Handles loopback redirects by setting up a local HTTP server. More...
| Header: | #include <QOAuthHttpServerReplyHandler> |
| CMake: | find_package(Qt6 REQUIRED COMPONENTS NetworkAuth)target_link_libraries(mytarget PRIVATE Qt6::NetworkAuth) |
| qmake: | QT += networkauth |
| Inherits: | QOAuthOobReplyHandler |
| QOAuthHttpServerReplyHandler(QObject *parent = nullptr) | |
| QOAuthHttpServerReplyHandler(quint16 port, QObject *parent = nullptr) | |
| QOAuthHttpServerReplyHandler(const QHostAddress &address, quint16 port, QObject *parent = nullptr) | |
| virtual | ~QOAuthHttpServerReplyHandler() |
| QString | callbackPath() const |
| QString | callbackText() const |
| void | close() |
| bool | isListening() const |
| bool | listen(const QHostAddress &address = QHostAddress::Any, quint16 port = 0) |
| quint16 | port() const |
| void | setCallbackPath(const QString &path) |
| void | setCallbackText(const QString &text) |
This class serves as a reply handler for OAuth 2.0 authorization processes that use loopback redirection.
The redirect URI is where the authorization server redirects the user-agent (typically, and preferably, the system browser) once the authorization
part of the flow is complete. Loopback redirect URIs use http as the scheme and either localhost or an IP address literal as the host (see IPv4 and IPv6).
QOAuthHttpServerReplyHandler sets up a localhost server. Once the authorization server redirects the browser to this localhost address, the reply handler parses the redirection URI query parameters, and then signals authorization completion with a signal.
To handle other redirect URI schemes, see QOAuthUriSchemeReplyHandler.
The following code illustrates the usage. First, the needed variables:
QOAuth2AuthorizationCodeFlow m_oauth; QOAuthHttpServerReplyHandler *m_handler = nullptr;
Followed up by the OAuth setup (error handling omitted for brevity):
m_oauth.setAuthorizationUrl(QUrl("https://some.authorization.service/v3/authorize"_L1)); m_oauth.setAccessTokenUrl(QUrl("https://some.authorization.service/v3/access_token"_L1)); m_oauth.setClientIdentifier("a_client_id"_L1); m_oauth.setScope("read"_L1); m_handler = new QOAuthHttpServerReplyHandler(1234, this); connect(&m_oauth, &QAbstractOAuth::authorizeWithBrowser, this, &QDesktopServices::openUrl); connect(&m_oauth, &QAbstractOAuth::granted, this, [this]() { // Here we use QNetworkRequestFactory to store the access token m_api.setBearerToken(m_oauth.token().toLatin1()); m_handler->close(); });
Finally, we then set up the URI scheme reply-handler:
m_oauth.setReplyHandler(m_handler); // Initiate the authorization if (m_handler->isListening()) { m_oauth.grant(); }
If the handler is an any address handler (AnyIPv4, AnyIPv6, or Any), the used callback is in the form of http://localhost:{port}/{path}. Handler will first attempt to listen on IPv4 loopback address, and then on IPv6. localhost is used because it resolves correctly on both IPv4 and IPv6
interfaces.
For loopback addresses (LocalHost or LocalHostIPv6) the IP literals (127.0.0.1 and ::1) are used.
For specific IP addresses the provided IP literal is used directly, for instance: http://192.168.0.123:{port}/{path} in the case of an IPv4 address.
[explicit] QOAuthHttpServerReplyHandler::QOAuthHttpServerReplyHandler(QObject *parent = nullptr)Constructs a QOAuthHttpServerReplyHandler object using parent as a parent object. Calls listen() with port 0 and
address LocalHost.
See also listen().
[explicit] QOAuthHttpServerReplyHandler::QOAuthHttpServerReplyHandler(quint16 port, QObject *parent = nullptr)Constructs a QOAuthHttpServerReplyHandler object using parent as a parent object. Calls listen() with port and address LocalHost.
See also listen().
[explicit] QOAuthHttpServerReplyHandler::QOAuthHttpServerReplyHandler(const
QHostAddress &address, quint16 port, QObject *parent = nullptr)Constructs a QOAuthHttpServerReplyHandler object using parent as a parent object. Calls listen() with address and port.
See also listen().
[virtual noexcept] QOAuthHttpServerReplyHandler::~QOAuthHttpServerReplyHandler()Destroys the QOAuthHttpServerReplyHandler object. Stops listening for connections / redirections.
See also close().
Returns the path that is used as the path component of the callback() / OAuth2 redirect_uri parameter.
See also setCallbackPath().
Returns the text that is used in response to the redirection at the end of the authorization stage.
The text is wrapped in a simple HTML page, and displayed to the user by the browser / user-agent which did the redirection.
The default text is
Callback received. Feel free to close this page.
See also setCallbackText().
Tells this handler to stop listening for connections / redirections.
See also listen().
Returns true if this handler is currently listening, and false otherwise.
See also listen() and close().
Tells this handler to listen for incoming connections / redirections on address and port. Returns true if listening is successful, and false otherwise.
Active listening is only required when performing the initial authorization phase, typically initiated by a QOAuth2AuthorizationCodeFlow::grant() call.
It is recommended to close the listener after successful authorization. Listening is not needed for requesting access tokens or refreshing them.
If this function is called with Null as the address, the handler will attempt to listen to LocalHost, and if that fails, LocalHostIPv6.
See also IPv4 and IPv6.
See also close(), isListening(), and QTcpServer::listen().
Returns the port on which this handler is listening, otherwise returns 0.
See also listen() and isListening().
Sets path to be used as the path component of the callback().
See also callbackPath().
Sets text to be used in response to the redirection at the end of the authorization stage.
See also callbackText().
