Implementing OpenID / Oauth 2.0 flow in a plugin

We need to create a plugin that authenticates with an OpenID server using oauth 2.0 flow.

OAuth 2.0 spec for Native apps is explained in RFC 8252.
As far as I checked, the current UXP API isn’t enough to implement this kind of authentication flow. In RFC section 7 the 3 redirection possibilities are: 7.1 private URI Scheme, 7.2 Claimed “https” Scheme or 7.3 Loopback Interface.

I think 7.3 is the most appropriate for something like XD plugins, but it requires to listen for HTTP requests from the plugin.

This has already been asked:

  • OAuth workflows

    is there any way for an XD plugin to establish an HTTP listener on a non-privileged port?
    That would solve the problem of needing an external server that you poll to get the session ID, etc.

  • How to go about logging a user in to a website through UXP

    If we had the ability to set up a web worker, for example, listening on an https: server port localport , then the final OAuth redirect could be to localhost: localport so we could get the final token.

Setting up an extra service to store the oauth response is an unnecessary step and every plugin using oauth needs to implement its own. Also, adding an extra layer is an extra opportunity for mistakes handling the auth tokens back and forth.

Is the possibility of listening for an http request on a random loopback port planned?

1 Like

This +1000. We’ve been waiting years for this…

1 Like