Get OAuth2 URL from server settings

domain-server/resources/describe-settings.json

@@ -85,7 +85,7 @@
             "backup": false
         },
         {
-            "name": "authentication_oauth2_url_base",
+            "name": "oauth2_url_base",
             "label": "Authentication URL Base",
             "help": "The URL base that the Interface and domain-server will use to make API requests.",
             "advanced": true

domain-server/src/DomainGatekeeper.cpp

@@ -444,6 +444,7 @@ SharedNodePointer DomainGatekeeper::processAssignmentConnectRequest(const NodeCo
     return newNode;
 }
 
+const QString AUTHENTICATION_OAUTH2_URL_BASE = "authentication.oauth2_url_base";
 const QString MAXIMUM_USER_CAPACITY = "security.maximum_user_capacity";
 const QString MAXIMUM_USER_CAPACITY_REDIRECT_LOCATION = "security.maximum_user_capacity_redirect_location";
 
@@ -533,8 +534,14 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
 
     if (!userPerms.can(NodePermissions::Permission::canConnectToDomain)) {
         if (domainHasLogin()) {
+            QString domainAuthURL;
+            auto domainAuthURLVariant = _server->_settingsManager.valueForKeyPath(AUTHENTICATION_OAUTH2_URL_BASE);
+            if (domainAuthURLVariant.canConvert<QString>()) {
+                domainAuthURL = domainAuthURLVariant.toString();
+                qDebug() << "Domain authorization URL:" << domainAuthURL;
+            }
             sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.",
-                nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedDomain);
+                nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedDomain, domainAuthURL);
         } else {
             sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.",
                 nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedMetaverse);
@@ -1164,13 +1171,8 @@ void DomainGatekeeper::refreshGroupsCache() {
 }
 
 bool DomainGatekeeper::domainHasLogin() {
-    // The domain may have its own users and groups. This is enabled in the server settings by ...
+    // The domain may have its own users and groups. This is enabled in the server settings by ... #######
-    // ####### TODO: Use a particular string in the server name or set a particular tag in the server's settings?
+    // ####### TODO: Base on server settings.
-    //                Or add a new server setting?
-
-    // ####### TODO: Also configure URL for getting user's group memberships, in the server's settings?
-
-    // ####### TODO
     return true;
 }
 

interface/resources/qml/LoginDialog/LinkAccountBody.qml

@@ -46,7 +46,6 @@ Item {
 
     readonly property bool loginDialogPoppedUp: loginDialog.getLoginDialogPoppedUp()
     readonly property bool isLoggingInToDomain: loginDialog.getDomainLoginRequested()
-    readonly property string domainAuthProvider: loginDialog.getDomainLoginAuthProvider()
 
     QtObject {
         id: d
@@ -76,7 +75,7 @@ Item {
         if (!isLoggingInToDomain) {
             loginDialog.login(emailField.text, passwordField.text);
         } else {
-            loginDialog.loginDomain(emailField.text, passwordField.text, domainAuthProvider);
+            loginDialog.loginDomain(emailField.text, passwordField.text);
         }
         
         if (linkAccountBody.loginDialogPoppedUp) {

interface/src/ui/DialogsManager.cpp

@@ -29,7 +29,6 @@
 #include "OctreeStatsDialog.h"
 #include "PreferencesDialog.h"
 #include "UpdateDialog.h"
-#include "DomainHandler.h"
 
 #include "scripting/HMDScriptingInterface.h"
 
@@ -131,15 +130,6 @@ void DialogsManager::hideLoginDialog() {
 
 
 void DialogsManager::showDomainLoginDialog() {
-    const QJsonObject& settingsObject = DependencyManager::get<NodeList>()->getDomainHandler().getSettingsObject();
-    static const QString WP_OAUTH2_SERVER_URL = "authentication_oauth2_url_base";
-    
-    if (!settingsObject.contains(WP_OAUTH2_SERVER_URL)) {
-        qDebug() << "Cannot log in to domain because an OAuth2 authorization was required but no authorization server was specified.";
-        return;
-    }
-    
-    _domainLoginAuthProvider = settingsObject[WP_OAUTH2_SERVER_URL].toString();
     _isDomainLogin = true;
     LoginDialog::showWithSelection();
 }

interface/src/ui/DialogsManager.h

@@ -42,7 +42,6 @@ public:
     void emitAddressBarShown(bool visible) { emit addressBarShown(visible); }
     void setAddressBarVisible(bool addressBarVisible);
     bool getIsDomainLogin() { return _isDomainLogin; }
-    QString getDomainLoginAuthProvider() { return _domainLoginAuthProvider; }
 
 public slots:
     void showAddressBar();
@@ -88,7 +87,6 @@ private:
     bool _addressBarVisible { false };
 
     bool _isDomainLogin { false };
-    QString _domainLoginAuthProvider { "" };
 };
 
 #endif // hifi_DialogsManager_h

interface/src/ui/LoginDialog.cpp

@@ -143,12 +143,9 @@ void LoginDialog::login(const QString& username, const QString& password) const
     DependencyManager::get<AccountManager>()->requestAccessToken(username, password);
 }
 
-void LoginDialog::loginDomain(const QString& username, const QString& password, const QString& domainAuthProvider) const {
+void LoginDialog::loginDomain(const QString& username, const QString& password) const {
-    qDebug() << "Attempting to login" << username << "into a domain through" << domainAuthProvider;
+    qDebug() << "Attempting to login" << username << "into a domain";
-    DependencyManager::get<DomainAccountManager>()->requestAccessToken(username, password, domainAuthProvider);
+    DependencyManager::get<DomainAccountManager>()->requestAccessToken(username, password);
-
-    // ####### TODO: It may not be necessary to pass domainAuthProvider to the login dialog and through to here because it was 
-    //               originally provided to the QML from C++.
 }
 
 void LoginDialog::loginThroughOculus() {
@@ -430,7 +427,3 @@ void LoginDialog::signupFailed(QNetworkReply* reply) {
 bool LoginDialog::getDomainLoginRequested() const {
     return DependencyManager::get<DialogsManager>()->getIsDomainLogin();
 }
-
-QString LoginDialog::getDomainLoginAuthProvider() const {
-    return DependencyManager::get<DialogsManager>()->getDomainLoginAuthProvider();
-}

interface/src/ui/LoginDialog.h

@@ -72,7 +72,7 @@ protected slots:
     Q_INVOKABLE QString oculusUserID() const;
 
     Q_INVOKABLE void login(const QString& username, const QString& password) const;
-    Q_INVOKABLE void loginDomain(const QString& username, const QString& password, const QString& domainAuthProvider) const;
+    Q_INVOKABLE void loginDomain(const QString& username, const QString& password) const;
     Q_INVOKABLE void loginThroughSteam();
     Q_INVOKABLE void linkSteam();
     Q_INVOKABLE void createAccountFromSteam(QString username = QString());
@@ -85,7 +85,6 @@ protected slots:
     Q_INVOKABLE bool getLoginDialogPoppedUp() const;
 
     Q_INVOKABLE bool getDomainLoginRequested() const;
-    Q_INVOKABLE QString getDomainLoginAuthProvider() const;
 
 };
 

libraries/networking/src/DomainAccountManager.cpp

@@ -45,7 +45,17 @@ DomainAccountManager::DomainAccountManager() {
     connect(this, &DomainAccountManager::loginComplete, this, &DomainAccountManager::sendInterfaceAccessTokenToServer);
 }
 
-void DomainAccountManager::requestAccessToken(const QString& login, const QString& password, const QString& domainAuthProvider) {
+void DomainAccountManager::setAuthURL(const QUrl& authURL) {
+    if (_authURL != authURL) {
+        _authURL = authURL;
+
+        qCDebug(networking) << "AccountManager URL for authenticated requests has been changed to" << qPrintable(_authURL.toString());
+
+        // ####### TODO: See AccountManager::setAuthURL().
+    }
+}
+
+void DomainAccountManager::requestAccessToken(const QString& login, const QString& password) {
 
     QNetworkAccessManager& networkAccessManager = NetworkAccessManager::getInstance();
 
@@ -53,7 +63,7 @@ void DomainAccountManager::requestAccessToken(const QString& login, const QStrin
     request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, true);
     request.setHeader(QNetworkRequest::UserAgentHeader, NetworkingConstants::VIRCADIA_USER_AGENT);
 
-    _domainAuthProviderURL = domainAuthProvider;
+    _domainAuthProviderURL = _authURL;
     _domainAuthProviderURL.setPath("/oauth/token");
 
     QByteArray postData;

libraries/networking/src/DomainAccountManager.h

@@ -13,6 +13,7 @@
 #define hifi_DomainAccountManager_h
 
 #include <QtCore/QObject>
+#include <QtCore/QUrl>
 
 #include <DependencyManager.h>
 
@@ -22,10 +23,12 @@ class DomainAccountManager : public QObject, public Dependency {
 public:
     DomainAccountManager();
 
+    void setAuthURL(const QUrl& authURL);
+
     Q_INVOKABLE bool checkAndSignalForAccessToken();
 
 public slots:
-    void requestAccessToken(const QString& login, const QString& password, const QString& domainAuthProvider);
+    void requestAccessToken(const QString& login, const QString& password);
     
     void requestAccessTokenFinished();
 signals:
@@ -41,6 +44,8 @@ private:
     bool accessTokenIsExpired();
     void setAccessTokenFromJSON(const QJsonObject&);
     void sendInterfaceAccessTokenToServer();
+
+    QUrl _authURL;
 };
 
 #endif  // hifi_DomainAccountManager_h

libraries/networking/src/DomainHandler.cpp

@@ -584,8 +584,11 @@ void DomainHandler::processDomainServerConnectionDeniedPacket(QSharedPointer<Rec
         }
     } else if (reasonSuggestsDomainLogin(reasonCode)) {
         qCWarning(networking) << "Make sure you are logged in to the domain.";
-        
+
         auto accountManager = DependencyManager::get<DomainAccountManager>();
+        if (!extraInfo.isEmpty()) {
+            accountManager->setAuthURL(extraInfo);
+        }
 
         if (!_hasCheckedForDomainAccessToken) {
             accountManager->checkAndSignalForAccessToken();