├── .editorconfig ├── .gitattributes ├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── index.js ├── license ├── package.json ├── readme.md └── test └── index.js /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_style = space 5 | end_of_line = lf 6 | charset = utf-8 7 | trim_trailing_whitespace = true 8 | insert_final_newline = true 9 | 10 | [{package.json,*.yml}] 11 | indent_style = space 12 | indent_size = 2 13 | 14 | [*.md] 15 | trim_trailing_whitespace = false 16 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | node_js: 3 | - 'stable' 4 | - '6.0.0' 5 | - '5.0.0' 6 | - '4.0.0' 7 | script: 8 | - xo 9 | - "./node_modules/mocha/bin/mocha" 10 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) 5 | and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). 6 | 7 | ## [Unreleased] 8 | 9 | ## [3.0.0] - 2017-07-12 10 | ### Added 11 | - Merge #17: Add support for state param. 12 | 13 | [Unreleased]: https://github.com/mawie81/electron-oauth2/compare/v3.0.0...HEAD 14 | [3.0.0]: https://github.com/mawie81/electron-oauth2/compare/v2.4.1...v3.0.0 15 | 16 | ## Previous Versions 17 | No changelog kept. See https://github.com/mawie81/electron-oauth2/releases. 18 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const Promise = require('pinkie-promise'); 4 | const queryString = require('querystring'); 5 | const fetch = require('node-fetch'); 6 | const objectAssign = require('object-assign'); 7 | const nodeUrl = require('url'); 8 | const electron = require('electron'); 9 | const BrowserWindow = electron.BrowserWindow || electron.remote.BrowserWindow; 10 | 11 | var generateRandomString = function (length) { 12 | var text = ''; 13 | var possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; 14 | 15 | for (var i = 0; i < length; i++) { 16 | text += possible.charAt(Math.floor(Math.random() * possible.length)); 17 | } 18 | 19 | return text; 20 | }; 21 | 22 | module.exports = function (config, windowParams) { 23 | function getAuthorizationCode(opts) { 24 | opts = opts || {}; 25 | 26 | if (!config.redirectUri) { 27 | config.redirectUri = 'urn:ietf:wg:oauth:2.0:oob'; 28 | } 29 | 30 | var urlParams = { 31 | response_type: 'code', 32 | redirect_uri: config.redirectUri, 33 | client_id: config.clientId, 34 | state: generateRandomString(16) 35 | }; 36 | 37 | if (opts.scope) { 38 | urlParams.scope = opts.scope; 39 | } 40 | 41 | if (opts.accessType) { 42 | urlParams.access_type = opts.accessType; 43 | } 44 | 45 | urlParams = Object.assign(urlParams, opts.additionalAuthCodeRequestData); 46 | 47 | var url = config.authorizationUrl + '?' + queryString.stringify(urlParams); 48 | 49 | return new Promise(function (resolve, reject) { 50 | const authWindow = new BrowserWindow(windowParams || {'use-content-size': true}); 51 | 52 | authWindow.loadURL(url); 53 | authWindow.show(); 54 | 55 | authWindow.on('closed', () => { 56 | reject(new Error('window was closed by user')); 57 | }); 58 | 59 | function onCallback(url) { 60 | var url_parts = nodeUrl.parse(url, true); 61 | var query = url_parts.query; 62 | var code = query.code; 63 | var error = query.error; 64 | 65 | if (error !== undefined) { 66 | reject(error); 67 | authWindow.removeAllListeners('closed'); 68 | setImmediate(function () { 69 | authWindow.close(); 70 | }); 71 | } else if (code) { 72 | resolve(code); 73 | authWindow.removeAllListeners('closed'); 74 | setImmediate(function () { 75 | authWindow.close(); 76 | }); 77 | } 78 | } 79 | 80 | authWindow.webContents.on('will-navigate', (event, url) => { 81 | onCallback(url); 82 | }); 83 | 84 | authWindow.webContents.on('did-get-redirect-request', (event, oldUrl, newUrl) => { 85 | onCallback(newUrl); 86 | }); 87 | }); 88 | } 89 | 90 | function tokenRequest(data) { 91 | const header = { 92 | 'Accept': 'application/json', 93 | 'Content-Type': 'application/x-www-form-urlencoded' 94 | }; 95 | 96 | if (config.useBasicAuthorizationHeader) { 97 | header.Authorization = 'Basic ' + new Buffer(config.clientId + ':' + config.clientSecret).toString('base64'); 98 | } else { 99 | objectAssign(data, { 100 | client_id: config.clientId, 101 | client_secret: config.clientSecret 102 | }); 103 | } 104 | 105 | return fetch(config.tokenUrl, { 106 | method: 'POST', 107 | headers: header, 108 | body: queryString.stringify(data) 109 | }).then(res => { 110 | return res.json(); 111 | }); 112 | } 113 | 114 | function getAccessToken(opts) { 115 | return getAuthorizationCode(opts) 116 | .then(authorizationCode => { 117 | var tokenRequestData = { 118 | code: authorizationCode, 119 | grant_type: 'authorization_code', 120 | redirect_uri: config.redirectUri 121 | }; 122 | tokenRequestData = Object.assign(tokenRequestData, opts.additionalTokenRequestData); 123 | return tokenRequest(tokenRequestData); 124 | }); 125 | } 126 | 127 | function refreshToken(refreshToken) { 128 | return tokenRequest({ 129 | refresh_token: refreshToken, 130 | grant_type: 'refresh_token', 131 | redirect_uri: config.redirectUri 132 | }); 133 | } 134 | 135 | return { 136 | getAuthorizationCode: getAuthorizationCode, 137 | getAccessToken: getAccessToken, 138 | refreshToken: refreshToken 139 | }; 140 | }; 141 | -------------------------------------------------------------------------------- /license: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) Marcel Wiehle (marcel.wiehle.me) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "electron-oauth2", 3 | "version": "2.4.1", 4 | "description": "An OAuth2 module for your Electron app.", 5 | "license": "MIT", 6 | "repository": "mawie81/electron-oauth2", 7 | "author": { 8 | "name": "Marcel Wiehle", 9 | "email": "mawieh@googlemail.com", 10 | "url": "marcel.wiehle.me" 11 | }, 12 | "files": [ 13 | "index.js" 14 | ], 15 | "scripts": { 16 | "test": "xo" 17 | }, 18 | "keywords": [ 19 | "electron", 20 | "oauth2", 21 | "authentication", 22 | "access token" 23 | ], 24 | "devDependencies": { 25 | "ava": "^0.8.0", 26 | "electron": "^1.4.1", 27 | "mocha": "^2.5.3", 28 | "xo": "^0.12.1" 29 | }, 30 | "dependencies": { 31 | "node-fetch": "^1.3.3", 32 | "object-assign": "^4.0.1", 33 | "pinkie-promise": "^2.0.0" 34 | }, 35 | "engines": { 36 | "node": ">= 4.0" 37 | }, 38 | "xo": { 39 | "space": true, 40 | "globals": [ 41 | "describe", 42 | "it", 43 | "xdescribe" 44 | ], 45 | "rules": { 46 | "brace-style": [ 47 | 2, 48 | "1tbs", 49 | { 50 | "allowSingleLine": true 51 | } 52 | ], 53 | "camelcase": 0 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | ## IMPORTANT SECURITY NOTICE: This repo was a proof of concept and unfortunately it is not secure to use for production purposes. If you're trying to implement OAuth in an Electron app, please see [IETF RFC 8252](https://tools.ietf.org/html/rfc8252), Google's recommendations ([here](https://developers.google.com/identity/protocols/OAuth2InstalledApp) and [here](https://github.com/google/google-auth-library-nodejs#oauth2-with-installed-apps-electron)), or [AppAuth-JS](https://github.com/openid/AppAuth-JS). 