The QOAuth2DeviceAuthorizationFlow class provides an implementation of the Device Authorization Grant flow. 更多...
| 头: |
#include <QOAuth2DeviceAuthorizationFlow>
|
| CMake: |
find_package(Qt6 REQUIRED COMPONENTS NetworkAuth)
target_link_libraries(mytarget PRIVATE Qt6::NetworkAuth)
|
| qmake: |
QT += networkauth
|
| Since: | Qt 6.9 |
| 继承: | QAbstractOAuth2 |
|
|
| QOAuth2DeviceAuthorizationFlow () | |
| QOAuth2DeviceAuthorizationFlow (QObject * parent ) | |
| QOAuth2DeviceAuthorizationFlow (QNetworkAccessManager * manager , QObject * parent = nullptr) | |
| virtual | ~QOAuth2DeviceAuthorizationFlow () override |
| QUrl | completeVerificationUrl () const |
| bool | isPolling () const |
| QString | userCode () const |
| QDateTime | userCodeExpirationAt () const |
| QUrl | verificationUrl () const |
| virtual void | grant () override |
| bool | startTokenPolling () |
| void | stopTokenPolling () |
| void | authorizeWithUserCode (const QUrl & verificationUrl , const QString & userCode , const QUrl & completeVerificationUrl ) |
| void | completeVerificationUrlChanged (const QUrl & completeVerificationUrl ) |
| void | pollingChanged (bool polling ) |
| void | userCodeChanged (const QString & userCode ) |
| void | userCodeExpirationAtChanged (const QDateTime & expiration ) |
| void | verificationUrlChanged (const QUrl & verificationUrl ) |
(从 6.9 起)
void
|
refreshTokensImplementation () |
This class implements the Device Authorization Grant flow, which is used to obtain and refresh access tokens and ID tokens, particularly on devices lacking a user-agent or with limited input capabilities. These devices include televisions, machine HMIs, appliances, and IoT devices.
Device flow can be used on any platform and operating system that is capable of SSL/TLS requests. Unlike QOAuth2AuthorizationCodeFlow , this flow is not based on redirects, and therefore does not use a reply handler .
The following snippets illustrate the typical usage. First, we set up the flow similarly to QOAuth2AuthorizationCodeFlow :
m_deviceFlow.setAuthorizationUrl(QUrl(authorizationUrl)); m_deviceFlow.setTokenUrl(QUrl(accessTokenUrl)); m_deviceFlow.setRequestedScopeTokens({scope}); m_deviceFlow.setClientIdentifier(clientIdentifier); // The need for a client secret depends on the authorization server m_deviceFlow.setClientIdentifierSharedKey(clientSecret);
Then we connect to authorizeWithUserCode signal to handle the user authorization:
connect(&m_deviceFlow, &QOAuth2DeviceAuthorizationFlow::authorizeWithUserCode, this, [](const QUrl &verificationUrl, const QString &userCode, const QUrl &completeVerificationUrl) { if (completeVerificationUrl.isValid()) { // If the authorization server provided a complete URL // that already contains the necessary data as part of the URL parameters, // you can choose to use that qDebug() << "Complete verification uri:" << completeVerificationUrl; } else { // Authorization server provided only verification URL; use that qDebug() << "Verification uri and usercode:" << verificationUrl << userCode; } } );
This part is crucial to the flow, and how you handle it depends on your specific use case. One way or another, the user needs to complete the authorization.
Device flow does not define how this authorization completion is done, making it versatile for different use cases. This can be achieved by displaying the verification URI and user code to the user, who can then navigate to it on another device. Alternatively, you could present a QR code for the user to scan with their mobile device, send to a companion application, email to the user, and so on.
While authorization is pending, QOAuth2DeviceAuthorizationFlow polls the server at specific intervals (typically 5 seconds) until the user accepts or rejects the authorization, upon which the server responds accordingly and the flow concludes.
Errors can be detected as follows:
connect(&m_deviceFlow, &QAbstractOAuth::requestFailed, this, [](QAbstractOAuth::Error error) { Q_UNUSED(error); // Handle error }); connect(&m_deviceFlow, &QAbstractOAuth2::serverReportedErrorOccurred, this, [](const QString &error, const QString &errorDescription, const QUrl &uri) { // Check server reported error details if needed Q_UNUSED(error); Q_UNUSED(errorDescription); Q_UNUSED(uri); } );
QAbstractOAuth2::serverReportedErrorOccurred () signal can be used to get information on specific RFC-defined errors. However, unlike QAbstractOAuth::requestFailed (), it doesn't cover errors such as network errors or client configuration errors.
Flow completion is detected similarly as with QOAuth2AuthorizationCodeFlow ,例如:
connect(&m_deviceFlow, &QAbstractOAuth::granted, this, [this](){ // Here we use QNetworkRequestFactory to store the access token m_api.setBearerToken(m_deviceFlow.token().toLatin1()); }); m_deviceFlow.grant();
[read-only]
completeVerificationUrl
: const
QUrl
This property holds an URL for user to complete the authorization. The URL itself contains the
user_code
and thus avoids the need for user to enter the code manually. Support for this complete URL varies between authorization servers.
