Amber Web Authorization Framework
API DocumentationOAuth1 Class
(Amber::Web::Authorization::OAuth1)Provides a helper to allow applications to integrate OAuth1 flows. More...
| Header: | #include <OAuth1> |
| Instantiated By: | OAuth1 |
Public Types
| enum | FlowType { InvalidFlow, OAuth10aFlow } |
Properties
|
|
Public Functions
| OAuth1(QObject *parent = nullptr) | |
| ~OAuth1() | |
| QString | accessTokenEndpoint() const |
| QString | authorizeTokenEndpoint() const |
| QString | consumerKey() const |
| QString | consumerSecret() const |
| QVariantMap | customParameters() const |
| Amber::Web::Authorization::Error | error() const |
| FlowType | flowType() const |
| QString | generateAuthorizationHeader(const QString &oauthToken, const QString &oauthTokenSecret, const QString &httpMethod, const QString &url) |
| QUrl | generateAuthorizationUrl(const QString &oauthToken) |
| QVariantMap | parseRedirectUri(const QString &redirectUri) |
| QString | redirectUri() const |
| void | requestAccessToken(const QString &oauthToken, const QString &oauthTokenSecret, const QString &oauthVerifier) |
| void | requestTemporaryToken() |
| QString | requestTokenEndpoint() const |
| void | setAccessTokenEndpoint(const QString &endpoint) |
| void | setAuthorizeTokenEndpoint(const QString &endpoint) |
| void | setConsumerKey(const QString &key) |
| void | setConsumerSecret(const QString &secret) |
| void | setCustomParameters(const QVariantMap ¶meters) |
| void | setFlowType(FlowType flow) |
| void | setRedirectUri(const QString &uri) |
| void | setRequestTokenEndpoint(const QString &endpoint) |
| void | setUserAgent(const QString &ua) |
| QString | userAgent() const |
Signals
| void | accessTokenEndpointChanged() |
| void | authorizeTokenEndpointChanged() |
| void | consumerKeyChanged() |
| void | consumerSecretChanged() |
| void | customParametersChanged() |
| void | errorChanged() |
| void | flowTypeChanged() |
| void | receivedAccessToken(const QString &oauthToken, const QString &oauthTokenSecret) |
| void | receivedTemporaryToken(const QString &oauthToken, const QString &oauthTokenSecret) |
| void | redirectParseError(const QString &errorMessage) |
| void | redirectUriChanged() |
| void | requestTokenEndpointChanged() |
| void | userAgentChanged() |
Static Public Members
| QString | authorizationHeader(const QString &consumerKey, const QString &consumerSecret, const QString &oauthToken, const QString &oauthTokenSecret, const QString &requestMethod, const QString &requestUrl, const QString &redirectUri, const QList<QPair<QString, QString> > ¶meters) |
| QString | hmacSha1(const QString &signingKey, const QString &baseString) |
Detailed Description
Provides a helper to allow applications to integrate OAuth1 flows.
Applications can use an instance of this type to retrieve an access token from an OAuth1-enabled remote service (such as Twitter).
Member Type Documentation
enum OAuth1::FlowType
This enum defines the OAuth1 flow types supported by the helper.
Property Documentation
accessTokenEndpoint : QString
This property holds this property holds the "access token endpoint" OAuth1 parameter which should be used by the helper in order to exchange the temporary token (and temporary token secret) plus verifier for a valid access token.
It must be a full, valid URL which is specified by the remote service, e.g. https://api.twitter.com/oauth/access_token.
It is a mandatory property.
Access functions:
| QString | accessTokenEndpoint() const |
| void | setAccessTokenEndpoint(const QString &endpoint) |
Notifier signal:
| void | accessTokenEndpointChanged() |
authorizeTokenEndpoint : QString
This property holds this property holds the "authorize token endpoint" OAuth1 parameter which should be used by the helper when generating an authorization URL which will then be opened in the system browser, which allows the user to authorize the application.
