Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-102279

QOAuth2AuthorizationCodeFlow::requestAccessToken() does not report HTTP errors?

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reported
    • Priority: P2: Important
    • Resolution: Unresolved
    • Affects Version/s: 5.12.2
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      Debian GNU/Linux bullseye
    • Platform/s:
      All

      Description

      I am using QOAuth2AuthorizationCodeFlow and, sometimes, my server reports an error. The error is HTTP code 400, Bad request. This is because the server can't find the user.
      My problem is that my application is not notified of the error and is waiting forever.

      After reading the Qt source code it looks like the method QOAuth2AuthorizationCodeFlow::requestAccessToken() does not send any signal in case of error from the server.

      I was expecting that the signal QNetworkReply::errorOccurred(QNetworkReply::NetworkError) could be handled and forwarded to the application using QAbstractOAuth2::error() or something similar.

      I case of error, I see a log in the console:

      qt.networkauth.replyhandler: Error transferring https://idp.safenetid.com/auth/realms/2H31DFOIEQ-STA/protocol/openid-connect/token - server replied: Fake Bad request

      But I could not find a way to be notified something went wrong.

      Or am I missing something?

       

      I also created a question on https://stackoverflow.com/questions/71694124/howto-be-notified-of-an-error-from-qoauth2authorizationcodeflow I include bellow for completeness.

      I am using QOAuth2AuthorizationCodeFlow to perform OIDC authentication. I can connect to the signal QAbstractOAuth::granted() and be notified when it worked with success. Fine.

      My problem is: how to be notified when something wrong happened?

      I tried to connect to the QAbstractOAuth2::error() signal but I am not notified. I used:

      QObject::connect(this, SIGNAL(error(const QString &, const QString &, const QUrl &)), this, SLOT(catchAll()));

      In the application console I see the error reported by the server:

      qt.networkauth.replyhandler: Error transferring https://idp.safenetid.com/auth/realms/2H31DFOIEQ-STA/protocol/openid-connect/token - server replied: Fake Bad request

      So Qt detected the problem. It looks like the problem is detected in QHttpThreadDelegate::finishedSlot():

      if (httpReply->statusCode() >= 400) {
              // it's an error reply
              QString msg = QLatin1String(QT_TRANSLATE_NOOP("QNetworkReply",
                                                            "Error transferring %1 - server replied: %2"));
              msg = msg.arg(httpRequest.url().toString(), httpReply->reasonPhrase());
              emit error(statusCodeFromHttp(httpReply->statusCode(), httpRequest.url()), msg);
          }

       

      An error() signal is emitted. But it is catched by Qt itself and not reported upstream to the application?

      Note: Sometimes the server I use replies with an HTTP error code 400 and message "User not found". Here I faked the problem using mitmproxy to be able to reproduce the issue easily.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            jefernan Jesus Fernandez
            Reporter:
            ludovic42 Ludovic Rousseau
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes