Support multiple IdP via openid-connect and migrate to AppAuth-JS about balloon-client-desktop HOT 4 CLOSED

and openid-connect should use the code authorization flow, since we can make use of refresh tokens. Therefore the user stays signedin until grant is revoked.

from balloon-client-desktop.

oAuth2Config must be replaced with:
"auth": { "basic": true, "oidc": [{ "provider": "google", "clientId": "", "authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth", "redirectScheme": "", "imgBase64": "iVBORw0KGgoAAAANSUhEUgAAAL8AAAAuCAYAAAB50MjgAAAIx0lEQVR4AezTRxEDUQxEQecAz+Z/ljlsDv8qE9B2Vw2DNycADu687rLuasVml9Z37hwRn2EYYi4Gtq5X338HuPV9/5uLgq3vrfNT4jUXB1vnp8R7Lg62zvP4QfwgfhA/iB/ED+IH8S/smwWM3cgZx0UVl1FQFFOZmZmZmZlemRldbl2eogs+8oFz5+tZl1FjVZYsyap7rqy+6rW+Os46TnxOnImzk3/z7NHMer37gkun/Uuz4PGbz/7mN9/3zWi3jSPc9PXPo3z7a7D03CfgwDMehYOvfv6pa5/Dcd/DrnZ1s4N/eX+GQ+9/Kw484UELW/meN2L5fyl2dbPQLvxtFGLpBU8RgJ++HZq8A7va1Y6Hf3kpx9JzHj8C/OBrXoDqcx/F4c98GMWrnqci/1tfBX5Thc1SWxeYxhGiKEIyy9BwSLFiCup6SGuOCy5eI/IogqTARitPfFA/RrOeD/IA2mQC089wVmIVZsJ3cTJDyTg2VW0GczKBZoVg2xH+Q5O3DaAvXvoMsH17x37cex0Of+y9mwp+FliYTCarGkFctpgrdbXumuamuNBqC1/Yc9FgI9XAFe82ZZ1lzAIPLg1RCVZZ5nX9hKY4U9UzH5r0mWpOlG8i/CnI3K7uodlu8J8sKY5888448OQH9OC/+GlYvjHFdhAvIzFhOmiUoiwzhI7RX9Momi4rZAiDCEXDNwTKWRQiySpstKo0RhinIjq28PT+vdN2FfxehjNSM4UuYDdphKIskPi2DB4p2zz4jblN4m2/yL/8j7fgxLW3wLHf3QrFC+6DY1dfge2itgj6ySI+FNoFLG0+gWY3gdXUh2mYiHImgY1cs494mgHbsWAQAjvMgTaHYxAYFkXg2d09mqbDCVPwtWsNuKYBi8Zou+eJurEsx4NrkT7j6BbivMFITQqb6DBpAt6vZFBj/vtU/F7ANXQQOwQDQ+RaMEwXeTN/Rl1GbE03EOZMwq+ZjrJNLCRli7WUB2Z/jx1jpWK7z5TurAEgskzoguj9dd2wkRRDTJssgm3owl8ENMoG/ioSD0Sbf16D6c59Y4j3Whv+Jo/78bT+/fyk2Br4T3j3m8PfteN77oKTy8tYrS9dxha2vTecwIaoTiQEhhMgr8aQpbQHgaYNAI5ETO58IgjRZKrXaapScN8G/WHJF6TsPsuw1FPlg0ZAtMkgC0kJuK3uXhslAJ774rMmCgAow/53KwIHg0f6iDw7ks8XzcBOIOBX13To0raLCmPNBn5ZX6lnKH8puwiLVgSgUPmQEDkfxEvFGqeDfvGzLHMG8Itsrha2sufO6i2A3729hP+E/xispcd/8cjC9t09DBulInaVQ0U09+JcRp7MM9Qkt1nv6ImBacUHewYi4O/7CRLRLxbLGJLxxCkADV/AXsDWBLRsRD9iq4+GSQPkErIJ/IKjTvoSxE4qAAw+WVmOtOr3nsGzt23rg/dq8inCMEQURd33tGrF4h76IxMZY2JG4GgRGP0z21HRj1wlIMLHWav6rTAXa17ALXw29CFHZPX+duJK3K+yO9uJ8H/jCoYNFSsR+y4MfUXUprMR/LyKoQlHtrJy8cfwq36krn7W8Ku6ewDtSFXs9FEtSUVk75vhT5F0dnUk9RrjqEwgwD5b2wpKL2ODgwEVaRvwMoQms89aG1Q2WoQAk/uRpB73iwC0DvxM+kEjRleumkRTmWLzy577Svjr6++GZT4ue179o6OD9rLvHx3A/zP3ODZCTZEiSaYoGkhV8gTDQNquA78uHD88JRnBLBbP2cNP0zOCH3UiNp39BNtxitDqf9dEyVJjbfj9AfxnbzvziIjYZf8qrEHdNEhcWQ7JMQX8Cl4Fv1hEGqbNavg1RGWj+tnYZwvh10m3fyLzRWAaMOxw8yP/8b+/sQM/2nN7PPtPT8UVUxen0yV+O4D/mnBjav6U6r2jnOkISAHGAF4ZtTQbBReLJXG2Dn7UcGW26sufOrZH2WsR/Bk/e/jFews7FjI22iON/FUCwxreCNBKGxP4YhDwleWW6vfSRp0yrQu/up/OGuWlLEXNt2DDe2zpL7jkinvh4X94Lh74hxfgqZe+Ef+t92M9HT56Eq/8oYr8TzjV5tc2QoPNkWGDUhfG3PFqEzqAV6R70W+B0pWgpQBLQUbwk4Xwqyi4GEARodfeeIrnrVU2GNoclTkqQhLT7k50zt52I/r7EsWhFE5/SiRsMwAtIkv5y6OO8LeCs566cvE6HoWpT+QpEu9KO1v225TClPOj4Fc+VOPNm+V6oLYhFlsIvqnwC73D/dwcfNmecdmbsfdGH6sVl1O89hfTQdT/0mXHsJFiRQJbncoIIChypiL3IPK0JTxT3a8p+PuotQr+IrTE5xfAb/gi8vvypEMCaIgSbE0A1QmR4WUSSo+osm29ccrYUfV52pyTbfAKgWOuOjAgcMMU0jSvEdgE6h4NbpRhpfLIhbbS/3aASpLKMfMtqPGF74mHZuxDcYhBZQDoA5uLrOHAVsCfHy3wuIteLeBX7flXvBMf+es38fF938Irr5501x70+1fgUd+6vgP/Wd84gv2HOTZDvG3BGANrF9triwRBlHX3cbSYishrBjl2nFoGxtoL4Tzhu3ahf9tTjS8ao2nG/ucVQj9C2bTgnKNO/cG+a33Nn2luk2/9H7aFS//Eky95vQD/9O0Zv/oNgn8vbzdaEKjTBHk6JEqDXW2AytCUpZVhqHN7J6l21p80Z0cO4C3Xfeq04L/wynfjhvJf2JZiJUJqg+gaNE2HYVGkNceuNkotssiDSXRomgadWAim5c79Z5boYILP/e0HePU1H8bjL34NHvHnl+HZl78NH9v3LVz7n33gJ//f3r1aIQwDYBjlDQt0D1zZCsbKbOATWfKSxKFy7j3nV7WfbBIx4RgjiB/ED+IH8YP4QfwgfhA/fyH+W0rpvcGkSt+jN7kuIYRXjPGzTQZK17nvZ+l898Mhb8m75615j0lmtvaul9r5QPlwzrtMNrNz7xv4AnoIRo6yhoDGAAAAAElFTkSuQmCC" }] }

from balloon-client-desktop.

check out:
https://github.com/openid/AppAuth-JS
https://stackoverflow.com/questions/45264213/oauth2-openid-connect-javascript-electron-desktop-application/45278469#45278469
https://stackoverflow.com/questions/45242249/using-openid-connect-for-authentication-spa-and-rest-api/45250836#45250836

from balloon-client-desktop.

• once auth type has been choose it gets stored under config.auth oidc|basic
• multiple oidc can be configured (wiki coming)
• basic auth is the default and turned on (could also be disabled)
• if basic auth is disabled and only one oidc provider is setup, you won't see the login screeen, it goes directly to your IdP
• if oidc is choosen, the provider gets stored under config.oidcProvider and the provider automatically gets called for new tokens, you will not see the login window anymore from the setup
• accessToken, refreshToken and passwords are now stored in the os keyring
• keyring is optional for the node sync module, since it checks config first if their available as plains (but needed in combination with the desktop client)

from balloon-client-desktop.