Tweeter::postStatusUpdate in the examples has multiple issues, at least on Ubuntu with Qt 5.3

I discovered lately all the OAuth process and for POST method, your great lib worked just fine.

Until I tried to use Oembed from Twitter using the GET method.

I've seen the issue #19 which use setToken and setTokenSecret. I wonder how since these methods are protected.

For my part, it's nothing fancy, I just try this

    O1Requestor* requestor = new O1Requestor(manager, o1, this);
    QList<O1RequestParameter> reqParams = QList<O1RequestParameter>();
    QUrl url = QUrl(QString("https://api.twitter.com/1.1/statuses/oembed.json?id=" + tweet_id));
    QNetworkRequest request(url);
    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
    QNetworkReply *replyEmbed = requestor->get(request, reqParams);
    connect(replyEmbed, SIGNAL(finished()), this, SLOT(addTweet()));

with

    o1 = new O1Twitter(this);
    o1->setClientId("shshshshshshshsh");
    o1->setClientSecret("shshshshshshshshshshshshshshshshshshshshshshshsh");

and successfully linked.

No matter what, I always get in response

ERROR: "Host requires authentication"
content: "{"errors":[{"code":32,"message":"Could not authenticate you."}]}"

I tried to qDebug the authParams, but it seems quite the same as the Twitter Oauth Generator

Any help would be really appreciated.
Thanks.

After reading the lastest README doucument you just uploaded,I still can't use this library to make an Open Platform Client(Sina weibo, like facebook) through oauth2 authorization which based on desktop(win7) enviorment.Is that this library not support in desktop application?

According to my poor knowledge about network and HTTP methods.I learnt that the o2reply is use for deal with the QNetworkreply queue.And the o2replyserver is use for handle the data from the TCP socket.At last,the o2requestor is for GET or POST with the token to use the API.But what make me painful is how all these stuff works in a project.I really want to know is the procedure of the the library(very hopeful).

1.Why it use the TCP instead of the QNetworkReply for processing the Authorization Reply?
2.
(1)What is the purpose of O2::LINK?
(2)Why the RediretUrl is http://localhost:%1/").arg(replyServer_->serverPort()?Can I change it which I had setted on callbackURL setting of the platform I used?
(3)It that right once the SIGNAL openBrowser(url) is emited,the newconnection from QTCP will be emitted?It's that means that we open the brwoser(Qurl) just for get response from the TCP port and have a TCP newconnecttion?If is is not?And how to active the SIGNAL newconnection?
(4).All the problems troubles me,because it is impossible to get the "CODE" with for acces the TOKEN. without sloving these problem.And could you please give me some advice for getting the CODE from the firt step of the oauth2.0 protocol.

Anyway,no matter you answer all these problems or no,still thanks for share such wonderful oauth2.0 library based on QT,cause such properties is extremly less.And all these problems may only for one reason------I am a typical noob~~~ orz

Hi, wish to know how to search Twitter by keyword using this library.

Currently, the finished-signal of O2Requestor passes an error code. In order to get a textual error message, the preferred way is to get it from QNetworkReply::errorString(). However, this is not available when the finished signal has been emitted as the QNetworkReply object is not accessible and may already have been destroyed.

How about adding the error string as a parameter to the finished signal?

In order to avoid breaking existing code, one could add another finished signal overload with the error string parameter.
What do you think about this? I can provide a pull-request if needed.

There are multiple lines in o2 using the setExpires() function like in o2.cpp:343 :
setExpires(QDateTime::currentMSecsSinceEpoch() / 1000 + expiresIn);

These lines cause a warning because a qint64 is passed as parameter but the setExpires function uses an int as parameter.

All the warnings would be fixed by changing the prototype of setExpires from
void O2::setExpires(int v)
to
void O2::setExpires(qint64 v)

To avoid potential conflicts with other libraries/code/etc., it would be nice to have all of the o2 code in its own namespace.

I managed to get o2 to work with SoundCloud. On a x64 Arch Linux with chromium, the function O2ReplyServer::onBytesReady() is called twice!

Once for the original redirect and another time for the favicon request that chromium issues automatically. A quick workaround is to quickly grab the token from the O2 object before it is deleted again:

void MainWindow::onLinkingSucceeded() {
    // Login has succeeded
    qDebug() << "Gained like a boss!";
    isReady = true;
    token = authenticator->token();
}

Of course this should not be left as it is. If I am able to fix it, I will give you a pull request!

First I have to say that I'm using this library in a slightly weird way. I'm storing the consumer secret/key and the token/token secret in my DB and creating an O1 object using this code:

O1 *AbstractMessage::createO1()
{
    O1 *oauth = new O1(this);
    oauth->setClientId(loginInfo->consumerKey);
    oauth->setClientSecret(loginInfo->consumerSecret);
    oauth->setToken(loginInfo->token);
    oauth->setTokenSecret(loginInfo->tokenSecret);
    return oauth;
}

QNetworkReply *AbstractMessage::oauthGetRequest(const QString &url)
{
    O1 *oauth = this->createO1();
    O1Requestor *requestor = new O1Requestor(this->networkAccessManager, oauth, this);
    return requestor->get(QNetworkRequest(url), QList<O1RequestParameter>());
}

I don't know if this can cause the error.

Calling to "oauthGetRequest()" with a URL like "https://one.ubuntu.com/api/file_storage/v1/~/foo" works like a charm.

However, when I try to do exactly the same with this URL "https://one.ubuntu.com/api/file_storage/v1/~/foo%20bar" or this other "https://one.ubuntu.com/api/file_storage/v1/~/foo?include_children=true" I'm getting a "Host requires authentication" error.

Could be this a problem with the way I'm using the library or could it be a bug?

Assume that I have two accounts (in my case two OneDrive accounts) and I login to the first account with O2. After I log out again (unlink()) and try to log in again, I am automatically logged into my first account. There is no way to select the second account.

The only workaround I see is to open the web-browser, open the OneDrive website and log out from there. Then, when I link() from O2, I can now select which account I want to log in to.

Is there a way I can force O2 (i.e. force the web-browser through O2) to let me select a new account?

Do you plan to upgrade DropBox to use OAuth2?
OAuth1 is going to be retired in 1 year (Jun 2017).
https://blogs.dropbox.com/developers/2016/06/api-v1-deprecated/

Application Output -
Starting /root/Documents/QtProjects/o2/examples/build-facebookdemo-Desktop_Qt_5_11_1_GCC_64bit-Release/facebookdemo... /root/Documents/QtProjects/o2/examples/build-facebookdemo-Desktop_Qt_5_11_1_GCC_64bit-Release/facebookdemo exited with code 1
Apart from example not running why the linkingSucceeded() signal is emitted again in on linkingSucceeded slot

I am trying to use this library with Xero, which uses standard 2-legged OAuth 1.0 with RSA-SHA1 (see https://developer.xero.com/documentation/getting-started/private-applications/)

It seems that only PLAINTEXT and HMAC_SHA1 are supported - are there any plans to add RSA-SHA1?

The O2::refresh() function is used to generate a new access token using the refresh token.
In the O2::onRefreshFinished() callback, the new access token is saved as expected. However O2::onRefreshFinished() assumes that the authorization server will provide the refresh token in the response. If the authorization server does not provide a refresh token, the old refresh token is replaced by an empty string. This issue is easily reproducible with YouTube where the access token expires each hour.

According to the OAuth v2 specs, when generating a new access token using a refresh token, the authorization server is not required to return the old refresh token nor a new refresh token. See https://tools.ietf.org/html/draft-ietf-oauth-v2-31
Also YouTube explicitly tells that the response when refreshing an access token DOES NOT contain the refresh token ( https://developers.google.com/youtube/v3/guides/auth/installed-apps ):

As long as the user has not revoked the access granted to the application, the token server returns a JSON object that contains a new access token. The following snippet shows a sample response:
{
"access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
"expires_in":3920,
"token_type":"Bearer"
}

Steps to reproduce:

1- Launch an application using O2
2- Add a YouTube account
3- Quit the application
4- Delete the access token (while leaving the refresh token for this account)
5- Launch again the application

Result: You can see that a new access token has been generated but the refresh token is gone.

6- Quit the application
7- Delete the access token
8- Launch again the application

Result: Since we have no access token and no refresh token, we need to request the user credentials.

Even I'm still trying to figure out how to use this with my project

Qt-5.9 - Windows. 8.1 Ming-Gw - cmake installed

This in no way is entirely on pipac. But people new to Qt like myself, have no idea how to implement this in our projects.

I have a qt-quick project which will import o2.
I have opened a new quick project and (open project'd) cmake'd the 02 file system, the problem is how do I link o2 with keychain?
Not only that, but how do I link o2 to my quick-project?

The documentation doesn't layout the steps, which is the exact reason noobs stay away from c++ and qt all together.

When I run the twitterdemo it starts the browser like it should and after I authorize the application I see the link succeeded message in the console but after that if I try to post a status it says application is not linked to twitter. I tried this with 2 different computers connected to different networks but still couldn't work it out. Could you help me to solve this problem?

note: I added
LIBS += -LC:/OpenSSL-Win32 -llibssl32
LIBS += -LC:/OpenSSL-Win32 -llibeay32
LIBS += -LC:/OpenSSL-Win32 -lssleay32
to the .pro file to get rid of ssl problems.
I use qt 5.5 and msvc2012 32 bit on windows 10

Hi all,

I tried to build the library and the example applications. Building the lib itself works fine in VisualStudio 2019.
Btw. I am working on windows 10.

In the top CMakeLists.txt I set the "o2_WITH_VIMEO" option to ON.
When I want to build the Vimeo example app (also with the lib), I get errors with unresolved external symbols.
public: __cdecl O2PollServer::O2PollServer(class QNetworkAccessManager *,class QNetworkRequest const &,class QByteArray const &,int,class QObject *)" " in function ""protected: void __cdecl O2::startPollServer(class QMap<class QString,class QVariant> const &)"
Also for "O2PollServer::setInterval(int)", "O2PollServer::startPolling(void)", "O2Vimeo::O2Vimeo(class QObject *)".
I first tried to implement my own auth class (like O2Vimeo), then I got a few different unresolved errors, but same picture.

I downloaded the master and run the cmake command: cmake -D CMAKE_PREFIX_PATH=C:\Qt\Qt5.12.3\5.12.3\msvc2015_64 -DBUILD_SHARED_LIBS=1 -Do2_WITH_KEYCHAIN=OFF .

Does anybody know what I did wrong or misconfigured? Or why the linker? does not find these symbols? Could it be that the linker does not find the o2.lib file?

If running on Windows (tested with the Qt 5.1 beta), the oauth_callback URL looks strange... it works if you reverse the slashes, but otherwise you just get a blank page instead of a login form. Not sure if this is o2's fault or QUrlQuery's.

It works just fine on both Mac and Linux.

I've created a desktop app in Azure AD and I've added a redirect URL for 127.0.0.1.
I've put the client id and the client secret in the msgraph example, but at the end of the authentication I get an error:

O2::onTokenReplyError:  QNetworkReply::AuthenticationRequiredError :  "Host requires authentication"
O2::onTokenReplyError:  "{\"error\":\"invalid_client\",\"error_description\":\"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented

The example uses O2::GrantFlowAuthorizationCode authentication method. The workaround I've found is to comment the line

parameters.insert(O2_OAUTH2_CLIENT_SECRET, clientSecret_);

from O2::onVerificationReceived.

Is there a better way? Do you think this is due to MS Graph OAuth dialect?

Hi,

In digiKam core we host the O2 source code internally to communicate with remote web service and export items from photo collections.

Few days ago, digiKam have been ported to Qt6 (it still compatible with Qt5) and i updated as well O2 library with last code available (previous version dating a lots)

Recently, a student working on ImgUr plugin for digiKam, has restored a small patch that i forget to re-integrate to O2:

https://invent.kde.org/graphics/digikam/-/merge_requests/170/diffs#842297e068b45b02767c92fbe54bbceec08c8ae8

Typically, in some conditions (probably an older Qt5 version), this patch must be applied to communicate properly.

We will re-integrate this patch to the O2 source code from digiKam core.

Best regards

Gilles Caulier

After receiving the refresh token in void O2::onTokenReplyFinished() where the token is present.
It never arrives in void O2::setRefreshToken(const QString &v) function somehow in my case.

Any ideas on that?

I am developing a Qt5 Twitter application, but was running into an issue during authentication. When my application attempts to authenticate, I get the following on stdout:

"The name org.ofono was not provided by any .service files"
"The name org.ofono was not provided by any .service files"
O1::link
O1::onTokenRequestError: 204 "Host requires authentication" "<?xml version="1.0" encoding="UTF-8"?>
<hash>
<error>Desktop applications only support the oauth_callback value 'oob'</error>
<request>/oauth/request_token</request>
</hash>
"

What's strange is I am able to launch OAuth from the twitterdemo example application provided.

Here is the relevant snippets of my class.

Again, the provided twitterdemo doesn't output any sort of stderr/stdout errors, and behaves exactly as expected.

I'm including all of the o2 source files, through the pri file provided, so I don't think it's any sort of missing dependency.

I'm using the following QT modules in my pro file: core gui network webkit webkitwidgets script

I've created a handler for Office365 Outlook.
Maybe it's something to add to the o2 library.

