Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-102279

QOAuth2AuthorizationCodeFlow::requestAccessToken() does not report HTTP errors?

    XMLWordPrintable

Details

    • All
    • 32f29d3e2 (dev)

    Description

      I am using QOAuth2AuthorizationCodeFlow and, sometimes, my server reports an error. The error is HTTP code 400, Bad request. This is because the server can't find the user.
      My problem is that my application is not notified of the error and is waiting forever.

      After reading the Qt source code it looks like the method QOAuth2AuthorizationCodeFlow::requestAccessToken() does not send any signal in case of error from the server.

      I was expecting that the signal QNetworkReply::errorOccurred(QNetworkReply::NetworkError) could be handled and forwarded to the application using QAbstractOAuth2::error() or something similar.

      I case of error, I see a log in the console:

      qt.networkauth.replyhandler: Error transferring https://idp.safenetid.com/auth/realms/2H31DFOIEQ-STA/protocol/openid-connect/token - server replied: Fake Bad request

      But I could not find a way to be notified something went wrong.

      Or am I missing something?

       

      I also created a question on https://stackoverflow.com/questions/71694124/howto-be-notified-of-an-error-from-qoauth2authorizationcodeflow I include bellow for completeness.

      I am using QOAuth2AuthorizationCodeFlow to perform OIDC authentication. I can connect to the signal QAbstractOAuth::granted() and be notified when it worked with success. Fine.

      My problem is: how to be notified when something wrong happened?

      I tried to connect to the QAbstractOAuth2::error() signal but I am not notified. I used:

      QObject::connect(this, SIGNAL(error(const QString &, const QString &, const QUrl &)), this, SLOT(catchAll()));

      In the application console I see the error reported by the server:

      qt.networkauth.replyhandler: Error transferring https://idp.safenetid.com/auth/realms/2H31DFOIEQ-STA/protocol/openid-connect/token - server replied: Fake Bad request

      So Qt detected the problem. It looks like the problem is detected in QHttpThreadDelegate::finishedSlot():

      if (httpReply->statusCode() >= 400) {
              // it's an error reply
              QString msg = QLatin1String(QT_TRANSLATE_NOOP("QNetworkReply",
                                                            "Error transferring %1 - server replied: %2"));
              msg = msg.arg(httpRequest.url().toString(), httpReply->reasonPhrase());
              emit error(statusCodeFromHttp(httpReply->statusCode(), httpRequest.url()), msg);
          }

       

      An error() signal is emitted. But it is catched by Qt itself and not reported upstream to the application?

      Note: Sometimes the server I use replies with an HTTP error code 400 and message "User not found". Here I faked the problem using mitmproxy to be able to reproduce the issue easily.

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-102279
          # Subject Branch Project Status CR V

          Activity

            People

              vuokko Juha Vuolle
              ludovic42 Ludovic Rousseau
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes