Details
-
Bug
-
Resolution: Done
-
P2: Important
-
6.0.1
-
None
-
-
13
-
52a0eb4791727157a7b385f7e022faad28da4821 (qt/qtbase/dev) 2ac6738be159405d216b662fade7f77fc189f87e (qt/qtbase/6.1) 7a45372ad4b5d1df14ee6c1c656b0b777ebc6ce6 (qt/qtbase/6.0) 259a167beb094929b3b26c8072b970f3903ef65d (qt/tqtc-qtbase/5.15)
-
Qt6_Foundation_Sprint 31, Qt6_Foundation_Sprint 32
Description
When using HTTP2, the authenticationRequired signal is never emitted. This causes for example the grant() method in the OAuth2 module to not work, because q_authenticate is never called: https://github.com/qt/qtnetworkauth/blob/0b32d73691f06908a6a45b787b33adb8e4c86a3b/src/oauth/qoauth2authorizationcodeflow.cpp#L348
The source of this problem is in the qtbase Repo in src/network/access. For HTTP1, status handling is done in qhttpnetworkconnectionchannel.cpp inside handleStatus(), where for status code 401 (and 407) the method will handle the authenticate challenge: https://github.com/qt/qtbase/blob/c5904cb96aed3b171c543a2cf0bed8f8ac5f95c4/src/network/access/qhttpnetworkconnectionchannel.cpp#L648
However for HTTP2, handleStatus() is never called. There seems to be some rudimentary status code handling inside qhttp2protocolhandler.cpp, but there is nothing that implements authentication handling for HTTP2: https://github.com/qt/qtbase/blob/c5904cb96aed3b171c543a2cf0bed8f8ac5f95c4/src/network/access/qhttp2protocolhandler.cpp#L1181
I guess something similar to the HTTP1 case has to be implemented in that function.
BTW the official Qt NetworkAuth Reddit example is broken from this if you want to have a broken code example for this bug. That example isn't officially ported to Qt6 as of now, but the port is trivial - or just enable HTTP2 in the Qt5 version to experience this bug.
If you give me a few hints how to best implement this without duplicating too much code from handleStatus(), I might even fix this myself.