-
Task
-
Resolution: Fixed
-
P2: Important
-
None
-
None
-
-
8
-
62feb2e82 (dev)
-
Foundation Sprint 115, Foundation Sprint 116, Foundation Sprint 117
OpenIDConnect core specification defines an OPTIONAL 'nonce' request parameter.
The purpose for the 'nonce' is to mitigate replay attacks; the returned "ID token" (JWT) contains the same "nonce".
qtnetworkauth should add convenience support for this. Note that the QAbstractOAuth class does have a /protected/ function
static QByteArray generateRandomString(quint8 length);
which can very likely be used for this purpose.
While the OpenIDConnect marks the parameters as optional, many OAuth providers mark it as REQUIRED (see eg.
Facebook or Google).
- clones
-
QTBUG-124327 [OAuth] PKCE support
-
- Closed
-
- is cloned by
-
QTBUG-124337 [OAuth] Improve nonce-generation
-
- Closed
-
-
QTBUG-127839 [OAuth] Support QtWebEngine usage as the user-agent
-
- Closed
-