid value means that the authorization server hasn’t provided a valid expiration time.
See also
- Access functions:
- property grantedScopeTokensᅟ: QSetQByteArray¶
This property holds This property holds the scope granted by the authorization server..
The requested and granted scope may differ. End-user may have opted to grant only a subset of the scope, or server-side policies may change it. The application should be prepared to handle this scenario, and check the granted scope to see if it should impact the application logic.
The server may omit indicating the granted scope altogether, as defined by RFC 6749 . In this case the implementation assumes the granted scope is the same as the requested scope.
See also
- Access functions:
- property idTokenᅟ: str¶
This property holds the received OpenID Connect ID token .
- Access functions:
Signal
idTokenChanged()
- property nonceᅟ: str¶
This property holds the string sent to the server during authentication. The nonce is used to associate applicable token responses (OpenID Connect
id_token
in particular) with the authorization stage.The primary purpose of the
nonce
is to mitigate replay attacks. It ensures that the token responses received are in response to the authentication requests initiated by the application, preventing attackers from reusing tokens in unauthorized contexts. Therefore, it’s important to include nonce verification as part of the token validation.In practice, authorization server vendors may refuse the OpenID Connect request if a nonce isn’t provided in the Authorization request .
The token itself is an opaque string, and should contain only URL-safe characters for maximum compatibility. Further the token must provide adequate entropy so that it’s unguessable to attackers . There are no strict size limits for nonce, and authorization server vendors may impose their own minimum and maximum sizes.
While the
nonce
can be set manually, Qt classes will generate a 32-character noncewhen needed
if one isn’t set.See also
nonceMode
Qt OpenID Connect Support- Access functions:
Signal
nonceChanged()
- property nonceModeᅟ: QAbstractOAuth2.NonceMode¶
This property holds This property holds the current nonce mode (whether or not nonce is used)..
- Access functions:
- property refreshTokenᅟ: str¶
- Access functions:
- property requestedScopeTokensᅟ: QSetQByteArray¶
This property holds This property holds the desired scope which defines the permissions requested by the client..
See also
- Access functions:
- property scopeᅟ: str¶
Use
requestedScopeTokens
andgrantedScopeTokens
properties instead. This property will be removed in Qt 7.This property holds This property holds the desired scope which defines the permissions requested by the client..
The scope value is updated to the scope value granted by the authorization server. In case of an empty scope response, the requested scope is assumed as granted and does not change .
The fact that this property serves two different roles, first as the requested scope and later as the granted scope, is an historical artefact. All new code is recommended to use
requestedScopeTokens
andgrantedScopeTokens
.See also
- Access functions:
Signal
scopeChanged()
- property stateᅟ: str¶
This property holds the string sent to the server during authentication. The state is used to identify and validate the request when the callback is received.
Certain characters are illegal in the state element (see RFC 6749 ). The use of illegal characters could lead to an unintended state mismatch and a failing OAuth 2 authorization. Therefore, if you attempt to set a value that contains illegal characters, the state is ignored and a warning is logged.
- Access functions:
Signal
stateChanged()
This property holds the token endpoint URL which is used to obtain tokens. Depending on the use case and authorization server support, these tokens can be access tokens, refresh tokens, and ID tokens.
Tokens are typically retrieved once the authorization stage is completed, and the token endpoint can also be used to refresh tokens as needed.
For example,
QOAuth2AuthorizationCodeFlow
uses this url to issue an access token request , andQOAuth2DeviceAuthorizationFlow
uses this url to poll for an access token .- Access functions:
- property userAgentᅟ: str¶
This property holds the User-Agent header used to create the network requests.
The default value is “QtOAuth/1.0 (+https://www.qt.io)”.
- Access functions:
Constructs a
QAbstractOAuth2
object usingparent
as parent.- __init__(manager[, parent=None])
- Parameters:
manager –
QNetworkAccessManager
parent –
QObject
Constructs a
QAbstractOAuth2
object usingparent
as parent and setsmanager
as the network access manager.- accessTokenAboutToExpire()¶
The signal is emitted when the access token is about to expire.
Emitting this signal requires that the access token has a valid expiration time. An alternative for handling this signal manually is to use
autoRefresh
.See also
refreshLeadTime
autoRefresh
refreshTokens()
- authorizationCallbackReceived(data)¶
- Parameters:
data – Dictionary with keys of type .QString and values of type QVariant.
Signal emitted when the reply server receives the authorization callback from the server:
data
contains the values received from the server.- autoRefresh()¶
- Return type:
bool
See also
Getter of property
autoRefreshᅟ
.- autoRefreshChanged(enable)¶
- Parameters:
enable – bool
Notification signal of property
autoRefreshᅟ
.- clearNetworkRequestModifier()¶
Clears the network request modifier.
See also
setNetworkRequestModifier()
- clientIdentifierSharedKey()¶
- Return type:
str
See also
Getter of property
clientIdentifierSharedKeyᅟ
.- Parameters:
clientIdentifierSharedKey – str
Notification signal of property
clientIdentifierSharedKeyᅟ
.- createAuthenticatedUrl(url[, parameters=QVariantMap()])¶
The returned URL is based on
url
, combining it with the givenparameters
and the access token.- error(error, errorDescription, uri)¶
- Parameters:
error – str
errorDescription – str
uri –
QUrl
Note
This function is deprecated.
Use
serverReportedErrorOccurred
insteadSignal emitted when the server responds to the authorization request with an error as defined in RFC 6749 error response .
error
is the name of the error;errorDescription
describes the error anduri
is an optional URI containing more information about the error.Getter of property
expirationᅟ
.Notification signal of property
expirationᅟ
.- grantedScopeTokens()¶
- Return type:
.QSetQByteArray
Getter of property
grantedScopeTokensᅟ
.- grantedScopeTokensChanged(tokens)¶
- Parameters:
tokens – .QSetQByteArray
Notification signal of property
grantedScopeTokensᅟ
.- idToken()¶
- Return type:
str
Getter of property
idTokenᅟ
.- idTokenChanged(idToken)¶
- Parameters:
idToken – str
Notification signal of property
idTokenᅟ
.- nonce()¶
- Return type:
str
See also
Getter of property
nonceᅟ
.- nonceChanged(nonce)¶
- Parameters:
nonce – str
Notification signal of property
nonceᅟ
.- nonceMode()¶
- Return type:
See also
Getter of property
nonceModeᅟ
.Notification signal of property
nonceModeᅟ
.- post(url, multiPart)¶
- Parameters:
url –
QUrl
multiPart –
QHttpMultiPart
- Return type:
Note
This function is deprecated.
Please use QtNetwork classes directly instead, see HTTP method alternatives .
This is an overloaded function.
Sends an authenticated POST request and returns a new QNetworkReply. The
url
andmultiPart
are used to create the request.{Hypertext Transfer Protocol – HTTP/1.1: POST}
- post(url, data)
- Parameters:
url –
QUrl
data –
QByteArray
- Return type:
Note
This function is deprecated.
Please use QtNetwork classes directly instead, see HTTP method alternatives .
This is an overloaded function.
Sends an authenticated POST request and returns a new QNetworkReply. The
url
anddata
are used to create the request.{Hypertext Transfer Protocol – HTTP/1.1: POST}
- put(url, multiPart)¶
- Parameters:
url –
QUrl
multiPart –
QHttpMultiPart
- Return type:
Note
This function is deprecated.
Please use QtNetwork classes directly instead, see HTTP method alternatives .
This is an overloaded function.
Sends an authenticated PUT request and returns a new QNetworkReply. The
url
andmultiPart
are used to create the request.{Hypertext Transfer Protocol – HTTP/1.1: PUT}
- put(url, data)
- Parameters:
url –
QUrl
data –
QByteArray
- Return type:
Note
This function is deprecated.
Please use QtNetwork classes directly instead, see HTTP method alternatives .
This is an overloaded function.
Sends an authenticated PUT request and returns a new QNetworkReply. The
url
anddata
are used to create the request.{Hypertext Transfer Protocol – HTTP/1.1: PUT}
- refreshToken()¶
- Return type:
str
Gets the current refresh token.
Refresh tokens usually have longer lifespans than access tokens, so it makes sense to save them for later use.
Returns the current refresh token or an empty string, if there is no refresh token available.
See also
Getter of property
refreshTokenᅟ
.- refreshTokenChanged(refreshToken)¶
- Parameters:
refreshToken – str
Notification signal of property
refreshTokenᅟ
.- refreshTokens()¶
Call this function to refresh the tokens. The function calls
refreshTokensImplementation()
to perform the actual refresh.See also
- refreshTokensImplementation()¶
Warning
This section contains snippets that were automatically translated from C++ to Python and may contain errors.
This slot is called by
refreshTokens()
to send the token refresh request.The derived classes should reimplement this slot to support token refreshing:
class MyClass(QAbstractOAuth2): ... protected Q_SLOTS: def refreshTokensImplementation(QT7_ONLY(override): def refreshTokensImplementation(self): qDebug("refresh")
See also
- requestedScopeTokens()¶
- Return type:
.QSetQByteArray
See also
Getter of property
requestedScopeTokensᅟ
.- requestedScopeTokensChanged(tokens)¶
- Parameters:
tokens – .QSetQByteArray
Notification signal of property
requestedScopeTokensᅟ
.- responseType()¶
- Return type:
str
Returns the response_type used.
- responseTypeChanged(responseType)¶
- Parameters:
responseType – str
- scope()¶
- Return type:
str
Note
This function is deprecated.
See also
Getter of property
scopeᅟ
.- scopeChanged(scope)¶
- Parameters:
scope – str
Note
This function is deprecated.
Notification signal of property
scopeᅟ
.- serverReportedErrorOccurred(error, errorDescription, uri)¶
- Parameters:
error – str
errorDescription – str
uri –
QUrl
Signal emitted when the server responds to the authorization request with an error as defined in RFC 6749 error response .
error
is the name of the error;errorDescription
describes the error anduri
is an optional URI containing more information about the error.To catch all errors, including these RFC defined errors, with a single signal, use
requestFailed()
.- setAutoRefresh(enable)¶
- Parameters:
enable – bool
See also
Setter of property
autoRefreshᅟ
.- Parameters:
clientIdentifierSharedKey – str
See also
Setter of property
clientIdentifierSharedKeyᅟ
.Setter of property
nonceᅟ
.Setter of property
nonceModeᅟ
.- setRefreshToken(refreshToken)¶
- Parameters:
refreshToken – str
Sets the new refresh token
refreshToken
to be used.A custom refresh token can be used to refresh the access token via this method and then the access token can be refreshed via
refreshTokens()
.See also
Setter of property
refreshTokenᅟ
.- setRequestedScopeTokens(tokens)¶
- Parameters:
tokens – .QSetQByteArray
See also
Setter of property
requestedScopeTokensᅟ
.- setResponseType(responseType)¶
- Parameters:
responseType – str
Setter of property
scopeᅟ
.- setSslConfiguration(configuration)¶
- Parameters:
configuration –
QSslConfiguration
Sets the TLS
configuration
to be used when establishing a mutual TLS connection between the client and the Authorization Server.Setter of property
stateᅟ
.Setter of property
tokenUrlᅟ
.- setUserAgent(userAgent)¶
- Parameters:
userAgent – str
See also
Setter of property
userAgentᅟ
.- sslConfiguration()¶
- Return type:
Returns the TLS configuration to be used when establishing a mutual TLS connection between the client and the Authorization Server.
- sslConfigurationChanged(configuration)¶
- Parameters:
configuration –
QSslConfiguration
The signal is emitted when the TLS configuration has changed. The
configuration
parameter contains the new TLS configuration.See also
- state()¶
- Return type:
str
See also
Getter of property
stateᅟ
.- stateChanged(state)¶
- Parameters:
state – str
Notification signal of property
stateᅟ
.- tokenUrl()¶
- Return type:
See also
Getter of property
tokenUrlᅟ
.Notification signal of property
tokenUrlᅟ
.- userAgent()¶
- Return type:
str
See also
Getter of property
userAgentᅟ
.- userAgentChanged(userAgent)¶
- Parameters:
userAgent – str
Notification signal of property
userAgentᅟ
.