{"id":50999011,"url":"https://github.com/workos/electron-authkit-example","last_synced_at":"2026-06-20T12:34:21.852Z","repository":{"id":331787610,"uuid":"1130693976","full_name":"workos/electron-authkit-example","owner":"workos","description":"Electron app with WorkOS AuthKit authentication using deep links for OAuth callbacks","archived":false,"fork":false,"pushed_at":"2026-01-20T16:05:01.000Z","size":365,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-21T01:18:35.598Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/workos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-08T21:50:39.000Z","updated_at":"2026-01-20T16:05:24.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/workos/electron-authkit-example","commit_stats":null,"previous_names":["workos/electron-authkit-example"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/workos/electron-authkit-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workos%2Felectron-authkit-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workos%2Felectron-authkit-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workos%2Felectron-authkit-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workos%2Felectron-authkit-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/workos","download_url":"https://codeload.github.com/workos/electron-authkit-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workos%2Felectron-authkit-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34570538,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-20T02:00:06.407Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-20T12:34:20.827Z","updated_at":"2026-06-20T12:34:21.846Z","avatar_url":"https://github.com/workos.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Electron + WorkOS AuthKit\n\n\u003cimg width=\"2024\" height=\"1564\" alt=\"capture_20260105_093742\" src=\"https://github.com/user-attachments/assets/6610fb06-dd1b-4211-a3b5-2f1b60c94311\" /\u003e\n\nAn example Electron app with WorkOS AuthKit authentication using the [`@workos-inc/node`](https://www.npmjs.com/package/@workos-inc/node) SDK with PKCE.\n\n## Quick Start\n\n```bash\ngit clone \u003crepo-url\u003e\ncd electron-authkit-example\npnpm install\n```\n\nCreate `.env`:\n\n```bash\nMAIN_VITE_WORKOS_CLIENT_ID=client_xxx\n```\n\nAdd `workos-auth://callback` as a redirect URI in your [WorkOS Dashboard](https://dashboard.workos.com).\n\n```bash\npnpm dev\n```\n\n## What This Demonstrates\n\nElectron apps can't use traditional cookie-based auth flows. This example shows how to implement WorkOS AuthKit authentication using:\n\n1. **PKCE (Proof Key for Code Exchange)** — Secure OAuth flow for public clients that can't safely store a client secret\n2. **Deep link handling** — Registers `workos-auth://` protocol to receive OAuth callbacks from the system browser\n3. **Secure session storage** — Uses `electron-store` with Electron's `safeStorage` API (OS keychain) for token persistence\n\n## Architecture\n\n```\nRenderer (React)          Main Process\n┌──────────────┐         ┌─────────────────────────┐\n│  useAuth()   │──IPC───▶│  IPC Handlers           │\n│  signIn()    │         │         │               │\n│  signOut()   │◀─────── │         ▼               │\n└──────────────┘         │  auth.ts                │\n                         │  (@workos-inc/node)     │\n                         │         │               │\n                         │         ▼               │\n                         │  electron-store         │\n                         │  (encrypted)            │\n                         └─────────────────────────┘\n```\n\n## Key Files\n\n| File | Purpose |\n|------|---------|\n| [`src/main/auth/auth.ts`](src/main/auth/auth.ts) | PKCE flow, token exchange, session storage, refresh logic |\n| [`src/main/auth/deep-link-handler.ts`](src/main/auth/deep-link-handler.ts) | Registers `workos-auth://` protocol, handles OAuth callback |\n| [`src/main/auth/ipc-handlers.ts`](src/main/auth/ipc-handlers.ts) | IPC handlers for sign-in, sign-out, get-user |\n| [`src/preload/index.ts`](src/preload/index.ts) | Exposes `window.auth` API to renderer |\n| [`src/renderer/src/hooks/useAuth.ts`](src/renderer/src/hooks/useAuth.ts) | React hook for auth state |\n\n## How It Works\n\n### PKCE Flow\n\n[PKCE (Proof Key for Code Exchange)](https://oauth.net/2/pkce/) is required for Electron apps because they're \"public clients\"—the app binary can be decompiled, so a client secret can't be safely embedded.\n\n1. **Sign-in initiated** — App generates a random `code_verifier` and derives a `code_challenge` (SHA256 hash)\n2. **Authorization request** — User is sent to WorkOS with the `code_challenge`; the `code_verifier` is stored locally\n3. **User authenticates** — WorkOS redirects to `workos-auth://callback?code=xxx`\n4. **Token exchange** — App sends the `code` + original `code_verifier` to WorkOS\n5. **Verification** — WorkOS hashes the `code_verifier` and confirms it matches the original `code_challenge`\n6. **Tokens issued** — Access and refresh tokens are returned and stored securely via OS keychain\n\nThis ensures that even if an attacker intercepts the authorization code, they can't exchange it without the `code_verifier` that never left the app.\n\nToken refresh is automatic when calling `getUser()`.\n\n## Build\n\n```bash\npnpm build:mac    # macOS\npnpm build:win    # Windows\npnpm build:linux  # Linux\n```\n\n## Learn More\n\n- [`@workos-inc/node`](https://www.npmjs.com/package/@workos-inc/node) — WorkOS Node.js SDK\n- [WorkOS AuthKit Docs](https://workos.com/docs/user-management) — User management documentation\n- [PKCE (RFC 7636)](https://oauth.net/2/pkce/) — Proof Key for Code Exchange specification\n- [Electron Deep Links](https://www.electronjs.org/docs/latest/tutorial/launch-app-from-url-in-another-app) — Protocol handling in Electron\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fworkos%2Felectron-authkit-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fworkos%2Felectron-authkit-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fworkos%2Felectron-authkit-example/lists"}