Hi

I am trying to use o2 library to upload photos to flickr. Authentication process goes well, but I am unable to upload a photo. The error says:
"Error when uploading file: authentication required"

I am sending a photo with

manager_ = new QNetworkAccessManager(this);
 o1_ = new O1Flickr(this);
 requestor_ = new O1Requestor(manager_, o1_, this)
QNetworkRequest request(uploadUrl_);
request.setHeader(QNetworkRequest::ContentTypeHeader, CONTENT_TYPE);
request.setHeader(QNetworkRequest::ContentLengthHeader, postData.length());
QNetworkReply *reply = requestor_->post(request, QList<O0RequestParameter>(), postData);

postData is a QbyteArray constructed as shown below:

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"title\"\r\n";
    requestData += "\r\n"+title_+"\r\n";

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"description\"\r\n";
    requestData += "\r\n"+description_+"\r\n";

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"tags\"\r\n";
    requestData += "\r\n"+tags_+"\r\n";

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"is_public\"\r\n";
    requestData += "\r\n"+isPublic_+"\r\n";

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"is_friend\"\r\n";
    requestData += "\r\n"+isFriend_+"\r\n";

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"is_family\"\r\n";
    requestData += "\r\n"+isFamily_+"\r\n";

    requestData += QString("--" HTTP_PART_BOUNDARY "\r\n").toUtf8();
    requestData += "Content-Disposition: form-data; name=\"photo\"; filename=\""+
            fileInfo.fileName()+"\"\r\n";
    QMimeDatabase db;
    QMimeType mimeType = db.mimeTypeForFile(filename);
    requestData += "Content-Type: "+mimeType.name()+"\r\n";
    requestData += "\r\n"+file.readAll()+"\r\n";
    file.close();

    requestData += QString("--" HTTP_PART_BOUNDARY "--\r\n").toUtf8();

Could someone tell me what I am doing wrong ?

thanks
Bogdan

just wanted to pass this back -- changes made to send OAuth1 hmac-sha256 instead of sha1's for services that have stopped accepting them

hmac-sha256_patch.txt
.

Hey all, just spent the day tracking down a bug when using o2 on windows. If
QCoreApplication::setOrganizationName();
QCoreApplication::setApplicationName();
Are not set then the Qsettings used in o2 will fail to write key value pairs (but will continue to run!). The return values end up being empty strings which causes everything to fail and when porting an application this can be quite annoying.

I'm mostly sharing so that others that hit this issue can find a quick fix, but it might be worth having o2 check if these are set and to set some defaults if not.

The O0_EXPORT has not been added to O2Google...

When using setReplyContent, this does not show up in the browser. For example, we can extend the facebookdemo by adding the following line to FBDemo::FBDemo

o2Facebook_->setReplyContent("You have succesfully authenticated to Facebook. ");

Expected behaviour:
After authenticating to Facebook, the browser displays the content "You have succesfully authenticated to Facebook."

Actual behaviour:
An empty page is shown. HTTP headers also do not seem to be received by the browser.

I tested this on MacOS High Sierra 10.13.3, using Firefox, Chromium and Safari. It also doesn't work when using a webview such as in the facebookexternalinterceptordemo.

Previously, I was on commit c0e33a8. It did work back then, but after pulling in all changes since then, it stopped working. I don't know which change/changes caused this problem.

Hello,

Wondering if there has been any luck with oauth2 and https enforced redirect_uri (aka callback, or replyserver) ?

I'm thinking along the lines of fudging QSslSocket bits into o2replyserver code.

Any idea's ?

The lines o1.cpp:144 and o1.cpp:164 use qSort which is deprecated:
"qSort(headers);"

It should use instead std::sort

Some websites will display Error code 500 if the request containts an API-Key

I have followed the steps under Installation from the README.md but I get errors when building the project. It complains about: 'inconsistent dll linkage' and 'definition of dllimport static data member not allowed'. See picture below. This also happens when trying to compile the Twitter example.

Does anyone knows a solution for this? I am building using QT version 5.8.0 on Window 10 64 bit.

So yeah when attempting to do

QNetworkReply *reply = requestor->get(request);

this error is thrown

uberlogin.cpp:38: error: invalid conversion from 'int' to 'QNetworkReply*' [-fpermissive] QNetworkReply *reply = requestor->get(request);

what am I supposed to do with the id?

If you follow the Readme closely and open the browser in Android on
void onOpenBrowser(const QUrl *url)
then the QTcpSocket in O2ReplyServer will pause processing network requests and the reply content will never be shown.
An easy fix is to change this line in the Qt-generated manifest.xml.

meta-data android:name="android.app.background_running" android:value="true"

This should be documented in the Readme.

the line

qDebug() << reply_->readAll();

flushes reply body to output which caused return of empty data in finished signal (when finish tries to perform readAll as well)

Can an option be provided which can send an authenticated HTTP DELETE command using requestor?

Hi, I tried the example you gave with the librairie, but they didn't work. Or at least I can not make it work.
The program run without error, but only the help is displayed,
Do you have any idea where the problem come from ?

Chrome sometimes issues a request for /favicon.ico which causes the token to reset.

Is there plan to include vk.com oauth2.0 support?

Will it be worthwhile to create new issue and requests?
Is there any plan to further develop this?

O2 currently takes liberties with the credential storage, which causes trouble for applications which can handle multiple accounts. Declaring O1::token(), O1::tokenSecret() and appropriate functions in O2 as virtual would allow subclasses to easily handle their own storage.

Hi Team,

I have written my Http application in C++ (non-Qt) . I want to add oauth2 functionality to it.
Could you please confirm if I can use this library with my non-Qt C++ application ?

Thanks in advance

Hi,

Your lib is great. Perfect for allowing my c++ app to get access to my Twitter or Facebook account without having a web server in the way.

What I want to do is authenticate against my own oauth server using a simple password grant ( user, password, clientid only). Your lib handles adding tokens to subsequent outbound requests nicely but is geared towards an authorisation grant type, not a simple password grant against my own server.

Would you consider a pull request that filled that gap? Right now I have php and .net oauth auth servers that I want my c++ apps to authorise against but your lib only does part of what I need, ie: it assumes url redirects etc, when I have no need for such mechanisms as I have my own simple oauth password grant server.

If you'd be interested, I'd write one and submit a pull request.

Thanks,
Rich

I am just a QT beginner and I have learnt your files for a few days.But I can't totally get all of these programs.
In the O2.h header of your project,some signal function suck like "openbrowser()" and"linkingSucceeded() " are declared in a moc_o2.cpp.And it's extremly hard to understand this method for me.And while I use the"link()" to test the "emit openBrowser(url)",but my browser did not have any reaction,why?
The oauth2 authorization is start with the SIGNAL of a newconnecttion(),right?But how to active a newconnecttion?
I hope I can use it to develop Sina API's based on QT and the main purpose is make my program having the ability to update a state through the facebook or other API platform,not for serve it to the public,that means I am both the appilication Client and the Resource Owner.
Please help give me a hand. ^ ^

Regard

In o2requestor.cpp, new O2Reply objects are added to an O2ReplyList when a new request is made. The pointers are however never deleted after removing them from the list (once the request is finished). This leads to a memory leak.

Hi
I am trying to upload photos to twitter from my app and i am using your library.
The following is the code that i am using:

QFile file(imgPath);
if (!file.open(QIODevice::ReadOnly))
    {
        return false;
    }
QByteArray m_buffer = file.readAll();

O1Requestor* requestor = new O1Requestor(d->netMngr, d->o1Twitter, this);
QList<O0RequestParameter> reqParams = QList<O0RequestParameter>();

reqParams << O0RequestParameter(QByteArray("media"), m_buffer);
reqParams << O0RequestParameter(QByteArray("media_type"), QByteArray("image/jpeg"));

QByteArray postData = O1::createQueryParameters(reqParams);

QUrl url = QUrl("https://upload.twitter.com/1.1/media/upload.json");
QNetworkRequest request(url);

request.setHeader(QNetworkRequest::ContentTypeHeader, O2_MIME_TYPE_XFORM);
QNetworkReply *reply = requestor->post(request, reqParams, postData);

The result is the following:

ERROR: "Host requires authentication"
Content: "{"errors":[{"code":32,"message":"Could not authenticate you."}]}"

I tried doing something simple like posting a tweet saying Hello to test the authentication using statuses/update endpoint and it worked with no errors.
The following is the code also if it is required:

QUrl url2 = QUrl("https://api.twitter.com/1.1/statuses/update.json);

reqParams = QList<O0RequestParameter>();
reqParams << O0RequestParameter(QByteArray("status"), "Hello");
postData = O1::createQueryParameters(reqParams);

request.setUrl(url2);
request.setHeader(QNetworkRequest::ContentTypeHeader, O2_MIME_TYPE_XFORM);
QNetworkReply *reply = requestor->post(request, reqParams, postData);

Could you please help me with this issue.
Thanks

I'm trying to authenticate with my own hydra instance and I have the following error during the callback:

O2ReplyServer::onBytesReady: No query params found, waiting for more callbacks

Any idea?