Securing Electron Applications with OpenID Connect and OAuth2

robt1019 · July 25, 2020, 6:13pm

Hi. I’m quite new to OAuth/OpenId connect, so apologies if this is an obvious question.

What grant/flow is this example using? It looks like it is the Authorization Code flow, but as far as I can tell, you don’t pass a client secret.

Unless I’m missing something, according to the docs on the Auth0 Authentication API, it shouldn’t be possible to call the /oauth/token endpoint without either a client_secret (if using normal authorization code flow), or a code_verifier (if using Authorization code with PKCE)

To clarify, this is the call I’m confused about

 const exchangeOptions = {
    grant_type: "authorization_code",
    client_id: clientId,
    code: query.code,
    redirect_uri: redirectUri,
  };

  const options = {
    method: "POST",
    url: `https://${auth0Domain}/oauth/token`,
    headers: {
      "content-type": "application/json",
    },
    data: JSON.stringify(exchangeOptions),
  };

  try {
    const response = await axios(options);

Topic		Replies	Views
Electron v17 with Auth0 Help electron	0	2151	February 2, 2022
Not able to get Auth0 lock working with Electron Help electron	5	6314	July 26, 2019
Auth0 Google login in Electron Help auth0 , electron , social-provider	0	3148	December 22, 2020
Can't re-login after a logout in Electron application Help logout , electron	2	4246	August 5, 2020
Unable to logout from electron app using Auth0 Help logout , auth0 , electron , authentication	8	3857	March 5, 2022

Securing Electron Applications with OpenID Connect and OAuth2

Related topics