Wails: Recommended approach for OAuth2 style callbacks

Created on 20 Apr 2020  路  7Comments  路  Source: wailsapp/wails

I am writing an application which connects to a data provider using OAuth2. Part of the authentication process is to register in advance with the data provider a callback url. Once this is registered, a request is made to get a token.

I plan on doing request in Go, but I need to render the HTML/JavaScript that is returned (confirmation screen) from the authorization request along with handling a redirect url.

How would I approach this in Wails? Since wails uses IPC, is there a way to redirect the URL provided within a Wails app? Can I display the HTML response within a dialog somehow?

question

Most helpful comment

I have done this where I set up the app to use the http server and listen to localhost. I then opened up a webview window pointed to localhost. The localy hosted page displayed in webview window has all the standard javascript for Auth0 login. Once login is complete, page in webview, hosted by the go app passes the token to the app through a restful call to localhost. Once that is done, app shuts down the web server and webview and then the app can run as a normal wails app. As you mention, Auth0 must be set up to accept origin from localhost and callback redirect to localhost.

All 7 comments

This was discussed on the slack channel a while back. Technically, you can do anything you like as you have the power of using what you want for the frontend or the backend. I think the recommended way when it was discussed was to open a separate http server in your backend that could be used to do the oauth. You can certainly open a new browser window using the Wails runtime. Perhaps try this? Please let us know how you get on because we'd love to add this to the Guides section of the docs.

I have done this where I set up the app to use the http server and listen to localhost. I then opened up a webview window pointed to localhost. The localy hosted page displayed in webview window has all the standard javascript for Auth0 login. Once login is complete, page in webview, hosted by the go app passes the token to the app through a restful call to localhost. Once that is done, app shuts down the web server and webview and then the app can run as a normal wails app. As you mention, Auth0 must be set up to accept origin from localhost and callback redirect to localhost.

Thanks! That makes sense. I hate opening up a server because you don't know if the ports can be used, and because you have to register it in advance, it is not like you can just assign one. May I suggest making that available on github? :)

The good news is that you can chose which port to listen to, which is required since you have to tell your OAuth2 provider what host and port to expect (I use Auth0, and have used Azure AD, but I doubt any of the others is any different). You only keep it open just long enough to get authentication, then you shut it down. Your risk isn't zero, but it is small. I've been meaning to put an example together on this. I'll put something together today, make it available to you and maybe ask the Wails team if it's something they want to put in their tutorials.

Trying to be seamless....but OAuth2 isn't a seamless workflow in terms of getting new tokens and such. Ah well.

Thanks for posting. I think it would be a great example! [%]D --- have a virtual beer on me. ;)

Thanks @pachapman for your insights into this. @SGarno can this be closed now?

Yes. Thank you!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bh90210 picture bh90210  路  5Comments

ewhal picture ewhal  路  3Comments

VladislavSournine picture VladislavSournine  路  5Comments

jonericcook picture jonericcook  路  6Comments

billacw picture billacw  路  3Comments