Created by: basyskom-dege
This PR will enable OAuth2 Support for the Authorization Code Flow, Implicit Flow, Password Flow and Client Credentials Flow. The oauth-class will provide a reply server based on the QTcpserver module. This is a followup PR from #8831. I took some input from @etherealjoy `s comment in the old PR. But there are some steps unclear:
Where should we store the information for the request? We need the state, ClientId and ClientSecret etc. This Comment refers to the Specification that states we should use the tools we like to provide those variables. Do you have something in mind here? My take would be a config file in some way. By now there are dummy values and once you call the Oauth process you will get incalid Client_id
since its just a dummy value.
Another problem might be the fact that the oauth flow can only be used in a QtGuiApplication
since it uses the QDesktopServices::openUrl()
function to open the oauth pop-up window.
Any feedback or input would be highly appreciated!
EDIT: one more thing. Is there a way to test the Petstore with the Authorization flow? Right now I just use the google API and a local Node.js server that just checks if token is set and if not it will just send QNetworkReply::AuthenticationRequiredError
to trigger the authorization process.
EDIT2: I also added the client credential flow. There is the same problem with the client_secret and id as described above.
PR checklist
-
Read the contribution guidelines. -
Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community. -
Run the following to build the project and update samples: ./mvnw clean package ./bin/generate-samples.sh ./bin/utils/export_docs_generators.sh
./bin/generate-samples.sh bin/configs/java*
. For Windows users, please run the script in Git BASH. -
File the PR against the correct branch: master
(5.3.0),6.0.x
-
If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.
PING @wing328 @ravinikam (2017/07) @stkrwork (2017/07) @etherealjoy (2018/02) @MartinDelille (2018/03) @muttleyxd (2019/08)