Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124333

[OAuth] Ability to open and close the loopback HTTP server on a need-basis

    XMLWordPrintable

Details

    • All
    • 8
    • 67b2aec9d (dev), 042561187 (dev), 649288461 (6.7), a4f8012a3 (tqtc/lts-6.5), 8b974b08e (tqtc/lts-6.2)
    • Foundation Sprint 108

    Description

      According to current native-application-OAuth best practice RFC the loopback port should be opened only when used for authorization request, and closed when done.

      This best practice should be adopted when using QOAuthHttpServerReplyHandler; the close() should be called after authorization is complete, failed or otherwise. It should be possible to reopen to listen to the same port if later needed. Understandably if some other process in the operating system has already claimed the port in the meanwhile, it will just fail to listen, but this is acceptable (but it mustn't assert)

      Note that the loopback listening is only needed when acquiring the authorization code. It is not needed when acquiring access token (neither for the first acquisition, nor for a token refresh). In other words:

      • Authorization stage: callback/redirect_uri needed. Listening needed
      • Request access token: callback/redirect_uri needed. Listening not needed
      • Refresh access token: callback/redirect_uri not needed. Listening not needed

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-124333
          # Subject Branch Project Status CR V

          Activity

            People

              vuokko Juha Vuolle
              vuokko Juha Vuolle
              Vladimir Minenko Vladimir Minenko
              Alex Blasche Alex Blasche
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes