How to handle OAuth?


#1

Currently trying to wrap my head around OAuth in an Electron app.

For a lot of OAuth providers, they require a redirect URL. What’s the way to handle that with Electron?

For instance, Google OAuth. That’s what I’m currently trying to enable.

And secondarily, what’s the best way to store the client id and secret for the app to use to make the OAuth calls?

Thank you in advance!


#2

I was about to get OAuth working with Google as a provider. Blog post to come!

Still curious to know the best practices in storing client id and secrets securely. Would love to hear some thoughts on this!


#3

You may want to check out the node-keytar module. It integrates with the standard OS keychain mechanism.


#4

That would definitely be great to store passwords, but I’m needing to store the client secret for the API requests. Having it in a module seems like the best approach the moment, it shouldn’t be discoverable there I don’t think. And the only other thing that’s store is the refresh token per user in local storage.