![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 60%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Ashu Ghildiyal ,
I reached out to the product team to share your concern, and they replied that they are working on making the sample a bit more secure by using the default browser. They will update the sample when as they add more layers of security to it.
For now though, the Electron NodeJS sample and tutorial follows the best practices that we have found, but since we don't officially support electron, we can't guarantee that it's as safe as it can be. https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-nodejs-desktop
As mentioned in the article, to demonstrate best security practices, the Electron sample application makes use of a custom file protocol instead of a regular web (https://) redirect URI in order to handle the redirection step of the authorization flow. This is suggested in the OAuth2.0 specification for Native Apps.
I hope this helps!
Marilee
-
If this answer was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.