diff options
| author | Juha Vuolle <juha.vuolle@qt.io> | 2024-09-13 16:01:11 +0300 |
|---|---|---|
| committer | Juha Vuolle <juha.vuolle@qt.io> | 2024-10-08 10:19:23 +0300 |
| commit | 4209cedd6ce5ef2f6ab595b2207713d8bff2bed6 (patch) | |
| tree | 597f8c325a9b5c4b5aaf67badeb8fe17125ba515 /src/oauth/qoauth2authorizationcodeflow.cpp | |
| parent | 62feb2e829ba0274fcb6ad36fd9a8aac9b8cb2cc (diff) | |
Add OIDC ID token acquisition convenience support
This commit adds convenience for getting OpenID Connect (OIDC)
ID tokens. This change consists of:
- New 'ID token" property 'idToken'
- Update for token error handling
- Overview documentation paragraph covering
current OIDC support in Qt
It should be noted that this commit does not introduce
support for validating the ID tokens, which is a crucial
step in many use cases.
[ChangeLog][QAbstractOAuth2] Added new 'idToken' property
for accessing OIDC ID tokens
Fixes: QTBUG-124334
Change-Id: I404cb033dd003861b6e8413dfcb08fa75a0a699e
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/oauth/qoauth2authorizationcodeflow.cpp')
| -rw-r--r-- | src/oauth/qoauth2authorizationcodeflow.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/oauth/qoauth2authorizationcodeflow.cpp b/src/oauth/qoauth2authorizationcodeflow.cpp index c738d2a..1e3999f 100644 --- a/src/oauth/qoauth2authorizationcodeflow.cpp +++ b/src/oauth/qoauth2authorizationcodeflow.cpp @@ -181,6 +181,18 @@ void QOAuth2AuthorizationCodeFlowPrivate::_q_accessTokenRequestFinished(const QV #endif } + // An id_token must be included if this was an OIDC request + // https://openid.net/specs/openid-connect-core-1_0-final.html#AuthRequest (cf. 'scope') + // https://openid.net/specs/openid-connect-core-1_0-final.html#TokenResponse + const QString receivedIdToken = values.value(Key::idToken).toString(); + if (grantedScope.contains("openid"_L1) && receivedIdToken.isEmpty()) { + setIdToken({}); + _q_accessTokenRequestFailed(QAbstractOAuth::Error::OAuthTokenNotFoundError, + "ID token not received"_L1); + return; + } + setIdToken(receivedIdToken); + const QDateTime currentDateTime = QDateTime::currentDateTime(); if (expiresIn > 0 && currentDateTime.secsTo(expiresAt) != expiresIn) { expiresAt = currentDateTime.addSecs(expiresIn); |