Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-97791

QOAuth2AuthorizationCodeFlow refreshToken does not work with Azure (Bad Request)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Out of scope
    • Affects Version/s: 6.2.0
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      Windows 10 20H2
    • Platform/s:
      All

      Description

      The attached example project shows a working and broken example for refreshing access tokens against Azure.
      The working example is just a lucky hack that seems to work for me, the broken example should just work in my opinion.

      The Azure instance is a just a playground setup for me so I can share it:
      User: LeeG@bitfactoryat.onmicrosoft.com
      Password: ASecretPassword_123

      The attached pdf shows how to setup Azure for this example app.  

      How to reproduce:

      1. Start attached example app
      2. Click button "Switch to bad example"
      3. Click button "Grant"
      4. Your browser will open with the login page -> login
      5. The app will show the access token and refresh token
      6. Click button "Refresh"
      7. The app shows no new tokens, in the console an error is displayed

       

      The error is:

      Bad Request:  "{\"error\":\"invalid_request\",\"error_description\":\"AADSTS90009: Application '54fca61a-c1fd-47c0-9ffd-5751c4898b8c'(54fca61a-c1fd-47c0-9ffd-5751c4898b8c) is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.\\r\\nTrace ID: a4da4ec0-6d33-4578-ae0d-b14f974f1200\\r\\nCorrelation ID: 3f70644e-e43f-423d-a1d1-d5d6c673ec66\\r\\nTimestamp: 2021-10-27 08:19:13Z\",\"error_codes\":[90009],\"timestamp\":\"2021-10-27 08:19:13Z\",\"trace_id\":\"a4da4ec0-6d33-4578-ae0d-b14f974f1200\",\"correlation_id\":\"3f70644e-e43f-423d-a1d1-d5d6c673ec66\"}"
      qt.networkauth.replyhandler: Error transferring https://login.microsoftonline.com/424419bb-b275-4229-ac95-537d384059de/oauth2/v2.0/token - server replied: Bad Request
      

      https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow - The Microsoft docs mention the scope for the refresh token request is optional, but in this case it does not seem to be true.
       

      It works with this modification "Qt\6.2.0\Src\qtnetworkauth\src\oauth\qoauth2authorizationcodeflow.cpp":

      diff --git "a/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp.org" "b/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp"
      index aa9204b..6bc490c 100644
      --- "a/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp.org"
      +++ "b/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp"
      @@ -327,6 +327,7 @@ void QOAuth2AuthorizationCodeFlow::refreshAccessToken()
           parameters.insert(Key::redirectUri, QUrl::toPercentEncoding(callback()));
           parameters.insert(Key::clientIdentifier, d->clientIdentifier);
           parameters.insert(Key::clientSharedSecret, d->clientIdentifierSharedKey);
      +	parameters.insert(Key::scope, d->scope);
           if (d->modifyParametersFunction)
               d->modifyParametersFunction(Stage::RefreshingAccessToken, &parameters);
           query = QAbstractOAuthPrivate::createQuery(parameters);
      

       

       If I can be of any help please let me know.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            jefernan Jesus Fernandez
            Reporter:
            Marscho Marscho
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes