Add QAbstractOAuth2::grantedScope and requestedScope properties

The pre-existing 'scope' property serves two roles concurrently, first as the 'requested' scope, and later as the 'granted' scope. These scopes commonly differ. This commit introduces two new properties to provide a cleaner separation between the two: - The requestedScope holds the scope the user requests. - The grantedScope holds the scope granted by the authorization server. The requested and granted scopes may differ, and it is useful for applications to be able to adapt their behavior accordingly. All new code is advised to use these properties, and the original 'scope' property should be deprecated. [ChangeLog][QAbstractOAuth2] Added new 'grantedScope' and 'requestedScope' properties to provide clean separation between requested and granted scopes. Fixes: QTBUG-124330 Change-Id: Ib2cc642722e4bce578d91b48acd0d549cf70a64f Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
author: Juha Vuolle <juha.vuolle@qt.io> 2024-07-23 13:32:25 +0300
committer: Juha Vuolle <juha.vuolle@qt.io> 2024-08-08 07:19:16 +0300
commit: 571b71763c0485778623139359acc88985099efb (patch)
tree: a2a37558310a96839ca684bc85b2b6b63c173842 /src/oauth/qoauth2authorizationcodeflow.cpp
parent: d867b77770c09c9b6a970edcbd8041cff6b64e4a (diff)
1 files changed, 16 insertions, 4 deletions
diff --git a/src/oauth/qoauth2authorizationcodeflow.cpp b/src/oauth/qoauth2authorizationcodeflow.cpp
index 2c5fd76..2369fb8 100644
--- a/src/oauth/qoauth2authorizationcodeflow.cpp
+++ b/src/oauth/qoauth2authorizationcodeflow.cpp
@@ -146,9 +146,20 @@ void QOAuth2AuthorizationCodeFlowPrivate::_q_accessTokenRequestFinished(const QV
     // If the requested scope and granted scopes differ, server is REQUIRED to return
     // the scope. If OTOH the scopes match, the server MAY omit the scope in the response,
     // in which case we assume that the granted scope matches the requested scope.
-    const QString scope = values.value(Key::scope).toString();
-    if (!scope.isEmpty())
-        q->setScope(scope);
+    //
+    // Note: 'scope' variable has two roles: requested scope, and later granted scope.
+    // Therefore 'scope' needs to be set if the granted scope differs from 'scope'.
+    const QString grantedScope = values.value(Key::scope).toString();
+    const QStringList splitGrantedScope = grantedScope.split(" "_L1, Qt::SkipEmptyParts);
+    if (splitGrantedScope.isEmpty()) {
+        setGrantedScope(requestedScope);
+    } else {
+        setGrantedScope(splitGrantedScope);
+        if (grantedScope != scope) {
+            scope = grantedScope;
+            Q_EMIT q->scopeChanged(scope);
+        }
+    }
 
     const QDateTime currentDateTime = QDateTime::currentDateTime();
     if (expiresIn > 0 && currentDateTime.secsTo(expiresAt) != expiresIn) {
@@ -505,7 +516,8 @@ QUrl QOAuth2AuthorizationCodeFlow::buildAuthenticateUrl(const QMultiMap<QString,
     p.insert(Key::responseType, responseType());
     p.insert(Key::clientIdentifier, d->clientIdentifier);
     p.insert(Key::redirectUri, callback());
-    p.insert(Key::scope, d->scope);
+    if (!d->requestedScope.isEmpty())
+        p.insert(Key::scope, d->requestedScope.join(" "_L1));
     p.insert(Key::state, state);
     if (d->pkceMethod != PkceMethod::None) {
         p.insert(Key::codeChallenge, d->createPKCEChallenge());
author	Juha Vuolle <juha.vuolle@qt.io>	2024-07-23 13:32:25 +0300
committer	Juha Vuolle <juha.vuolle@qt.io>	2024-08-08 07:19:16 +0300
commit	571b71763c0485778623139359acc88985099efb (patch)
tree	a2a37558310a96839ca684bc85b2b6b63c173842 /src/oauth/qoauth2authorizationcodeflow.cpp
parent	d867b77770c09c9b6a970edcbd8041cff6b64e4a (diff)