Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Optionally serve OAuth 2.0 authentication with HTTPS #38

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

gdavison
Copy link

@gdavison gdavison commented Apr 5, 2021

Looking for feedback on the approach I've taken.

This PR adds the option to serve an OAuth 2.0 Authorization Code workflow with HTTPS in addition to HTTP. This is required by some APIs that don't allow HTTP for the auth page.

Currently works with a certificate file named localhost.crt and private key file named localhost.key in the configuration directory. These files must be created manually, for example using openssl.

Questions:

  1. Should each API have its own certificate, or can they be shared?
  2. Should we be able to reference an existing certificate for an API?

To do:

  • generate certificate pair if not present

Closes #31

@gdavison gdavison changed the title Optionally serve OAuth 2.0 authentication with HTTPS feat: Optionally serve OAuth 2.0 authentication with HTTPS Apr 5, 2021
@danielgtaylor
Copy link
Owner

Very interesting! I wonder if things could "just work" if we generate a real cert that browsers would accept and make local.rest.sh (or something similar) resolve to localhost. Any other ideas about how best to make this as painless as possible?

@dreverri
Copy link

mkcert makes creating localhost certs very easy https://github.com/FiloSottile/mkcert

@danielgtaylor danielgtaylor added enhancement New feature or request help wanted Extra attention is needed labels Jan 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow running OAuth 2.0 Authorization Code workflow with local HTTPS server
3 participants