 |
Google offers user authentication through OpenID Connect. Although usually, this feature is used by web sites, it can also be used with desktop applications. In this repository you can find a Python3 script that authenticates users based on their Google account.
What this script does is, it opens a web browser that redirects user to Google's authorization page and at the same time it begins a web server that "listens" for the access code. Upon receiving the access code it "exchanges" for an id token that includes user information.
Since the client secret of a desktop application can be easily protected, this script leverages Proof Key for Code Exchange by OAuth Public Clients, a technology defined in RFC 7636 and supported by Google. With PKCE, the script generates a random code verifier and transmits its SHA-256 hash when requesting the access code. Then, it transmits the actual code verifier when requesting the id token.
