stackoom
  简体   繁体   中英

How to setup OAuth2 connection to Google Identity API within an Electron app safely with redirectUri pointing to localhost?

 原文  2022-06-08 16:49:57       node.js/ oauth-2.0/ google-api/ electron/ google-identity

Question

The context:

I'm trying to develop a desktop app with ElectronJS which needs access to Google APIs. As such, I want my users to be able to connect to their Google account via OAuth2. As I use Electron, I have no safe way to store a "client-secret" and must use the "mobile app" method.

The problem:

Google keeps rejecting my redirect_uri:

在此处输入图像描述

The doc I followed:

The official npm "google-auth-library" package mentions the following regarding OAuth authentication for Electron apps ("OAuth2 with Installed Apps (Electron)" section) :

If you're authenticating with OAuth2 from an installed application (like Electron), you may not want to embed your client_secret inside of the application sources. To work around this restriction, you can choose the iOS application type when creating your OAuth2 credentials in the Google Developers console

As doing so gave me the previously mentionned Error 400, I looked into Google Identity documentation and saw this regarding localhost redirection:

Note that support for the loopback IP address redirect option on mobile apps is DEPRECATED.

My question:

At this point, I suspect that this is the reason Google is responding Error 400 to my requests (but I admit it could be my fault. I just don't understand what I do wrong as I feel like I follow the documentation strictly.)

If so, what are the possible ways to solve the issue ? Knowing that I have strictly 0 budget for this project and so I cannot afford to redirect to a domain I would buy or afford a server acting as proxy between my app and Google APIs.

(The code, if useful)

I use the "complete OAuth2 example" from google-auth-library except I changed the OAuth2Client constructor call to this, following the doc's recommandations:

const oAuth2Client = new OAuth2Client({
    clientId: "<the clientID of my project from Google API Console>",
    redirectUri: "http://127.0.0.1:3000"
})

In despair, I've tried a whole lot of different URL formats, but nothing works.

Thanks in advance for your help.

1 answers

solution1
 2  2022-06-09 19:13:48

OAUTH BEHAVIOUR

An OpenID Connect desktop app uses PKCE without a client secret. According to RFC8252 it then receives the login response on either a loopback URL or via a private URI scheme notification.

The loopback option is fine for a desktop app but should not be used for a mobile app. Conversely, claimed HTTPS redirect URLs work for mobile apps but not desktop apps.

TROUBLESHOOTING YOUR PROBLEM

It is not clear whether your problem is caused by using a loopback URL or something else. To troubleshoot, you can use a couple of demo Electron apps of mine:

In both cases, edit the desktop.config.json file in the root folder. Replace my AWS Cognito values with your Google values. Then run npm start . See if that gets you any further, and post any follow up questions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to bring the electron app on the foreground after a successful google oauth2 callback from the browser on Windows OS? How to get email and profile information from OAuth2 Google API? How to get Google Fitness API data using OAuth2 with PassportJS Google OAuth2 API Refresh Tokens OAuth2 with nodejs api and standard javascript app How can i safely pass access token generated from Google OAuth to a NodeJS REST API? How to use Passport.js Google OAuth2 strategy with Google api? electron - how to use ffmpeg within an electron app How to communicate between servers (Google Cloud Engine -> Google App Engine) using oAuth2 How would a Google Apps Script app that makes Oauth2 requests between 2 APIs be if it was a NodeJS app?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM