Skip to content

Latest commit

 

History

History
 
 

auth-server

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
README.md
README.md
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
tsconfig.lib.json
tsconfig.lib.json
 
 

README.md

@trezor/auth-server

Authorization endpoints for saving labels in Google Drive via OAuth 2.0.

Google requires client_secret specific for an app to grant long term access to a user via a refresh_token. This is a recommended OAuth flow for desktop apps. Exposing client_secret could potentially enable attackers impersonating the app to gain access to the user's labels. Therefore, Google authentication server is accessed via our backend which stores the client_secret. Unlike the Dropbox OAuth implementation, it is not possible to substitute the secret with PKCE.

Development

  1. Generate your own testing credentials for a Desktop App in Google Cloud Platform.
  2. In Google Cloud Platform, add your account as a test user of the app.
  3. Replace client_secret in index.ts and client_id in @trezor/suite with generated credentials.
  4. Set OAuth API in Suite debug settings to http://localhost:3005 or override the authServerUrl here.
  5. Install dependencies via yarn workspace @trezor/auth-server install.
  6. Run the server locally via yarn workspace @trezor/auth-server dev.

Build

yarn workspace @trezor/auth-server build