How can I use Qt Network Authorization for Azure AD OAuth2

0
votes

I'm trying to adapt the Qt Network Authorization OAuth2 example for Reddit to work with Azure AD. I went to https://portal.azure.com/ -> Azure Active Directory -> App registrations then clicked "New application registration" and entered:

Azure Create

I copied the resulting Application ID into the app then got the URIs from Authorization Code Grant Flow:

The first part appears to work; the webpage opens and asks me to authenticate the login. But then the token request seems to fail. My logging shows:

AzureWrapper::grant()+
setModifyParametersFunction(): stage = RequestingAuthorization
AzureWrapper::grant()-
statusChanged(): status = TemporaryCredentialsReceived
setModifyParametersFunction(): stage = RequestingAccessToken
qt.networkauth.oauth2: Unexpected call
qt.networkauth.replyhandler: Error transferring https://login.microsoftonline.com/common/oauth2/token - server replied: Bad Request

What have I done wrong?

1
qtazureoauth-2.0azure-active-directory
Hi Parsley, I'm not aware of Qt Network Authorization, But since you want to integrate your app with AAD and use Authorization Code Grant Flow, it'd better use ADAL to achieve this. - Wayne Yang
Yes, but there isn't one for C/C++. - parsley72

1 Answers

0
votes

Azure AD needs in either the authorization code request or in the access token request the App ID URI of the target web API (secured resource) that you want to use. (See https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code)

You can add this extra resource parameter in the authorization code request like this:

oauth2.setModifyParametersFunction([](QAbstractOAuth::Stage stage, QVariantMap* parameters) {
    if (stage == QAbstractOAuth::Stage::RequestingAuthorization) {
        parameters->insert("resource", "<App ID URI>");
    }
});