What Redirect Uri Should I Use For An Authorization Call Used In An Electron App?
I have a basic Electron app doing nothing special, based on sample starter projects. For my main window, I am loading in a URL as a GET request to an API endpoing loginWindow.loadU
Solution 1:
OAUTH FOR DESKTOP APPS
OAuth for desktop apps recommends these 2 key behaviours:
- Login via the system browser so that your app never sees the user credential
- Use Authorization Code Flow (PKCE) since your app is a public client
This typically leads to one of these solutions:
- Loopback based redirect URI such as http://127.0.0.1:8000/callback
- Private URI scheme based redirect URI such as x-mycompany-desktopapp:/callback
As you are finding, a standard HTTP based internet redirect URL will not work for a desktop app unless you use older (deprecated) web view solutions.
RESOURCES OF MINE
It is tricky flow to implement, though my blog has a couple of Electron code samples that you can easily run from your local PC to see what both solutions look like:
- Initial Desktop Code Sample, using the Loopback Solution
- Final Desktop Code Sample, using the Private URI Scheme Solution
My samples are quite deep, but hopefully some of this is useful for your own solution ...
Post a Comment for "What Redirect Uri Should I Use For An Authorization Call Used In An Electron App?"