Details
-
Task
-
Resolution: Unresolved
-
P2: Important
-
None
-
None
-
None
-
-
8
-
Foundation PM Staging
Description
According to current native-application-OAuth best practice RFC the loopback port should be opened only when used for authorization request, and closed when done.
This best practice should be adopted when using QOAuthHttpServerReplyHandler; the close() should be called after authorization is complete, failed or otherwise. It should be possible to reopen to listen to the same port if later needed. Understandably if some other process in the operating system has already claimed the port in the meanwhile, it will just fail to listen, but this is acceptable (but it mustn't assert)
Note that the loopback listener is only needed when acquiring the authorization code, and is not needed when acquiring access token (first acquisition, or a token refresh).
Attachments
Issue Links
- clones
-
QTBUG-124332 [OAuth] Access token expiration convenience functionality
- Reported
- is cloned by
-
QTBUG-124334 [OAuth OIDC] Document how to use Qt OAuth2 for OpenIDConnect
- Reported