Firstly, apologies if this is in the wrong subforum.
Now that Lock for Electron.js has been deprecated, quite a few developers have been left at a loose end for securing their Electron-based desktop applications.
As a remedy, I have written electron-auth0-login, an NPM module that enables PKCE-based logins with optional support for refresh tokens, stored securely using Node-Keytar.
You can download the package from NPM:
# Installing electron-auth0-login
npm install electron-auth0-login --save
# Installing peer dependencies
npm install request request-promise-native --save
Initialising is simple. Just add the following to main process code:
import ElectronAuth0Login from 'electron-auth0-login';
const auth = new ElectronAuth0Login({
// Get these from your Auth0 application console
auth0Audience: 'https://api.mydomain.com',
auth0ClientId: 'abc123ghiMyApp',
auth0Domain: 'my-domain.eu.auth0.com',
auth0Scopes: 'given_name profile'
});
Have a redirect URL whitelisted for https://{your-auth0-domain}/mobile.
Now, when you want a token, call auth.getToken and electron-auth0-login will either return a token in memory (if valid), use a refresh token (if enabled) or kick off a new Auth0 login flow.
Full details on the project’s readme: https://github.com/jbreckmckye/electron-auth0-login
Give it a go, and do raise issues on Github if you have any problems.