Once successful, the browser will be redirected to the location specified by the redirectUri property, with query parameters which include the verifier code for the temporary token.
It must be a full, valid URL which is specified by the remote service, e.g. https://api.twitter.com/oauth/authorize.
It is a mandatory property.
Access functions:
| QString | authorizeTokenEndpoint() const |
| void | setAuthorizeTokenEndpoint(const QString &endpoint) |
Notifier signal:
| void | authorizeTokenEndpointChanged() |
consumerKey : QString
This property holds this property holds the "consumer_key" OAuth1 parameter which is associated with the client application.
It is a mandatory property.
Access functions:
| QString | consumerKey() const |
| void | setConsumerKey(const QString &key) |
Notifier signal:
| void | consumerKeyChanged() |
consumerSecret : QString
This property holds this property holds the "consumer_secret" OAuth1 parameter which is associated with the client application.
It is a mandatory property.
Access functions:
| QString | consumerSecret() const |
| void | setConsumerSecret(const QString &secret) |
Notifier signal:
| void | consumerSecretChanged() |
customParameters : QVariantMap
This property holds this property holds the custom parameters which should be included as query parameters in the next request to the server.
It is a dictionary of key/value pairs, where both the key and value must be strings.
Some services allow (or sometimes, require) clients to pass non-standard parameters at various points in the OAuth1 flow, and this property allows the client to specify appropriate values for such parameters.
It is an optional property.
Access functions:
| QVariantMap | customParameters() const |
| void | setCustomParameters(const QVariantMap ¶meters) |
Notifier signal:
| void | customParametersChanged() |
error : const Amber::Web::Authorization::Error
This property holds this property holds information associated with the most recent operation error encountered by the helper.
The possible values of the error code are described here.
In general, if any error (other than NoError) occurs, then the flow has failed for some reason.
Access functions:
| Amber::Web::Authorization::Error | error() const |
Notifier signal:
| void | errorChanged() |
flowType : FlowType
This property holds this property holds the specific OAuth1 flow type which the client application will use.
The default (and only supported) value is OAuth10a.
Access functions:
| FlowType | flowType() const |
| void | setFlowType(FlowType flow) |
Notifier signal:
| void | flowTypeChanged() |
redirectUri : QString
This property holds this property holds the redirect URI to which the system browser will be redirected once the authorization step of the flow is complete.
If the client application is using a RedirectListener to listen for that redirect, then this property should be bound the uri property of the RedirectListener instance.
Otherwise, if the client application is using some other mechanism to listen for redirects, it should set this property value to the appropriate redirect URI value (which the client application is able to handle).
It is a mandatory property.
Access functions:
| QString | redirectUri() const |
| void | setRedirectUri(const QString &uri) |
Notifier signal:
| void | redirectUriChanged() |
requestTokenEndpoint : QString
This property holds this property holds the "request token endpoint" OAuth1 parameter which should be used by the helper in order to request a temporary token.
It must be a full, valid URL which is specified by the remote service, e.g. https://api.twitter.com/oauth/request_token.
It is a mandatory property.
Access functions:
| QString | requestTokenEndpoint() const |
| void | setRequestTokenEndpoint(const QString &endpoint) |
Notifier signal:
| void | requestTokenEndpointChanged() |
userAgent : QString
This property holds this property holds the user agent string which should be specified in the request headers when performing the authorization flow.
It is an optional property.
Access functions:
| QString | userAgent() const |
| void | setUserAgent(const QString &ua) |
Notifier signal:
| void | userAgentChanged() |
Member Function Documentation
OAuth1::OAuth1(QObject *parent = nullptr)
Constructs a new OAuth1 helper instance, with the specified QObject parent.
