Oauth2.0 integration fails


#1

Hello,

I am currently trying to implement an OAuth2.0 API which requires a callback URI. I tested the auth path, and the params in Postman as well as a regular Chrome window.

When following the same process done by others with Github API. I am not getting forwarded to the callback url. The auth page simply refreshes. I also logged the response as well as redirect triggers. Nothing useful.

My code is identical to theirs! Only difference is the URL. What can be the cause of this? Has there been any recent updates that make their code useless?

Thanks,
B


#2

Upon more investigation, I discovered that event.preventDefault() is triggered and event.defaultPrevented is set to true. I am posting more code here:

ipc.on('auth-request', function (event, arg) {
console.log("Got authentication request");

var appId = '1234';
var callbackURI = 'https://localhost/callback';
var uri = 'https://api.put.io/v2/oauth2/authenticate?client_id=${appId}&response_type=code&redirect_uri=${callbackURI}';

authWindow = new BrowserWindow({
  width: 500,
  height: 800,
  show: false,
  'node-integration': false,
  'web-security': false
});

authWindow.loadUrl(uri);

// Show window only after window is loaded
authWindow.webContents.on('did-stop-loading', function (event, oldUrl, newUrl, isMainFrame) {
  authWindow.show();
});

authWindow.webContents.on('did-get-redirect-request', function (event, oldUrl, newUrl, isMainFrame) {
  // event.preventDefault();
  console.log(event);
  console.log(newUrl);
});

authWindow.on('closed', function() {
  authWindow = null;
});

});


#3

As per the issue I opened here, the problem is solved by upgrading Electron to 0.29.4.


#4

Hi there, I wrote an article about implementing oAuth authentication with GitHub. You can find it at http://iamemmanouil.com/blog/electron-oauth-with-github/

Also I have implemented oAuth into gitify - an electron app so you can see a working example at https://github.com/ekonstantinidis/gitify/blob/master/src/js/components/login.js#L15-L62.


#5

Hello, thanks! I did infact use your code but the version of Electron I was using did not handle POST requests as expected. I upgraded and the problem was solved.

Also, how do you plan on securing your client_id and client_secret in your application? Since we are making a desktop application, cannot really secure that can we?


#6

nice question I was thinking about this the other day, as a user could easily delve into the applications contents etc. Might be worth a new post on just this type of security?