#oauth #tauri-plugin #server #redirect #localhost #local-server #flows

sys tauri-plugin-oauth

A Tauri plugin for spawning a localhost server. Needed for some oauth flows (Login with X).

3 releases (stable)

2.0.0 Nov 5, 2024
1.0.0 Nov 5, 2024
0.0.0-alpha.0 Apr 7, 2023

#131 in Authentication

Download history 8/week @ 2024-09-27 1/week @ 2024-10-04 2/week @ 2024-10-18 2/week @ 2024-10-25 328/week @ 2024-11-01 125/week @ 2024-11-08 153/week @ 2024-11-15 41/week @ 2024-11-22 63/week @ 2024-11-29 171/week @ 2024-12-06 460/week @ 2024-12-13 795/week @ 2024-12-20 773/week @ 2024-12-27 707/week @ 2025-01-03 591/week @ 2025-01-10

3,057 downloads per month

MIT/Apache

19KB
224 lines

Tauri Plugin OAuth

A minimalistic Rust library and Tauri plugin for handling browser-based OAuth flows in desktop applications. This plugin spawns a temporary localhost server to capture OAuth redirects, solving the challenge of using OAuth with desktop apps.

Why This Plugin?

Many OAuth providers (like Google and GitHub) don't allow custom URI schemes ("deep links") as redirect URLs. This plugin provides a solution by:

  1. Spawning a temporary local server
  2. Capturing the OAuth redirect
  3. Passing the authorization data back to your app

Note: For an alternative approach using deep linking, see tauri-plugin-deep-link. The deep-link plugin can automatically start your app if there's no open instance.

Installation

# Cargo.toml
[dependencies]
tauri-plugin-oauth = "2"

For Tauri projects using npm or yarn:

npm install @fabianlars/tauri-plugin-oauth@2
# or
yarn add @fabianlars/tauri-plugin-oauth@2

Usage

Rust

use tauri::{command, Emitter, Window};
use tauri_plugin_oauth::start;

#[command]
async fn start_server(window: Window) -> Result<u16, String> {
    start(move |url| {
        // Because of the unprotected localhost port, you must verify the URL here.
        // Preferebly send back only the token, or nothing at all if you can handle everything else in Rust.
        let _ = window.emit("redirect_uri", url);
    })
        .map_err(|err| err.to_string())
}

#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
    tauri::Builder::default()

        .plugin(tauri_plugin_oauth::init())
        .invoke_handler(tauri::generate_handler![start_server])
        .run(tauri::generate_context!())
        .expect("error while running tauri application");
}

TypeScript

import { start, cancel, onUrl, onInvalidUrl } from '@fabianlars/tauri-plugin-oauth';

async function startOAuthFlow() {
  try {
    const port = await start();
    console.log(`OAuth server started on port ${port}`);

    // Set up listeners for OAuth results
    await onUrl((url) => {
      console.log('Received OAuth URL:', url);
      // Handle the OAuth redirect
    });

    // Initiate your OAuth flow here
    // ...

  } catch (error) {
    console.error('Error starting OAuth server:', error);
  }
}

// Don't forget to stop the server when you're done
async function stopOAuthServer() {
  try {
    await cancel(port);
    console.log('OAuth server stopped');
  } catch (error) {
    console.error('Error stopping OAuth server:', error);
  }
}

Configuration

You can configure the plugin behavior using the OauthConfig struct:

use tauri_plugin_oauth::OauthConfig;

let config = OauthConfig {
    ports: Some(vec![8000, 8001, 8002]),
    response: Some("OAuth process completed. You can close this window.".into()),
};

start_with_config(config, |url| {
    // Handle OAuth URL
})
.await
.expect("Failed to start OAuth server");

Security Considerations

  • Always validate the received OAuth URL on your server-side before considering it authentic.
  • Use HTTPS for your OAuth flow to prevent man-in-the-middle attacks.
  • Implement proper token storage and refresh mechanisms in your application.

Contributing

Contributions are always welcome! Please feel free to submit a Pull Request.

License

This project is dual-licensed under either of the following licenses, at your option:

Dependencies

~18–58MB
~859K SLoC