Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124333

[OAuth] Ability to open and close the loopback HTTP server on a need-basis

XMLWordPrintable

    • All
    • 8
    • 67b2aec9d (dev), 042561187 (dev), 649288461 (6.7), a4f8012a3 (tqtc/lts-6.5), 8b974b08e (tqtc/lts-6.2)
    • Foundation Sprint 108

      According to current native-application-OAuth best practice RFC the loopback port should be opened only when used for authorization request, and closed when done.

      This best practice should be adopted when using QOAuthHttpServerReplyHandler; the close() should be called after authorization is complete, failed or otherwise. It should be possible to reopen to listen to the same port if later needed. Understandably if some other process in the operating system has already claimed the port in the meanwhile, it will just fail to listen, but this is acceptable (but it mustn't assert)

      Note that the loopback listening is only needed when acquiring the authorization code. It is not needed when acquiring access token (neither for the first acquisition, nor for a token refresh). In other words:

      • Authorization stage: callback/redirect_uri needed. Listening needed
      • Request access token: callback/redirect_uri needed. Listening not needed
      • Refresh access token: callback/redirect_uri not needed. Listening not needed

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            vuokko Juha Vuolle
            vuokko Juha Vuolle
            Vladimir Minenko Vladimir Minenko
            Alex Blasche Alex Blasche
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes