Didn’t find many resources on this with Google. How would basic user auth be done in an electron app? I want users to be able to authenticate with third party services (like login with Github, for example.).
Can I use something like passport.js and integrate like any other Node app?
Im just looking for an overview on this process and what things I need to look into.
Can you explain the process you went through when integrating?
I’ve recently tried Auth0 with Electron, but have ran into several issues. Ideally, I would like to do this without a third party service, and perhaps just use a library like Passport.js. The issue is, Passport.js is usually used server side and unlike with Electron, storing secret keys is not a problem in that scenario.
I am appalled at the lack of documentation and examples of user auth with Electron, given that it must be be a common feature in most applications.
Then I use the firebase in electron as if I used on a any web site. Firebase even provides npm package to be used directly with node.js however as it was made to run on the server side ends up not being safe to use in electron. try reading the documentation on this link.
Being appalled is a bit of an overreaction. There is a wealth of blogs and examples regarding Node, and I expect that any front-end framework you choose has preferred authentication methods and plugins to seamlessly integrate them. There is no need for the Electron team to reinvent the manual for a subject matter that isn’t Electron-specific.
I agree that being appalled is a bit of an over reaction.
However, the fact of the matter is that storing API secrets on the client is not a wise thing to do in terms of security. As of now, to do Oauth within an electron application, the client secret and keys would have to be packaged into the app.
I disagree, this is an important issue regarding a feature that affects many, many apps built with Electron. As stated in the comments both above and below yours, security in an Electron client side app is important and something that needs to be addressed.
I am aware of the many online examples and tutorials for Node.js and relevant front-end technologies, but as Electron is client side it cannot be treated as a traditional node app.
Good docs and examples are always important.
Yes, this is a real concern and I have yet to find an official response or solution to it.
I’d really like to roll my own authentication instead of using something like Firebase. I have a separate node application which contains an api that my electron app uses. I’m thinking I could possibly utilize something like Passport.js to implement an accounts solution.
otherwise, you could use auth0.com API if you want to rely in third party apps.
@RodriguesCosta One thing is web based authentication , another completelly different from electron. Before you post, please do an extensive research in how to do it.
Regarding the secret key: you could store it if it is for persistent connections, but if you want the user to authenticate each time the app launches, then I guess it is up to the developer what action to take.