Details
-
Bug
-
Resolution: Unresolved
-
P3: Somewhat important
-
None
-
6.3.1
-
None
Description
The documentation for QAbstractOAuth2::setState says "This property holds the string sent to the server during authentication. The state is used to identify and validate the request when the callback is received." This leads users to assume that they can set a custom state value for the request; indeed, from looking at the code for QAbstractOAuth2, I get the impression that this is intended to be supported behavior. However, when I was OAuthing with the Microsoft Graph API, I found that setting a custom state value caused Qt to not pick up on the otherwise successful authentication.
See also https://forum.qt.io/topic/137526/qnetworkauthorization-and-microsoft-graph for my struggle to figure this out.
To reproduce, download and run https://github.com/LorenDB/QtNetworkAuth-MS-Graph. Note that you will need to create a Microsoft app to test this out; the app ID will need filled in MainWindow.cpp. The code will open a browser tab that attempts to authenticate with Microsoft. The authentication will succeed, and you'll be told that it succeeded, but the app itself won't update to say that it succeeded in authenticating you.
Now delete the setState line in MainWindow.cpp. Rerun the app. It will now fully authenticate and pick up the access token.