Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124336

[OAuth OIDC] Add nonce support

XMLWordPrintable

      OpenIDConnect core specification defines an OPTIONAL 'nonce' request parameter.
      The purpose for the 'nonce' is to mitigate replay attacks; the returned "ID token" (JWT) contains the same "nonce".

      qtnetworkauth should add convenience support for this. Note that the QAbstractOAuth class does have a /protected/ function

      static QByteArray generateRandomString(quint8 length);

      which can very likely be used for this purpose.

      While the OpenIDConnect marks the parameters as optional, many OAuth providers mark it as REQUIRED (see eg.
      Facebook or Google).

        For Gerrit Dashboard: QTBUG-124336
        # Subject Branch Project Status CR V
        590573,12 Add 'nonce' support for OAuth2 dev qt/qtnetworkauth Status: MERGED +2 0

            vuokko Juha Vuolle
            vuokko Juha Vuolle
            Vladimir Minenko Vladimir Minenko
            Alex Blasche Alex Blasche
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes