Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Unresolved
Priority: P2: Important
Fix Version/s: None
Affects Version/s: None
Component/s: Network: Authentication
Labels:
None

Platform/s:

All
Epic Link:
Qt Network Authorization module improvements
Story Points:
8
Sprint:
Foundation PM Staging

Description

According to current native-application-OAuth best practice RFC the loopback port should be opened only when used for authorization request, and closed when done.

This best practice should be adopted when using QOAuthHttpServerReplyHandler; the close() should be called after authorization is complete, failed or otherwise. It should be possible to reopen to listen to the same port if later needed. Understandably if some other process in the operating system has already claimed the port in the meanwhile, it will just fail to listen, but this is acceptable (but it mustn't assert)

Note that the loopback listener is only needed when acquiring the authorization code, and is not needed when acquiring access token (first acquisition, or a token refresh).

Attachments

Issue Links

clones

QTBUG-124332 [OAuth] Access token expiration convenience functionality

Reported

is cloned by

QTBUG-124334 [OAuth OIDC] Document how to use Qt OAuth2 for OpenIDConnect

Reported

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Juha Vuolle

Reporter:: Juha Vuolle

PM Owner:: Vladimir Minenko

RnD Owner:: Alex Blasche

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12 Apr '24 11:49

Updated:: 12 Apr '24 11:52

Gerrit Reviews

There are no open Gerrit changes