Windows Service with authentication, some UI required

Question

I have to build a Windows Service which requires OAuth2 authentication. The service is intended (like all services should be) to run unattended (no user need to be logged in in Windows). The problem is, there is some user interaction required to get the OAuth2 authentication.

The service uses a third party API (I have no control over it) to do some checks, and sends out an email if a check comes back negative. The API requires authentication through a website. The service will run on an "always on" server.

Once authentication is validated, I would have a refresh token to periodically refresh authentication. So no more user interaction should be required after the initial authentication.

I think the best solution is to create a winForm/WPF application which prompts the user to login to the website, install the service and start the service. As said, once authenticated, the service can run unattended since authentication can be periodically refreshed (tokens are saved in an encrypted file). If for some reason authentication is lost, the service can send out an email requesting a user to login and re-authenticate.

I would imagine the following flow:

Is this an advisable solution, or is there something better? Have I forgotten/missed something?

Answer 1

OAuth2 of itself doesn't require the whole webpage third party prompts and Multi Factor tokens which are hard to automate.

You can use the password grant type and store a service username and password in your applications config.

However, If you don't control the authentication server and have to get a real person to login then your flow seems a sensible one.

You could potentially improve it by allowing the recipient of the email to complete the authentication process via a website rather than having to interact with the service directly. Perhaps even sending them the URL you get from the auth service.

But this would depend on the details of your implementation