访问函数:
| QUrl | completeVerificationUrl () const |
通知程序信号:
| void | completeVerificationUrlChanged (const QUrl & completeVerificationUrl ) |
另请参阅 verificationUrl and Device Flow Usage .
[read-only]
polling
: const
bool
This property holds whether or not the flow is actively polling for tokens.
访问函数:
| bool | isPolling () const |
通知程序信号:
| void | pollingChanged (bool polling ) |
另请参阅 startTokenPolling () 和 stopTokenPolling ().
[read-only]
userCode
: const
QString
此特性保持 user_code received in authorization response. This code is used by the user to complete the authorization.
访问函数:
| QString | userCode () const |
通知程序信号:
| void | userCodeChanged (const QString & userCode ) |
另请参阅 verificationUrl , completeVerificationUrl ,和 Device Flow Usage .
[read-only]
userCodeExpirationAt
: const
QDateTime
This property holds the local time the user code and underlying device codes expire. The codes are typically valid between 5 and 30 minutes.
访问函数:
| QDateTime | userCodeExpirationAt () const |
通知程序信号:
| void | userCodeExpirationAtChanged (const QDateTime & expiration ) |
另请参阅 userCode .
[read-only]
verificationUrl
: const
QUrl
This property holds the URL where user should enter the user code to complete authorization.
访问函数:
| QUrl | verificationUrl () const |
通知程序信号:
| void | verificationUrlChanged (const QUrl & verificationUrl ) |
另请参阅 userCode , completeVerificationUrl ,和 Device Flow Usage .
Constructs a QOAuth2DeviceAuthorizationFlow object.
[explicit]
QOAuth2DeviceAuthorizationFlow::
QOAuth2DeviceAuthorizationFlow
(
QObject
*
parent
)
Constructs a QOAuth2DeviceAuthorizationFlow object with parent object parent .
[explicit]
QOAuth2DeviceAuthorizationFlow::
QOAuth2DeviceAuthorizationFlow
(
QNetworkAccessManager
*
manager
,
QObject
*
parent
= nullptr)
Constructs a QOAuth2DeviceAuthorizationFlow object using parent as parent and sets manager as the network access manager.
[override virtual noexcept]
QOAuth2DeviceAuthorizationFlow::
~QOAuth2DeviceAuthorizationFlow
()
销毁 QOAuth2DeviceAuthorizationFlow 实例。
[signal]
void
QOAuth2DeviceAuthorizationFlow::
authorizeWithUserCode
(const
QUrl
&
verificationUrl
, const
QString
&
userCode
, const
QUrl
&
completeVerificationUrl
)
This signal is emitted when user should complete the authorization.
If authorization server has provided completeVerificationUrl , user can navigate to that URL. The URL contains the needed userCode and any other needed parameters.
Alternatively, the user needs to navigate to verificationUrl and enter userCode manually.
另请参阅 Device Flow Usage .
[override virtual slot]
void
QOAuth2DeviceAuthorizationFlow::
grant
()
重实现: QAbstractOAuth::grant ().
Starts the authorization flow as described in Device Grant RFC .
The flow consists of following steps:
The flow progresses automatically from authorization to token polling.
Calling this function will reset any previous authorization data.
另请参阅 authorizeWithUserCode (), granted (), QAbstractOAuth::requestFailed (), polling , startTokenPolling (), stopTokenPolling (),和 Device Flow Usage .
[protected slot, since 6.9]
void
QOAuth2DeviceAuthorizationFlow::
refreshTokensImplementation
()
This function sends a token refresh request.
If the refresh request was initiated successfully, the status is set to
QAbstractOAuth::Status::RefreshingToken
; otherwise the
requestFailed
() signal is emitted and the status is not changed. Tokens cannot be refreshed while
isPolling
is
true
.
This function has no effect if the token refresh process is already in progress.
If refreshing the token fails and an access token exists, the status is set to QAbstractOAuth::Status::Granted , and to QAbstractOAuth::Status::NotAuthenticated if an access token does not exist.
该函数在 Qt 6.9 引入。
另请参阅 QAbstractOAuth::requestFailed () 和 QAbstractOAuth2::refreshTokens ().
[slot]
bool
QOAuth2DeviceAuthorizationFlow::
startTokenPolling
()
Starts token polling. Returns
true
if the start was successful (or was already active), and
false
否则。
Calling this function is not necessary in a typical use case. Once the authorization request has completed, as a result of grant () call, the polling is started automatically.
This function can be useful in cases where resuming (retrying) the token polling a bit later is needed, without restarting the whole authorization flow. For example in case of a transient network connectivity loss.
Polling interval is defined by the authorization server, and is typically 5 seconds. First poll request is sent once the first interval has elapsed.
另请参阅 polling , stopTokenPolling (),和 Device Flow Usage .
[slot]
void
QOAuth2DeviceAuthorizationFlow::
stopTokenPolling
()
Stops token polling. Any potential outstanding poll requests are silently discarded.
另请参阅 polling and startTokenPolling ().