CrowdControl App should use native browser for auth

As per Best Security Practices CrowdControl should be opening a local/native/external browser to handle the authorization, not using an internal browser.

OAuth 2.0 authorization requests from native apps should only be made
through external user-agents, primarily the user’s browser.

Under the assumption that CrowdControl is an electronjs app, to open a URL externally use require('shell').openExternal('auth_URL_here')

Thanks for the report. I’ll add this to our internal tracker and see if we can’t get the behavior changed in one of our up coming releases.

I have a working client with this functionality, will be running though some testing tonight with it. So should be released later tonight or early morning if tests go well.

This is now released.

1 Like