Replies: 1 comment 2 replies
-
|
Hey @Zycon42 maybe I'm not getting something but why would the browser session cookie be included here at all? in general electron is a bit of a weird case since its technically also a browser under the hood. |
Beta Was this translation helpful? Give feedback.
-
|
As I said, google is opened in system browser, where you are already logged in. Using browser window inside electron app is unacceptable UX. Also security wise it's unacceptable. Sane person doesn't put google credentials into electron window where the app can listen to it. It has to be opened in system browser. |
Beta Was this translation helpful? Give feedback.
-
|
I understand now. I think you can use the Google Sign-In SDK in your Electron app to get an id_token directly from Google. See here: https://www.ory.com/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
We have web app, electron app, api (unimportant here) and kratos. Kratos is behind a proxy on a webapp so on the same origin. Our electron app is using native app authentication flows with
return_session_token_exchange_code=trueand system browser OAuth as described here.The issue is following:
I think that kratos should ignore the browser session cookie if it's on the social login callback for the API flows.
I considered following workarounds/solutions to prevent browser from sending cookies on google -> kratos redirect
SameSite=Strictfor session cookie, but that breaks account linking for the webapp I thinkDo I miss something obvious or have any ideas or recommendations? Thanks.
Beta Was this translation helpful? Give feedback.
All reactions