Stop Pasting Tokens: OAuth2 Login for JetBrains IDE Plugins | The JetBrains Platform Blog

Jakub Chrzanowski discusses a method to integrate OAuth2 authentication into JetBrains IDE plugins, focusing on avoiding the insecure practice of requiring users to paste personal access tokens. Instead, the proposed approach uses OAuth2 for secure and limited access, allowing users to authenticate through a familiar browser login, with the plugin receiving and storing the access token securely in PasswordSafe. The process involves generating a state, code verifier, and code challenge, which are used to ensure the security and validity of the token exchange, especially through the Proof Key for Code Exchange (PKCE) method. The article explains the flow of authentication, from user login to token storage, and emphasizes the importance of assigning responsibilities correctly within the plugin's architecture. The sample code provided demonstrates how to implement this flow using GitHub as the OAuth2 provider, ensuring that API code remains independent of the authentication mechanism.