OAuth1::~OAuth1()
Destroys the OAuth1 helper instance
[static] QString OAuth1::authorizationHeader(const QString &consumerKey, const QString &consumerSecret, const QString &oauthToken, const QString &oauthTokenSecret, const QString &requestMethod, const QString &requestUrl, const QString &redirectUri, const QList<QPair<QString, QString> > ¶meters)
QString OAuth1::generateAuthorizationHeader(const QString &oauthToken, const QString &oauthTokenSecret, const QString &httpMethod, const QString &url)
Generates an appropriate authorization header for an OAuth10a request
Once a client application has completed the OAuth1 authorization flow and received a valid OAuth1 token and token_secret, any requests it makes to the server which require this authorization must include an appropriate authorization header.
Clients may call this method to generate an appropriate authorization header for the specified httpMethod (e.g. "GET") on the specified resource url, given the specified oauthToken and oauthTokenSecret (and using the consumerKey and consumerSecret specified via properties).
QUrl OAuth1::generateAuthorizationUrl(const QString &oauthToken)
Build an authorization URL to be displayed in the system web browser.
The second step in an OAuth1 flow is to allow the user to authorize (or deny authorization for) the application, which is performed via the system web browser. The client application must generate an appropriate authorization URL (which contains parameters identifying the application and is signed with the temporary token requested in the first step).
After setting the appropriate properties on the helper, the client may call this method to generate the URL. This URL can then be displayed in the system web browser, and if the user authorizes the application accordingly, the web browser will be redirected to the URI specified in the redirectUri property, with a verifier code included as a query parameter.
On success, this method returns a valid URL.
Otherwise, an invalid URL is returned, and the error property will be set, and the errorChanged() signal will be emitted.
[static] QString OAuth1::hmacSha1(const QString &signingKey, const QString &baseString)
QVariantMap OAuth1::parseRedirectUri(const QString &redirectUri)
Parse the given redirectUri and construct a map of key/value pairs.
Both the URI fragment and the query parameters will be parsed, and the key/value pairs will be inserted into the returned dictionary.
The client can then look for the existence of appropriate entries (e.g. "error", "code", "access_token", etc.
Any errors encountered during parsing are assumed to be non-fatal, and so while the redirectParseError signal will be emitted, the error will not be set.
The client must determine whether the flow has failed, for example by determining whether the output contains the appropriate token.
[signal] void OAuth1::receivedAccessToken(const QString &oauthToken, const QString &oauthTokenSecret)
This signal is emitted when the helper receives an access token from the remote service.
See also requestAccessToken().
[signal] void OAuth1::receivedTemporaryToken(const QString &oauthToken, const QString &oauthTokenSecret)
This signal is emitted when the helper receives a temporary token from the remote service.
See also requestTemporaryToken().
[signal] void OAuth1::redirectParseError(const QString &errorMessage)
This signal is emitted if the helper encounters a (possibly non-fatal) error while parsing the redirect
void OAuth1::requestAccessToken(const QString &oauthToken, const QString &oauthTokenSecret, const QString &oauthVerifier)
Request an access token from the remote service.
The third step in an OAuth1 flow is to request a full access token from the remote service, by providing the temporary oauthToken and oauthTokenSecret (received in step one) along with the oauthVerifier code (received after step two).
Note that the verifier code is received by parsing the web browser redirect which results from the user authorizing the application via the system web browser flow. That flow is initiated by loading the authorization URL (which was generated in step two) in the system web browser.
After setting the appropriate properties on the helper, the client may call this method to request the access token.
On success, this method will emit the receivedAccessToken() signal.
Otherwise, the error property will be set, and the errorChanged() signal will be emitted.
void OAuth1::requestTemporaryToken()
Request a temporary token from the server.
The first step in an OAuth1 flow is to request a temporary token from the remote server. After setting the appropriate properties on the helper, the client may call this method to initiate this request.
On success, the receivedTemporaryToken() signal will be emitted. Otherwise, the error property will be set, and the errorChanged() signal will be emitted.