Hoppscotch Desktop for self-hosting #4028
mkohns
started this conversation in
Show and tell
Replies: 1 comment
-
Hi, So I downloaded the desktop app but If you don't mind can you tell me how & where do I need to copy these function to make oauth flow work correctly. I have my BE server in Local & Azure App Service. But I'm getting trouble Auth via Oauth2 Authorization Code Flow using Azure. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all!
I understand that Hoppscotch Desktop is concentrating on stability and will care for self-hosting later.
I nevertheless really love the desktop app - and wanted to have the self-hosting figured out.
So - I took a look. In my case the SSO with Azure was in focus.
My goal:
Actually not much was missing for this. I would like to share my thoughts about this:
The user journey
user clicks on login
popup opens with configured SSO providers.
This did not work as the platform function getAllowedAuthProviders was not implemented.
I just copied over the function from selfhosted-web. That worked nicely.
hoppscotch/packages/hoppscotch-selfhost-web/src/platform/auth/auth.api.ts
Line 17 in eecc3db
After clicking on SSO (in my case Azure), the tauri app calls backend with /auth/microsoft?redirect_uri=desktop
hoppscotch/packages/hoppscotch-selfhost-desktop/src/platform/auth.ts
Line 44 in eecc3db
This at the end opens up the default browser (authorization code flow) and logs in the user. The provided redirect URI in this case is MICROSOFT_CALLBACK_URL="http://localhost:3170/v1/auth/microsoft/callback"
After successful user login, microsoft redirect to the above URL with the auth code. This is processed here:
hoppscotch/packages/hoppscotch-backend/src/auth/auth.controller.ts
Line 163 in eecc3db
here the trouble started, because the the implementation after retrieving all tokens and setting cookies just call this custom uri: REDIRECT_URL="hoppscotch://localhost" which opens up the hoppscotch up again. In a web scenario this would be nice as the cookies would be also transported. In a custom schema scenario as with tauri - obviously not. So I decided to place the cookie parameters just as query parameters like this:
hoppscotch/packages/hoppscotch-selfhost-desktop/src/platform/auth.ts
Line 264 in eecc3db
The corresponding new server parts looks like this:
That it!
Works like a charme even with refreshing.
I actually think that this cookie auth stuff here is not very nice.
I am thinking about replacing all this with a normal Authorization JWT Bearer in the Headers.
This would make thinks here more straightful.
Leave me your thoughts about this!
Beta Was this translation helpful? Give feedback.
All reactions