Loading...

XML

Word

Printable

Type: Task
Resolution: Fixed
Priority: P2: Important
Fix Version/s: 6.9.0 FF
Affects Version/s: None
Component/s: Network: Authentication
Labels:
None

Platform/s:

All
Epic Link:
Qt Network Authorization module improvements
Story Points:
8
Commits:
62feb2e82 (dev)
Sprint:
Foundation Sprint 115, Foundation Sprint 116, Foundation Sprint 117

OpenIDConnect core specification defines an OPTIONAL 'nonce' request parameter.
The purpose for the 'nonce' is to mitigate replay attacks; the returned "ID token" (JWT) contains the same "nonce".

qtnetworkauth should add convenience support for this. Note that the QAbstractOAuth class does have a /protected/ function

static QByteArray generateRandomString(quint8 length);

which can very likely be used for this purpose.

While the OpenIDConnect marks the parameters as optional, many OAuth providers mark it as REQUIRED (see eg.
Facebook or Google).

clones

QTBUG-124327 [OAuth] PKCE support

Closed

is cloned by

QTBUG-124337 [OAuth] Improve nonce-generation

Closed

QTBUG-127839 [OAuth] Support QtWebEngine usage as the user-agent

Closed

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Assignee:: Juha Vuolle

Reporter:: Juha Vuolle

PM Owner:: Vladimir Minenko

RnD Owner:: Alex Blasche

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 12 Apr '24 11:59

Updated:: 08 Oct '24 07:32

Resolved:: 08 Oct '24 07:32

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

Add 'nonce' support for OAuth2: Gerrit Review: