Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-97791

QOAuth2AuthorizationCodeFlow refreshToken does not work with Azure (Bad Request)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • P2: Important
    • Resolution: Out of scope
    • 6.2.0
    • None
    • None
    • Windows 10 20H2
    • All

    Description

      The attached example project shows a working and broken example for refreshing access tokens against Azure.
      The working example is just a lucky hack that seems to work for me, the broken example should just work in my opinion.

      The Azure instance is a just a playground setup for me so I can share it:
      User: LeeG@bitfactoryat.onmicrosoft.com
      Password: ASecretPassword_123

      The attached pdf shows how to setup Azure for this example app.  

      How to reproduce:

      1. Start attached example app
      2. Click button "Switch to bad example"
      3. Click button "Grant"
      4. Your browser will open with the login page -> login
      5. The app will show the access token and refresh token
      6. Click button "Refresh"
      7. The app shows no new tokens, in the console an error is displayed

       

      The error is:

      Bad Request:  "{\"error\":\"invalid_request\",\"error_description\":\"AADSTS90009: Application '54fca61a-c1fd-47c0-9ffd-5751c4898b8c'(54fca61a-c1fd-47c0-9ffd-5751c4898b8c) is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.\\r\\nTrace ID: a4da4ec0-6d33-4578-ae0d-b14f974f1200\\r\\nCorrelation ID: 3f70644e-e43f-423d-a1d1-d5d6c673ec66\\r\\nTimestamp: 2021-10-27 08:19:13Z\",\"error_codes\":[90009],\"timestamp\":\"2021-10-27 08:19:13Z\",\"trace_id\":\"a4da4ec0-6d33-4578-ae0d-b14f974f1200\",\"correlation_id\":\"3f70644e-e43f-423d-a1d1-d5d6c673ec66\"}"
      qt.networkauth.replyhandler: Error transferring https://login.microsoftonline.com/424419bb-b275-4229-ac95-537d384059de/oauth2/v2.0/token - server replied: Bad Request
      

      https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow - The Microsoft docs mention the scope for the refresh token request is optional, but in this case it does not seem to be true.
       

      It works with this modification "Qt\6.2.0\Src\qtnetworkauth\src\oauth\qoauth2authorizationcodeflow.cpp":

      diff --git "a/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp.org" "b/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp"
      index aa9204b..6bc490c 100644
      --- "a/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp.org"
      +++ "b/Qt\\6.2.0\\Src\\qtnetworkauth\\src\\oauth\\qoauth2authorizationcodeflow.cpp"
      @@ -327,6 +327,7 @@ void QOAuth2AuthorizationCodeFlow::refreshAccessToken()
           parameters.insert(Key::redirectUri, QUrl::toPercentEncoding(callback()));
           parameters.insert(Key::clientIdentifier, d->clientIdentifier);
           parameters.insert(Key::clientSharedSecret, d->clientIdentifierSharedKey);
      +	parameters.insert(Key::scope, d->scope);
           if (d->modifyParametersFunction)
               d->modifyParametersFunction(Stage::RefreshingAccessToken, &parameters);
           query = QAbstractOAuthPrivate::createQuery(parameters);
      

       

       If I can be of any help please let me know.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            jefernan Jesus Fernandez
            Marscho Marscho
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes