All geek questions in one place

Third-party custom Auth with electronic

I was looking for resources on how to implement custom auth in an Electron application.

I would like to use third-party services like Github so that users can log in and register. When using a "regular" Node.js application, I would most likely use something like a .js passport or similar to implement this.

My confusion arises from the fact that Electron applications are client-side, so the presence of things like your client’s private keys in client-side code seems to be wrong. So, what is the process of implementing a third-party user in Electron applications?

+4
source share
1 answer

Think of an electronic application as a standard browser page. Then you will have a standard oauth2 stream.

First of all, you need an intermediate level server where you will store clientId and clientSecret for third-party services.

You need to create something like a session between the electronic application and the middleware server (below I will show an example).

Below I will show an example of the github authorization process.

You need to use https.

Suppose your middle-tier server is available at example.com. Your need for at least two endpoints:

Github client_id and client_secret are stored only on this server.

GET https://example.com/initAuth/. uuid's. (, redis). uuid state github link, - /, . url github github: GET https://github.com/login/oauth/authorize

/ uuid URL.

target = "_ blank" - / separe. / uuid.

, oauth, . (https://example.com/oauth/token)

code state. , state. , code client_secret access_token ( - oauth). (redis) access_token uuid's. html- script, html .

, access_token.

  • , / uuid. access_token .
  • websockets
  • , "oauth", access_token.

, access_token , github, , github .

+2

Source: https://habr.com/ru/post/1657827/

More articles:


All Articles