Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to Auth to an OAuth 2.0 API from inside a vscode extension

My team writes a monitoring system which we have recently migrated the definitions of our monitoring into a git repo. These definitions are comprised of some json and powershell files. VSCode is an ideal scenario for editing and dealing with git. The problem is while developing the monitoring it is nice to be able to execute it against a test environment. Previously all editing was done through a web interface and we allowed ad hoc execution of the powershell against test machines through an API which is secured with AzureAD and OAuth2.0.

VS Code extensions don't have access to the full electron api and you are restricted from creating a BrowserWindow to handle the usual OAuth redirect flow. Is there a way to work around this limitation and allow a user to auth to our api so that we can make calls to it?

Any ideas or possible workarounds would be awesome.

like image 395
Andrew Benton Avatar asked Jul 11 '16 23:07

Andrew Benton


People also ask

How do I authenticate here APIs using OAuth?

Generating HERE OAuth Credentials To make HERE OAuth API requests, you will need to generate an “access token”. To generate access tokens, you will first need to generate HERE OAuth Credentials from the developer.here.com portal. Go to developer.here.com and login with your credentials.


2 Answers

One thing you can do is to use Server to Server via Client Credentials authentication method. There is node npm library here. You will need to first register your VS code extension into Azure AD via Azure Portal. The downside of this method is the credential passed to the Web API won't be user's credential but rather same extension specific credentials. But it would be OK in case you don't need VS code user's identity.

like image 191
Art Nanakorn Avatar answered Oct 15 '22 20:10

Art Nanakorn


The supported way to get a user token for an application that doesn't have the ability to open a Web Browser to auth is the "OAuth Device Flow". Here is a link to a blog about how to implement it with AAD.

https://joonasw.net/view/device-code-flow

like image 30
Andrew Benton Avatar answered Oct 15 '22 21:10

Andrew Benton