-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Qt][C++] Oauth2 Authorization Code Flow and Implicit Flow Support. #10183
Conversation
modules/openapi-generator/src/main/resources/cpp-qt-client/Project.mustache
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not an expert in Oauth2 authorization management so I cannot judge but at least I can say that this PR doesn't break anything.
Im not an expert as well but maybe @etherealjoy has some more knowledge to do a review. For testing i used multiple "test" server. For the Implicit and Authorization Code Flows, i used the Google Oauth2 API. You have to create an Web-App, set the redirect url to For the client credential flow, I used tools from HERE. They also provide the other flows but you cant set the redirect url to localhost... The password flow has to be tested "manually" because it is deprecated and considered unsafe for obvious reasons. But since its in OpenAPI, I added it aswell. I used a Node.js server with router from Express package. I just added a route and logged the client_id (you can check for all parameters and see if it fits the expected values) and answered with a fixed token since its just for testing:
I used the following securitySchemes in the input file:
|
@basyskom-dege looks like this breaks the build:
Ref: https://app.travis-ci.com/github/OpenAPITools/openapi-generator/builds/241764289 Can you please take a look when you've time? To run the tests locally, try |
Yes, i forgot to add the QT5Gui Package for Cmake (this is needed to open the authURL in the browser). Should be fixed now. Integration-test works on my machine. I pushed it to my Branch. Should i open a new PR? -> Commit |
Yes please open a new PR |
Done -> #10921 |
This PR will enable OAuth2 Support for the Authorization Code Flow, Implicit Flow, Password Flow and Client Credentials Flow. The oauth-class will provide a reply server based on the QTcpserver module. This is a followup PR from #8831. I took some input from @etherealjoy `s comment in the old PR.
But there are some steps unclear:
Where should we store the information for the request? We need the state, ClientId and ClientSecret etc. This Comment refers to the Specification that states we should use the tools we like to provide those variables. Do you have something in mind here? My take would be a config file in some way. By now there are dummy values and once you call the Oauth process you will get
incalid Client_id
since its just a dummy value.Another problem might be the fact that the oauth flow can only be used in a
QtGuiApplication
since it uses theQDesktopServices::openUrl()
function to open the oauth pop-up window.Any feedback or input would be highly appreciated!
EDIT: one more thing. Is there a way to test the Petstore with the Authorization flow? Right now I just use the google API and a local Node.js server that just checks if token is set and if not it will just send
QNetworkReply::AuthenticationRequiredError
to trigger the authorization process.EDIT2: I also added the client credential flow. There is the same problem with the client_secret and id as described above.
PR checklist
This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
These must match the expectations made by your contribution.
You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example
./bin/generate-samples.sh bin/configs/java*
.For Windows users, please run the script in Git BASH.
master
(5.3.0),6.0.x
PING @wing328 @ravinikam (2017/07) @stkrwork (2017/07) @etherealjoy (2018/02) @MartinDelille (2018/03) @muttleyxd (2019/08)