mirror of
https://github.com/trezor/trezor-suite.git
synced 2026-03-21 22:57:17 +01:00
a0556d2e0c
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
@trezor/auth-server
Authorization endpoints for saving labels in Google Drive via OAuth 2.0.
Google requires client_secret specific for an app to grant long term access to a user via a refresh_token. This is a recommended OAuth flow for desktop apps. Exposing client_secret could potentially enable attackers impersonating the app to gain access to the user's labels. Therefore, Google authentication server is accessed via our backend which stores the client_secret. Unlike the Dropbox OAuth implementation, it is not possible to substitute the secret with PKCE.
Development
- Generate your own testing credentials for a Desktop App in Google Cloud Platform.
- In Google Cloud Platform, add your account as a test user of the app.
- Replace
client_secretin index.ts andclient_idin @trezor/suite with generated credentials. - Set OAuth API in Suite debug settings to
http://localhost:3005or override theauthServerUrlhere. - Install dependencies via
yarn workspace @trezor/auth-server install. - Run the server locally via
yarn workspace @trezor/auth-server dev.
Build
yarn workspace @trezor/auth-server build