PySide6.QtNetworkAuth.QAbstractOAuth2

class QAbstractOAuth2

The QAbstractOAuth2 class is the base of all implementations of OAuth 2 authentication methods. More

Inheritance diagram of PySide6.QtNetworkAuth.QAbstractOAuth2

Inherited by: QOAuth2DeviceAuthorizationFlow, QOAuth2AuthorizationCodeFlow

Synopsis

Properties

Methods

Virtual methods

Slots

Signals

Note

This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE

Detailed Description

The class defines the basic interface of the OAuth 2 authentication classes. By inheriting this class, you can create custom authentication methods using the OAuth 2 standard for different web services.

A description of how OAuth 2 works can be found in: The OAuth 2.0 Authorization Framework

class NonceMode

List of available nonce modes.

Constant

Description

QAbstractOAuth2.NonceMode.Automatic

Nonce is sent if the requested scope contains openid. This is the default mode, and sends nonce only when it’s relevant to OIDC authentication flows.

QAbstractOAuth2.NonceMode.Enabled

Nonce is sent during authorization stage.

QAbstractOAuth2.NonceMode.Disabled

Nonce is not sent during authorization stage.

See also

nonce Qt OAuth2 Overview

Added in version 6.9.

Note

Properties can be used directly when from __feature__ import true_property is used or via accessor functions otherwise.

property autoRefreshᅟ: bool

This property holds This property enables or disables automatic refresh of the access token..

This property enables or disables the automatic refresh of the access token. This is useful for applications that require uninterrupted authorization without user intervention.

If this property is true, refreshTokens() will be automatically called when the token is about to expire and a valid refreshToken exists.

See also

refreshLeadTime accessTokenAboutToExpire()

Access functions:
property clientIdentifierSharedKeyᅟ: str

This property holds the client shared key used as a password if the server requires authentication to request the token.

Access functions:
property expirationᅟ: QDateTime

This property holds the expiration time of the current access token. An invalid value means that the authorization server hasn’t provided a valid expiration time.

See also

isValid()

Access functions:
property grantedScopeTokensᅟ: QSetQByteArray

This property holds This property holds the scope granted by the authorization server..

The requested and granted scope may differ. End-user may have opted to grant only a subset of the scope, or server-side policies may change it. The application should be prepared to handle this scenario, and check the granted scope to see if it should impact the application logic.

The server may omit indicating the granted scope altogether, as defined by RFC 6749 . In this case the implementation assumes the granted scope is the same as the requested scope.

Access functions:
property idTokenᅟ: str

This property holds the received OpenID Connect ID token .

See also

NonceMode nonce Qt OpenID Connect Support

Access functions:
property nonceᅟ: str

This property holds the string sent to the server during authentication. The nonce is used to associate applicable token responses (OpenID Connect id_token in particular) with the authorization stage.

The primary purpose of the nonce is to mitigate replay attacks. It ensures that the token responses received are in response to the authentication requests initiated by the application, preventing attackers from reusing tokens in unauthorized contexts. Therefore, it’s important to include nonce verification as part of the token validation.

In practice, authorization server vendors may refuse the OpenID Connect request if a nonce isn’t provided in the Authorization request .

The token itself is an opaque string, and should contain only URL-safe characters for maximum compatibility. Further the token must provide adequate entropy so that it’s unguessable to attackers . There are no strict size limits for nonce, and authorization server vendors may impose their own minimum and maximum sizes.

While the nonce can be set manually, Qt classes will generate a 32-character nonce when needed if one isn’t set.

See also

nonceMode Qt OpenID Connect Support

Access functions:
property nonceModeᅟ: QAbstractOAuth2.NonceMode

This property holds This property holds the current nonce mode (whether or not nonce is used)..

See also

NonceMode nonce

Access functions:
property refreshTokenᅟ: str
Access functions:
property requestedScopeTokensᅟ: QSetQByteArray

This property holds This property holds the desired scope which defines the permissions requested by the client..

Access functions:
property scopeᅟ: str

Use requestedScopeTokens and grantedScopeTokens properties instead. This property will be removed in Qt 7.

This property holds This property holds the desired scope which defines the permissions requested by the client..

The scope value is updated to the scope value granted by the authorization server. In case of an empty scope response, the requested scope is assumed as granted and does not change .

The fact that this property serves two different roles, first as the requested scope and later as the granted scope, is an historical artefact. All new code is recommended to use requestedScopeTokens and grantedScopeTokens .

Access functions:
property stateᅟ: str

This property holds the string sent to the server during authentication. The state is used to identify and validate the request when the callback is received.

Certain characters are illegal in the state element (see RFC 6749 ). The use of illegal characters could lead to an unintended state mismatch and a failing OAuth 2 authorization. Therefore, if you attempt to set a value that contains illegal characters, the state is ignored and a warning is logged.

