- The final OpenID Connect desktop code sample, referenced in my blog at https://authguidance.com
- The goal is to implement OpenID Connect desktop logins with best usability and reliability
The desktop app is a simple UI with some basic navigation between views, to render fictional resources.
The data is returned from an API that authorizes access to resources using domain specific claims.
Build and run the app via this command, which will trigger the OpenID Connect desktop flow:
./start.shA login is triggered in the system browser, so that the app cannot access the user's credentials.
A private URI scheme callback URL of x-mycompany-desktopapp:/callback is used to receive the login response:
You can login to the desktop app using my AWS Cognito test account:
- User: [email protected]
- Password: GuestPassword1
You can then test all lifecycle operations, including token refresh, expiry events and logout.
- Further architecture details are described starting in the Final Desktop Sample Overview
- See the Non Functional Behaviour page for a summary of overall qualities
- Electron, TypeScript and React are used to implement the Cross Platform Desktop App
- The AppAuth-JS Library is used to implement the Authorization Code Flow (PKCE)
- The keytar library is used by the Desktop App for secure storage of OAuth tokens
- AWS API Gateway is used to host the Desktop App's OAuth Secured API
- AWS Cognito is used as the default Authorization Server for the UI and API