Securing Electron Applications with OpenID Connect and OAuth 2.0

dan-auth0 · March 28, 2020, 11:00pm

Thank you for sharing this information, Xavier. I will relay it to my team.

I had a meeting this week with our manager and we discussed about this tutorial, Electron, and how we are going to have an engineer dedicated to keeping the Electron sample and the tutorial up to date.

Coordinating this type of efforts is a cross-team task so that’s why I takes some time. Our goal is to provide you the best possible guidance for integrating Auth0 with Electron on its different versions through a security-first approach

jome · May 3, 2020, 11:13am

Hi. Great article.
However when I ran the final code, I’m getting a
“Not allowed to load local resource: file:///callback?code=IWwSZE8r8usjIb8O” error. Obviously a “my machine error”. Using a MacOS. Any ideas where I should start looking?

konrad.sopala · May 4, 2020, 12:45pm

Hey there @jome I’m sure Dan will reach out to you once he’s online!

dan-auth0 · May 4, 2020, 4:41pm

Howdy, Jome. Thank you for reading the blog post and for joining the Auth0 Community. What version of Electron are you using? The current guidance is only working for v6, I apologize for that. We are, however, in the process of creating new guidance for v7+.

mfeldman143 · May 25, 2020, 9:18pm

RE: creating new guidance for v7+,
any updates?

Thanks,
Michael

konrad.sopala · May 26, 2020, 11:55am

Thanks @mfeldman143 for sharing your interest in that! I’m sure Dan will share his view on that soon!

dan-auth0 · May 26, 2020, 6:59pm

I am currently reviewing the blog post updates ! I am very excited about this. My teammate @andrea.chiarelli has been working hard on it

dan-auth0 · May 30, 2020, 4:56pm

Update on this content: We are currently working on a deep audit of all Electron content. We have something in the pipeline to share in the near future. So far, the technical testing is looking good

konrad.sopala · June 1, 2020, 10:01am

Thanks for the headsup Dan!

dan-auth0 · June 13, 2020, 2:07pm

Update: I am running the final review on the updated content today We should have this update live very soon. I’ve gotten to learn a great deal of Electron. Fascinating framework.

dan-auth0 · June 17, 2020, 8:41am

Howdy, everyone! This blog post has been updated:

We also created a new Community Topic to gather feedback on the update and answer your questions:

We hope this can help all of you with integrating Auth0 with your Electron apps.

We look forward to hearing from you

konrad.sopala · June 17, 2020, 12:41pm

Thanks for the heads-up Dan!

bensmith.md · August 12, 2020, 2:22am

@dan-auth0 Any update on the unsupported browser error using gmail auth? I’m getting that error consistently now using the newest tutorial above.

dan-auth0 · August 12, 2020, 12:11pm

Howdy, Ben. Let me check with @andrea.chiarelli when he gets back from vacation and other teammates internally to investigate this.

What I can tell is that when I tried the content with my own Google account, I didn’t experience any issues but we’ll re-assess. Thank you for bringing this up again

bensmith.md · August 13, 2020, 2:00am

Thanks Dan and @andrea.chiarelli. I think I have found a solution to this bug. In the tutorial above, line 21 in main/auth-process.js should be:

win.loadURL(authService.getAuthenticationURL(), {userAgent: 'Chrome'});

Forces the Electron Chromium user agent to be Chrome during auth and fixes the problem here.

Ben

konrad.sopala · August 13, 2020, 8:53am

Perfect! Thanks for sharing it with the rest of community!

dan-auth0 · August 13, 2020, 5:29pm

This is great to hear! We’ll research it and add it to the blog post.
@bensmith.md, once you added that, did Google Sign On worked successfully and consistently?

bensmith.md · August 13, 2020, 5:58pm

So far, yes. I’m sending this out to people who’ve had this problem previously and will report back if it’s working across the board for everyone.

dan-auth0 · August 13, 2020, 6:02pm

Thank you, Ben! I appreciate all the feedback you have provided us. We are hoping to keep this Electron content evergreen. Every new release is a challenge haha but we plan to keep up with it

I do have it on the pipeline for us to create a more simplified guide for Electron. Something akin to an “Electron QuickStart” that would be easier to maintain and troubleshoot – also that we can version better.

andrea.chiarelli · August 17, 2020, 12:44pm

Hi @bensmith.md,
Thanks for your contribution.

For completeness, like @dan-auth0, I’m not able to reproduce your issue with my Google account. It works fine for me.

However, searching for a reason for this behavior, I found this thread.
It seems it is a recurring issue due to some incompatibilities between Chromium versions and the account security settings. Nevertheless, the issue doesn’t seem so clear.
It seems affecting accounts that have Two Factor Authentication (2FA) enabled, but I can confirm that it works fine with my 2FA-enabled Google account.

One of the participants suggested your workaround, but it didn’t work for another dev.
In a nutshell, it seems a Chromium-Google account problem affecting not only Electron, but it seems there isn’t currently any official fix.