Access functions:
property tokenUrlᅟ: QUrl

This property holds the token endpoint URL which is used to obtain tokens. Depending on the use case and authorization server support, these tokens can be access tokens, refresh tokens, and ID tokens.

Tokens are typically retrieved once the authorization stage is completed, and the token endpoint can also be used to refresh tokens as needed.

For example, QOAuth2AuthorizationCodeFlow uses this url to issue an access token request , and QOAuth2DeviceAuthorizationFlow uses this url to poll for an access token .

Access functions:
property userAgentᅟ: str

This property holds the User-Agent header used to create the network requests.

The default value is “QtOAuth/1.0 (+https://www.qt.io)”.

Access functions:
__init__([parent=None])
Parameters:

parentQObject

Constructs a QAbstractOAuth2 object using parent as parent.

__init__(manager[, parent=None])
Parameters:

Constructs a QAbstractOAuth2 object using parent as parent and sets manager as the network access manager.

accessTokenAboutToExpire()

The signal is emitted when the access token is about to expire.

Emitting this signal requires that the access token has a valid expiration time. An alternative for handling this signal manually is to use autoRefresh .

See also

refreshLeadTime autoRefresh refreshTokens()

authorizationCallbackReceived(data)
Parameters:

data – Dictionary with keys of type .QString and values of type QVariant.

Signal emitted when the reply server receives the authorization callback from the server: data contains the values received from the server.

autoRefresh()
Return type:

bool

See also

setAutoRefresh()

Getter of property autoRefreshᅟ .

autoRefreshChanged(enable)
Parameters:

enable – bool

Notification signal of property autoRefreshᅟ .

clearNetworkRequestModifier()

Clears the network request modifier.

See also

setNetworkRequestModifier()

clientIdentifierSharedKey()
Return type:

str

Getter of property clientIdentifierSharedKeyᅟ .

clientIdentifierSharedKeyChanged(clientIdentifierSharedKey)
Parameters:

clientIdentifierSharedKey – str

Notification signal of property clientIdentifierSharedKeyᅟ .

createAuthenticatedUrl(url[, parameters=QVariantMap()])
Parameters:
  • urlQUrl

  • parameters – Dictionary with keys of type .QString and values of type QVariant.

Return type:

QUrl

The returned URL is based on url, combining it with the given parameters and the access token.

error(error, errorDescription, uri)
Parameters:
  • error – str

  • errorDescription – str

  • uriQUrl

Note

This function is deprecated.

Use serverReportedErrorOccurred instead

Signal emitted when the server responds to the authorization request with an error as defined in RFC 6749 error response .

error is the name of the error; errorDescription describes the error and uri is an optional URI containing more information about the error.

expirationAt()
Return type:

QDateTime

Getter of property expirationᅟ .

expirationAtChanged(expiration)
Parameters:

expirationQDateTime

Notification signal of property expirationᅟ .

grantedScopeTokens()
Return type:

.QSetQByteArray

Getter of property grantedScopeTokensᅟ .

grantedScopeTokensChanged(tokens)
Parameters:

tokens – .QSetQByteArray

Notification signal of property grantedScopeTokensᅟ .

idToken()
Return type:

str

Getter of property idTokenᅟ .

idTokenChanged(idToken)
Parameters:

idToken – str

Notification signal of property idTokenᅟ .

nonce()
Return type:

str

See also

setNonce()

Getter of property nonceᅟ .

nonceChanged(nonce)
Parameters:

nonce – str

Notification signal of property nonceᅟ .

nonceMode()
Return type:

NonceMode

See also

setNonceMode()

Getter of property nonceModeᅟ .

nonceModeChanged(mode)
Parameters:

modeNonceMode

Notification signal of property nonceModeᅟ .

post(url, multiPart)
Parameters:
Return type:

QNetworkReply

Note

This function is deprecated.

Please use QtNetwork classes directly instead, see HTTP method alternatives .

This is an overloaded function.

Sends an authenticated POST request and returns a new QNetworkReply. The url and multiPart are used to create the request.

{Hypertext Transfer Protocol – HTTP/1.1: POST}

post(url, data)
Parameters:
Return type:

QNetworkReply

Note

This function is deprecated.

Please use QtNetwork classes directly instead, see HTTP method alternatives .

This is an overloaded function.

Sends an authenticated POST request and returns a new QNetworkReply. The url and data are used to create the request.

{Hypertext Transfer Protocol – HTTP/1.1: POST}

put(url, multiPart)
Parameters:
Return type:

QNetworkReply

Note

This function is deprecated.

Please use QtNetwork classes directly instead, see HTTP method alternatives .

This is an overloaded function.

Sends an authenticated PUT request and returns a new QNetworkReply. The url and multiPart are used to create the request.

{Hypertext Transfer Protocol – HTTP/1.1: PUT}

put(url, data)
Parameters:
Return type:

QNetworkReply

Note

This function is deprecated.

