- The initial OpenID Connect desktop code sample
- The goal is to implement OpenID Connect in a desktop app with good usability and reliability
The desktop app is a simple UI with some basic navigation between views, to render fictional resources.
The data is returned from an API that authorizes access to resources using domain specific claims.
First ensure that Node.js 20+ is installed.
Then build and run the app via this command, which will trigger the OpenID Connect desktop flow:
./start.sh
A login is triggered in the system browser, so that the app cannot access the user's credentials.
A lookback redirect URI runs on the local computer to receive the login response.
You can login to the desktop app using my AWS Cognito test account.
You can then test logins, API calls and token renewal:
- User: guestuser@example.com
- Password: GuestPassword1
- Further architecture details are described starting in the Initial Desktop Sample Overview.
- See the Final Desktop Sample for a more complete code sample.
- Electron and TypeScript are to implement the Desktop App
- The AppAuth-JS library is used to implement the Authorization Code Flow (PKCE)
- AWS Serverless or Kubernetes is used to host remote API endpoints used by the app
- AWS Cognito is used as the default Authorization Server for the UI and API