Add support for public clients

owncloud · Aug 22, 2024 · 10f0b6b · 10f0b6b
1 parent 51e8de3
commit 10f0b6b
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 13 deletions.
diff --git a/src/libsync/creds/oauth.cpp b/src/libsync/creds/oauth.cpp
@@ -170,10 +170,11 @@ class RegisterClientJob : public QObject
 private:
     void registerClientOnline()
     {
-        const QJsonObject json({ { QStringLiteral("client_name"), QStringLiteral("%1 %2").arg(Theme::instance()->appNameGUI(), OCC::Version::versionWithBuildNumber().toString()) },
-            { QStringLiteral("redirect_uris"), QJsonArray { QStringLiteral("http://127.0.0.1") } },
-            { QStringLiteral("application_type"), QStringLiteral("native") },
-            { QStringLiteral("token_endpoint_auth_method"), QStringLiteral("client_secret_basic") } });
+        const QJsonObject json(
+            {{QStringLiteral("client_name"), QStringLiteral("%1 %2").arg(Theme::instance()->appNameGUI(), OCC::Version::versionWithBuildNumber().toString())},
+                {QStringLiteral("redirect_uris"), QJsonArray{QStringLiteral("http://127.0.0.1")}},
+                {QStringLiteral("application_type"), QStringLiteral("native")}, //
+                {QStringLiteral("token_endpoint_auth_method"), QStringLiteral("none")}});
         QNetworkRequest req;
         req.setUrl(_registrationEndpoint);
         req.setAttribute(HttpCredentials::DontAddCredentialsAttribute, true);
@@ -436,6 +437,9 @@ QNetworkReply *OAuth::postTokenRequest(QUrlQuery &&queryItems)
         queryItems.addQueryItem(QStringLiteral("client_id"), _clientId);
         queryItems.addQueryItem(QStringLiteral("client_secret"), _clientSecret);
         break;
+    case TokenEndpointAuthMethods::none:
+        queryItems.addQueryItem(QStringLiteral("client_id"), _clientId);
+        break;
     }
     req.setHeader(QNetworkRequest::ContentTypeHeader, QStringLiteral("application/x-www-form-urlencoded; charset=UTF-8"));
     req.setAttribute(HttpCredentials::DontAddCredentialsAttribute, true);
@@ -554,13 +558,20 @@ void OAuth::fetchWellKnown()
                 _registrationEndpoint = QUrl::fromEncoded(data[QStringLiteral("registration_endpoint")].toString().toUtf8());
                 _redirectUrl = QStringLiteral("http://127.0.0.1");
 
-                const auto authMethods = data.value(QStringLiteral("token_endpoint_auth_methods_supported")).toArray();
-                if (authMethods.contains(QStringLiteral("client_secret_basic"))) {
-                    _endpointAuthMethod = TokenEndpointAuthMethods::client_secret_basic;
-                } else if (authMethods.contains(QStringLiteral("client_secret_post"))) {
-                    _endpointAuthMethod = TokenEndpointAuthMethods::client_secret_post;
+                if (_clientSecret.isEmpty()) {
+                    _endpointAuthMethod = TokenEndpointAuthMethods::none;
                 } else {
-                    OC_ASSERT_X(false, qPrintable(QStringLiteral("Unsupported token_endpoint_auth_methods_supported: %1").arg(QDebug::toString(authMethods))));
+                    const auto authMethods = data.value(QStringLiteral("token_endpoint_auth_methods_supported")).toArray();
+                    if (authMethods.contains(QStringLiteral("none"))) {
+                        _endpointAuthMethod = TokenEndpointAuthMethods::none;
+                    } else if (authMethods.contains(QStringLiteral("client_secret_post"))) {
+                        _endpointAuthMethod = TokenEndpointAuthMethods::client_secret_post;
+                    } else if (authMethods.contains(QStringLiteral("client_secret_basic"))) {
+                        _endpointAuthMethod = TokenEndpointAuthMethods::client_secret_basic;
+                    } else {
+                        OC_ASSERT_X(
+                            false, qPrintable(QStringLiteral("Unsupported token_endpoint_auth_methods_supported: %1").arg(QDebug::toString(authMethods))));
+                    }
                 }
                 const auto promtValuesSupported = data.value(QStringLiteral("prompt_values_supported")).toArray();
                 if (!promtValuesSupported.isEmpty()) {

diff --git a/src/libsync/creds/oauth.h b/src/libsync/creds/oauth.h
@@ -55,7 +55,7 @@ class OWNCLOUDSYNC_EXPORT OAuth : public QObject
 public:
     enum Result { NotSupported, LoggedIn, Error, ErrorInsecureUrl };
     Q_ENUM(Result)
-    enum class TokenEndpointAuthMethods : char { client_secret_basic, client_secret_post };
+    enum class TokenEndpointAuthMethods : char { none, client_secret_basic, client_secret_post };
     Q_ENUM(TokenEndpointAuthMethods)
 
     enum class PromptValuesSupported : char { none = 0, consent = 1 << 0, select_account = 1 << 1 };

diff --git a/src/libsync/theme.cpp b/src/libsync/theme.cpp
@@ -426,12 +426,12 @@ QString Theme::quotaBaseFolder() const
 
 QString Theme::oauthClientId() const
 {
-    return QStringLiteral("xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69");
+    return QStringLiteral("ownCloud Desktop Client 6.0+");
 }
 
 QString Theme::oauthClientSecret() const
 {
-    return QStringLiteral("UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh");
+    return QString();
 }
 
 QString Theme::oauthLocalhost() const