2 | 3 | # electron-oauth2 [![Build Status](https://travis-ci.org/mawie81/electron-oauth2.svg?branch=master)](https://travis-ci.org/mawie81/electron-oauth2) 4 | 5 | > A library to handle OAuth2 authentication for your [Electron](http://electron.atom.io) app. 6 | 7 | 8 | ## Install 9 | 10 | ``` 11 | $ npm install --save electron-oauth2 12 | ``` 13 | 14 | 15 | ## Usage 16 | 17 | ```js 18 | const electronOauth2 = require('electron-oauth2'); 19 | 20 | var config = { 21 | clientId: 'CLIENT_ID', 22 | clientSecret: 'CLIENT_SECRET', 23 | authorizationUrl: 'AUTHORIZATION_URL', 24 | tokenUrl: 'TOKEN_URL', 25 | useBasicAuthorizationHeader: false, 26 | redirectUri: 'http://localhost' 27 | }; 28 | 29 | app.on('ready', () => { 30 | const windowParams = { 31 | alwaysOnTop: true, 32 | autoHideMenuBar: true, 33 | webPreferences: { 34 | nodeIntegration: false 35 | } 36 | } 37 | 38 | const options = { 39 | scope: 'SCOPE', 40 | accessType: 'ACCESS_TYPE' 41 | }; 42 | 43 | const myApiOauth = electronOauth2(config, windowParams); 44 | 45 | myApiOauth.getAccessToken(options) 46 | .then(token => { 47 | // use your token.access_token 48 | 49 | myApiOauth.refreshToken(token.refresh_token) 50 | .then(newToken => { 51 | //use your new token 52 | }); 53 | }); 54 | }); 55 | ``` 56 | 57 | 58 | ## API 59 | 60 | ### electronOauth2(config, windowParams) 61 | 62 | #### config 63 | 64 | Type: `Object` 65 | 66 | ##### Fields 67 | 68 | ###### authorizationUrl 69 | Type: `String` 70 | The URL for the authorization request. 71 | 72 | ###### tokenUrl 73 | Type: `String` 74 | The URL for the access token request. 75 | 76 | ###### clientId 77 | Type: `String` 78 | The OAuth2 client id. 79 | 80 | ###### clientSecret 81 | Type: `String` 82 | The OAuth2 client secret. 83 | 84 | ###### useBasicAuthorizationHeader 85 | Type: `bool` 86 | If set to true, token requests will be made using a Basic authentication header instead of passing the client id and secret in the body. 87 | 88 | ###### redirectUri (optional) 89 | Type: `String` 90 | Sets a custom redirect_uri that can be required by some OAuth2 clients. 91 | Default: ```urn:ietf:wg:oauth:2.0:oob``` 92 | 93 | #### windowParams 94 | 95 | Type: `Object` 96 | 97 | An object that will be used to create the BrowserWindow. Details: [Electron BrowserWindow documention](https://github.com/atom/electron/blob/master/docs/api/browser-window.md) 98 | 99 | ### Methods 100 | 101 | #### getAccessToken(options) 102 | 103 | Returns a ```Promise``` that gets resolved with the retrieved access token object if the authentication succeeds. 104 | 105 | ##### options: *optional* 106 | 107 | ###### scopes 108 | Type: `String` 109 | The optional OAuth2 scopes. 110 | 111 | ###### accessType 112 | Type: `String` 113 | The optional OAuth2 access type. 114 | 115 | ###### additionalAuthCodeRequestData 116 | Type: `Object` 117 | The optional additional parameters to pass to the server in the body of the authorization code request. 118 | 119 | ###### additionalTokenRequestData 120 | Type: `Object` 121 | The optional additional parameters to pass to the server in the body of the token request. 122 | 123 | #### getAuthorizationCode(options) 124 | 125 | Returns a ```Promise``` that gets resolved with the authorization code of the OAuth2 authorization request. 126 | 127 | ##### options 128 | 129 | ###### scope 130 | Type: `String` 131 | The optional OAuth2 scope. 132 | 133 | ###### accessType 134 | Type: `String` 135 | The optional OAuth2 access type. 136 | 137 | #### refreshToken(token) 138 | 139 | Returns a ```Promise``` that gets resolved with the refreshed token object. 140 | 141 | ##### token 142 | Type: `String` 143 | An OAuth2 refresh token. 144 | 145 | ## License 146 | 147 | MIT © [Marcel Wiehle](http://marcel.wiehle.me) 148 | -------------------------------------------------------------------------------- /test/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | xdescribe('electron/oauth2', function () { 4 | it('should not throw an error', function () { 5 | require('../index'); 6 | }); 7 | }); 8 | --------------------------------------------------------------------------------