Securing Electron Applications with OpenID Connect and OAuth2

Learn how to secure your Electron applications using standards like OpenID Connect and OAuth 2.0.
Read on :hammer_and_wrench:

This is an updated version of the original published post. The prior thread where difficulties with integrating Auth0 with Electron v7+ were discussed is still available.

This new blog post has been streamlined and trimmed to make it easier and faster to answer the question “How to secure an Electron app with user authentication?”. As such, the API step has been replaced with cloning the demo API.

If you have any struggles or thoughts about the article let us know here in the thread!

Tried three different ways…“Sign in with Google” freezes the electron app…Console shows: auth0.min.esm.js:8 Following parameters are not allowed on the /authorize endpoint: [is_submitting,sso]

Other errors: when logging in and title of the Electron said a russian word: Переадресация…

Other errors:

(node:6808) UnhandledPromiseRejectionWarning: Error: Request failed with status code 400
at createError (C:\NewFolders\electron-openid-oauth-master\electron-openid-oauthTry3\frontend\node_modules\axios\lib\core\createError.js:16:15)
at settle (C:\NewFolders\electron-openid-oauth-master\electron-openid-oauthTry3\frontend\node_modules\axios\lib\core\settle.js:17:12)
at IncomingMessage.handleStreamEnd (C:\NewFolders\electron-openid-oauth-master\electron-openid-oauthTry3\frontend\node_modules\axios\lib\adapters\http.js:236:11)
at IncomingMessage.emit (events.js:228:7)
at endReadableNT (_stream_readable.js:1185:12)
at processTicksAndRejections (internal/process/task_queues.js:81:21)
(node:6808) UnhandledPromiseRejectionWarning: Error: Request failed with status code 400
at createError (C:\NewFolders\electron-openid-oauth-master\electron-openid-oauthTry3\frontend\node_modules\axios\lib\core\createError.js:16:15)
at settle (C:\NewFolders\electron-openid-oauth-master\electron-openid-oauthTry3\frontend\node_modules\axios\lib\core\settle.js:17:12)
at IncomingMessage.handleStreamEnd (C:\NewFolders\electron-openid-oauth-master\electron-openid-oauthTry3\frontend\node_modules\axios\lib\adapters\http.js:236:11)
at IncomingMessage.emit (events.js:228:7)
at endReadableNT (_stream_readable.js:1185:12)
at processTicksAndRejections (internal/process/task_queues.js:81:21)
(node:6808) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing
inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)
(node:6808) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing
inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)
(node:6808) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
(node:6808) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Trying Windows and the git repo as-is (Electron 9, followed all directions for Auth0 configs: apiIdentifier, auth0Domain, clientId)

Hey @mfeldman143,
I’m not able to reproduce your issue. I need additional info to understand what is happening.

  • Do you get this error just with Google sign in or also with username and password?
  • Please, can you check if you have any error messages in the logs of your Auth0 Dashboard?
    You can access them from the Logs menu item on the left. You should see a screen like the following:

Please, provide me with this additional info. I will check it with our engineering team.
Thanks

Thanks for quick reply!
I managed to get it working after creating new Auth0 account and starting over.

Not sure which configuration is throwing it off. FYI: snapshot:

2 Likes

Perfect! Glad to hear that!

Hey @mfeldman143, happy to hear you resolved the issue, even if we didn’t actually understand what happened.
At a high level, the snapshot you sent seems to highlight some issues on the Google connection. If you want to try to better understand, you can expand the Failed Exchange and Failed Login items to get more info.

1 Like

Sorry. I had whitelist rules. That was the interference.

Regarding the Russian letters from Electron…I am getting that again this time from another scenario…my guess, something about the Electron npm packages.

Sorry. I had whitelist rules. That was the interference.

Thank you for sharing. Al least we have a reason for the error :smiley:

Regarding the Russian letters from Electron…I am getting that again this time from another scenario…my guess, something about the Electron npm packages.

It’s possible

1 Like