Thank you, @andrea.chiarelli, for sharing that comprehensive answer
I can confirm that for all affected users on my application, setting the user agent for the auth window fixed the problem. Clearly it’s an electron/chromium issue, but it is germane to your tutorial and auth code.
Thanks for sharing that and passing this crucial feedback Ben!
Hi,
Google refusing to load in an Electron BrowserWindow is an intentional security feature to prevent man in the middle attacks. Changing/faking the user agent does not make your app safe and is disapproved by Google (see Google Developers Blog: Guidance to developers affected by our effort to block less secure browsers and applications). Instead of loading Auth0 in an Electron BrowserWindow, we are redirecting users to their external browser (Chrome, Firefox, Safari…) and then using a custom URI scheme to redirect them back into the app once auth is complete. Another advantage is that users can benefit from their password manager tools this way.
Hi,
Chrome console shows Not allowed to load local resource: file:///callback?code=7xn6x_SKbdk9KDZZ
how could I fix this problem?
Let me channel it through to our Content team to answer that!
Hey @haskelloff,
Welcome to the Auth0 Community.
Starting from Electron 8.*, you shouldn’t use the file://
protocol in the callback URL. This has been introduced by Electron for security reasons.
As suggested in the article, you should use the http
or https
protocols. In other words, your calback URL should look like http://localhost/callback
.
This topic was automatically closed 27 days after the last reply. New replies are no longer allowed.