Is it a way not make Github call directly backend, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code?

vapor-community / Imperial

Federated Authentication with OAuth providers

MIT License

153 stars 48 forks source link

Is it a way not make Github call directly backend, but let Github call frontend first, and frontend call gh-auth-complete in backend and pass code? #91

Closed j4nos closed 1 year ago

j4nos commented 1 year ago

I did setup Imperial as tutorial says, but when a GET is sent with http://localhost:8080/gh-auth-complete?code=1c529782861a44782488 then it refuses, it does not have access-token.

My frontend and backend is separated. I would use Oauth 2.0 in the official way, Github -> frontend -> backend.

Is it possible to pass only code and check its validity in a next communication sequence?

oauth

0xTim commented 1 year ago

No if you want that functionality you'd need to implement it yourself

0xTim commented 1 year ago

Also, to clarify - GH calls the URL that you specify in the redirect. You probably want to handle it all in the backend to keep it secure then pass a user/token/success to the front end when complete