Please use QtNetwork classes directly instead, see HTTP method alternatives .

This is an overloaded function.

Sends an authenticated PUT request and returns a new QNetworkReply. The url and data are used to create the request.

{Hypertext Transfer Protocol – HTTP/1.1: PUT}

refreshToken()
Return type:

str

Gets the current refresh token.

Refresh tokens usually have longer lifespans than access tokens, so it makes sense to save them for later use.

Returns the current refresh token or an empty string, if there is no refresh token available.

Getter of property refreshTokenᅟ .

refreshTokenChanged(refreshToken)
Parameters:

refreshToken – str

Notification signal of property refreshTokenᅟ .

refreshTokens()

Call this function to refresh the tokens. The function calls refreshTokensImplementation() to perform the actual refresh.

refreshTokensImplementation()

Warning

This section contains snippets that were automatically translated from C++ to Python and may contain errors.

This slot is called by refreshTokens() to send the token refresh request.

The derived classes should reimplement this slot to support token refreshing:

class MyClass(QAbstractOAuth2):            ...

protected Q_SLOTS:
    def refreshTokensImplementation(QT7_ONLY(override):

def refreshTokensImplementation(self):

    qDebug("refresh")
requestedScopeTokens()
Return type:

.QSetQByteArray

Getter of property requestedScopeTokensᅟ .

requestedScopeTokensChanged(tokens)
Parameters:

tokens – .QSetQByteArray

Notification signal of property requestedScopeTokensᅟ .

responseType()
Return type:

str

Returns the response_type used.

responseTypeChanged(responseType)
Parameters:

responseType – str

scope()
Return type:

str

Note

This function is deprecated.

See also

setScope()

Getter of property scopeᅟ .

scopeChanged(scope)
Parameters:

scope – str

Note

This function is deprecated.

Notification signal of property scopeᅟ .

serverReportedErrorOccurred(error, errorDescription, uri)
Parameters:
  • error – str

  • errorDescription – str

  • uriQUrl

Signal emitted when the server responds to the authorization request with an error as defined in RFC 6749 error response .

error is the name of the error; errorDescription describes the error and uri is an optional URI containing more information about the error.

To catch all errors, including these RFC defined errors, with a single signal, use requestFailed() .

setAutoRefresh(enable)
Parameters:

enable – bool

See also

autoRefresh()

Setter of property autoRefreshᅟ .

setClientIdentifierSharedKey(clientIdentifierSharedKey)
Parameters:

clientIdentifierSharedKey – str

Setter of property clientIdentifierSharedKeyᅟ .

setNonce(nonce)
Parameters:

nonce – str

See also

nonce()

Setter of property nonceᅟ .

setNonceMode(mode)
Parameters:

modeNonceMode

See also

nonceMode()

Setter of property nonceModeᅟ .

setRefreshToken(refreshToken)
Parameters:

refreshToken – str

Sets the new refresh token refreshToken to be used.

A custom refresh token can be used to refresh the access token via this method and then the access token can be refreshed via refreshTokens() .

See also

refreshToken()

Setter of property refreshTokenᅟ .

setRequestedScopeTokens(tokens)
Parameters:

tokens – .QSetQByteArray

Setter of property requestedScopeTokensᅟ .

setResponseType(responseType)
Parameters:

responseType – str

setScope(scope)
Parameters:

scope – str

Note

This function is deprecated.

See also

scope()

Setter of property scopeᅟ .

setSslConfiguration(configuration)
Parameters:

configurationQSslConfiguration

Sets the TLS configuration to be used when establishing a mutual TLS connection between the client and the Authorization Server.

setState(state)
Parameters:

state – str

See also

state()

Setter of property stateᅟ .

setTokenUrl(tokenUrl)
Parameters:

tokenUrlQUrl

See also

tokenUrl()

Setter of property tokenUrlᅟ .

setUserAgent(userAgent)
Parameters:

userAgent – str

See also

userAgent()

Setter of property userAgentᅟ .

sslConfiguration()
Return type:

QSslConfiguration

Returns the TLS configuration to be used when establishing a mutual TLS connection between the client and the Authorization Server.

sslConfigurationChanged(configuration)
Parameters:

configurationQSslConfiguration

The signal is emitted when the TLS configuration has changed. The configuration parameter contains the new TLS configuration.

state()
Return type:

str

See also

setState()

Getter of property stateᅟ .

stateChanged(state)
Parameters:

state – str

Notification signal of property stateᅟ .

tokenUrl()
Return type:

QUrl

See also

setTokenUrl()

Getter of property tokenUrlᅟ .

tokenUrlChanged(tokenUrl)
Parameters:

tokenUrlQUrl

Notification signal of property tokenUrlᅟ .

userAgent()
Return type:

str

See also

setUserAgent()

Getter of property userAgentᅟ .

userAgentChanged(userAgent)
Parameters:

userAgent – str

Notification signal of property userAgentᅟ .