Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-86061

Insufficient error handling in QOAuth2AuthorizationCodeFlow::refreshAccessToken() and ::requestAccessToken()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.14.2
    • Network: Authentication
    • None
    • All

    Description

      The function QOAuth2AuthorizationCodeFlow::refreshAccessToken() does not appear to report refresh failures correctly, or if it does I have misunderstood the documentation drastically. When given an invalid refresh token, I simply get the following error message:

      qt.networkauth.replyhandler: Error transferring https://<domain>/oauth/token - server replied: Forbidden

      I would instead expect the signal QOAuth2AuthorizationCodeFlow::error to be emitted, but it is not. In fact from a quick glance over the codebase, it only appears to be emitted during the authorization code request, and at a quick glance there appears to be nothing externally visible for when there are failures during either requestAccessToken() or refreshAccessToken().

      Is there another intended way to be informed of failures, or is this simply an oversight?

      Thanks!

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            jefernan Jesus Fernandez
            ethereal Kestrel W-K
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes