topic OAuth2 without QML | Toolbox (Existing application) in Qt Maps SDK Questions

OAuth2 without QML | Toolbox (Existing application)

FlipVernooij — Mon, 30 Dec 2024 20:42:10 GMT

Hi!
I am trying to get OAuth2 to work within my existing application.
This application is currently using the

Esri::ArcGISRuntime::ArcGISRuntimeEnvironment::setApiKey("***")

method to set the API key, but we want to change this to OAuth.,
I have been looking at all the examples but it doesn't seem very useful for my implementation.

I figured out what url to call and I am able to go through the login from within my QT Desktop application.
I figured out I can change the "redirect-url" to "my-application://oauth" which will automatically open/re-activate my application after login.

Where I am stuck is that (atleast under OSX) I can not intercept that call in QT (when my application is already open)

Calling the following url, anyone knows what "response_type"s are available, perhaps that could help me out.

QString authUrl = QString("https://www.arcgis.com/sharing/rest/oauth2/authorize?client_id=%1&redirect_uri=%2&response_type=code")
                      .arg(clientId)
                      .arg(redirectUri)

Does anyone know how to intercept the redirect from the QWebview or how to filter the specific event under OSX (and Windows/Linux) and what should I do with the token?

A link to some actual documentation instead of QML examples would be great too!!

Re: OAuth2 without QML | Toolbox (Existing application)

JamesBallard1 — Thu, 02 Jan 2025 22:59:36 GMT

Hi @FlipVernooij . Without using our toolkit components, it will be difficult to process OAuth2 manually. It's doable, but we handle all the details in our toolkit code.

I recently did some R&D on the workflow you're attempting, and some of the details are in a branch. Note, some of that branch is based on code that doesn't exist yet in our product (and may never), so take it with a grain of salt.

https://github.com/Esri/arcgis-maps-sdk-toolkit-qt/blob/james/oauth_callback_spike/uitools/toolkitcpp/cpp/Esri/ArcGISRuntime/Toolkit/ArcGISAuthenticationController.cpp#L162-L199

https://github.com/Esri/arcgis-maps-sdk-toolkit-qt/blob/james/oauth_callback_spike/uitools/toolkitcpp/cpp/Esri/ArcGISRuntime/Toolkit/CustomOAuth2AuthorizationCodeFlow.cpp

These are based on Qt's newer OAuth support classes. Refer to https://doc.qt.io/qt-6/qoauthurischemereplyhandler.html#ios-and-macos for how to setup the callback URI scheme and register your app. I tried this on macOS and couldn't get it working, but I was mostly focused on iOS and Android.

These recommendations are for the out-of-process browser login experience. If you're ok with using the WebView, which will callback to the same app, you can use "urn:ietf:wg:oauth:2.0:oob" as your callback URI. That is what we currently do in our toolkit.

If you're working with arcgis services, then take a look at https://developers.arcgis.com/documentation/security-and-authentication/user-authentication/oauth-credentials-user/ for how to configure this and register your callback URI/URL.

Re: OAuth2 without QML | Toolbox (Existing application)

JamesBallard1 — Thu, 02 Jan 2025 23:01:47 GMT

@FlipVernooij I should add that we do have a toolkit for Qt Widgets as well, and our OAuth2 sign in workflow is supported there as well. It just doesn't have any examples to go along with it.

https://github.com/Esri/arcgis-maps-sdk-toolkit-qt/blob/main/uitools/toolkitwidgets/docs/AuthenticationView.md