Details
-
Bug
-
Resolution: Out of scope
-
P2: Important
-
None
-
5.9.0, 5.10.0
-
None
-
macOS 10.13.2
Qt 5.9.1-5.10.0
Description
Issue may happen when QOAuth2AuthorizationCodeFlow receives OAuth2 authorization code and sends it back to get token.
When QOAuthHttpServerReplyHandlerPrivate decodes OAuth2 authorization code from QUrlQuery with QUrl::ComponentFormattingOption::PrettyDecoded flags (QOAuthHttpServerReplyHandlerPrivate::_q_answerClient()).
However QOAuth2AuthorizationCodeFlow encodes same authorization code into QUrlQuery using QUrl::ComponentFormattingOption::FullyEncoded flags (QOAuth2AuthorizationCodeFlow::requestAccessToken()). Maybe it can lead to corruption of authorization code.
In my case if authorization code contains '/' symbol it will be encoded by OAuth2 server as '%2F' and will not be decoded inside QOAuthHttpServerReplyHandlerPrivate::_q_answerClient(). So it becomes '%252F' when encodes back and OAuth2 server will reject such authorisation code.
Attachments
For Gerrit Dashboard: QTBUG-65851 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
217269,3 | Decode received strings when receiving the callback | 5.10 | qt/qtnetworkauth | Status: NEW | -1 | 0 |