使用 Google OAuth 的电子应用程序:“此浏览器或应用程序可能不安全"； [英] Electron application using Google OAuth: "this browser or app may not be secure"

问题描述

我的应用的用户今天报告了一个关于通过 Google 授权用户(使用 OAuth 2.0)的问题.到目前为止，应用程序正在打开一个新的 BrowserWindow(节点集成已禁用，会话与主应用程序分离).你可以在 这里 因为库是 OSS.我正在使用它来授权用户访问 Google Drive 上的应用程序数据.今天登录后，我看到以下消息:

A user of my app reported an issue today about authorizing the user with Google (using OAuth 2.0). So far the application was opening a new BrowserWindow (node integration disabled, session is separated from the main application). You can see the implementation here since the library is OSS. I am using this to authorize the user to access application data on Google Drive. Today after logging in I see the following message:

此浏览器或应用程序可能不安全.

This browser or app may not be secure.

尝试使用其他浏览器.如果您已经在使用受支持的浏览器，则可以刷新屏幕并再次尝试登录.

Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in.

了解更多链接有一个面向开发人员的部分.本节有 2 个链接.一是如何将应用程序升级到 PWA.由于该应用程序是一个 API 测试工具，因此无法在 Web 浏览器中运行它.第二个链接指向描述如何迁移到本地应用程序授权的文档.但是，所描述的流程需要授权代码授权.这意味着我需要在我的应用程序中包含 OAuth 密码.然而，Electron 应用程序仍然是 Web 应用程序，并且没有编译源代码的概念.我会向公众公开不安全的客户秘密.可能我可以构建一个服务器应用程序来支持它，但该应用程序是 OSS 项目.它没有资金来运行服务器进行授权.

The learn more link has a section for developers. This section has 2 links. One is how to upgrade the application to PWA. Because the application is an API testing tool it won't be possible to run it in a web browser. The second link points to a document describing how to migrate to authorization for native application. However described flow requires authorization_code grant. This means I need to include OAuth secret into my application. Electron application, however, is still web application and there's no notion of compiling sources. I would expose client secret to the public which is not secured. Potentially I could build a server application to support it but the app is OSS project. It does not have funding to run a server for authorization.

我现在的问题是我应该如何为 Electron 应用程序实现 OAuth 2.在这种情况下，我无法使用 PWA，并且服务器授权流程(代码授权)远非理想.

My question is now how should I implement OAuth 2 for Electron application then. I can't use PWA's and server authorization flow (code grant) is far from ideal in this case.

推荐答案

正如 Paweł 解释的那样，更改用户代理就可以解决问题.但是，您可以通过在加载 URL 时传递一个对象来轻松设置用户代理

As Paweł explained, changing the user agent will do the trick. However, you can easily set the user agent by passing an object when loading the URL

win = new BrowserWindow({width: 800, height: 600});
win.loadURL(authUrl, {userAgent: 'Chrome'})

我已经测试过它，它就像一个魅力

I have tested it and it worked like a charm

这篇关于使用 Google OAuth 的电子应用程序:“此浏览器或应用程序可能不安全"；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！