OAuth2 in browser extension
824 views
Skip to first unread message
Chris Drane
Dec 8, 2014, 1:15:55 PM12/8/14
to chromium-...@chromium.org
I am writing a browser extension that will use the Gmail API. In order to do so, Google requires authentication via oauth2.
However, I'm experiencing a problem with my javascript origin. Google only accepts values as valid if they are using the HTTP or HTTPS protocol, but according to my oauth error message, the actual origin actually is chrome-extension://<extension id>. Google will not let me submit this as my origin.
What can I do here?
Thanks,
Chris
Dick Hardt
Dec 8, 2014, 1:25:35 PM12/8/14
to Chris Drane, Chromium-extensions
You need to either have a server that you redirect requests to that then can send a response back to your extension, or you can use https://developer.chrome.com/extensions/identity APIs
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bd6a62b1-4079-4beb-8203-953138a5a340%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
Chris Drane
Dec 8, 2014, 1:31:50 PM12/8/14
to chromium-...@chromium.org, csd...@gmail.com
Thanks. What would I use for origin if using chrome.identity?
On Monday, December 8, 2014 1:25:35 PM UTC-5, Dick Hardt wrote:
You need to either have a server that you redirect requests to that then can send a response back to your extension, or you can use https://developer.chrome.com/extensions/identity APIs
On Mon, Dec 8, 2014 at 10:15 AM, Chris Drane <csd...@gmail.com> wrote:
I am writing a browser extension that will use the Gmail API. In order to do so, Google requires authentication via oauth2.However, I'm experiencing a problem with my javascript origin. Google only accepts values as valid if they are using the HTTP or HTTPS protocol, but according to my oauth error message, the actual origin actually is chrome-extension://<extension id>. Google will not let me submit this as my origin.What can I do here?Thanks,Chris
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
Dick Hardt
Dec 8, 2014, 1:42:11 PM12/8/14
to Chris Drane, Chromium-extensions
Play with the API. You don't need an origin to get a Google generated access token.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/60fc3e3c-24fa-4a27-b7e5-8f401e204842%40chromium.org.
Chris Drane
Dec 9, 2014, 3:41:03 PM12/9/14
to chromium-...@chromium.org, csd...@gmail.com
I'm having a very difficult time trying to get getAuthToken() working.
When I try to run this using the client id Google gave me, I receive the error bad client_id {0}. I also created a new project, created a new client ID within it, and received the same error.
I figured I must be doing something wrong. But then I took two client IDs that I found for other existing projects, and I swapped those in as my own ID.
This time, Google recognizes the IDs, and it tells me that they don't match the extension ID.
Another data point: I manually built and sent a request via https://accounts.google.com/o/oauth2/auth. I received a valid token in response. I did this using my own client id.
Final piece of data: I have a project on Google that was suspended for creating too many errors. I'm wondering if this could have resulted in a blacklisting for other projects. The fact that I was able to manually receive a token leads me to believe this is not the case.
Here is my manifest.json:
{
"manifest_version": 2,
"name": "name",
"description": "description",
"version": "0.1.2",
"minimum_chrome_version": "29",
"permissions": [
"https://*/*",
"identity"
],
"content_security_policy": "script-src 'self' https://apis.google.com; object-src 'self'",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"oauth2": {
"client_id": client_id,
"scopes": ["https://mail.google.com"]
},
"key": key
}
On Monday, December 8, 2014 1:42:11 PM UTC-5, Dick Hardt wrote:
Play with the API. You don't need an origin to get a Google generated access token.
On Mon, Dec 8, 2014 at 10:31 AM, Chris Drane <csd...@gmail.com> wrote:
Thanks. What would I use for origin if using chrome.identity?
On Monday, December 8, 2014 1:25:35 PM UTC-5, Dick Hardt wrote:
You need to either have a server that you redirect requests to that then can send a response back to your extension, or you can use https://developer.chrome.com/extensions/identity APIs
On Mon, Dec 8, 2014 at 10:15 AM, Chris Drane <csd...@gmail.com> wrote:
I am writing a browser extension that will use the Gmail API. In order to do so, Google requires authentication via oauth2.However, I'm experiencing a problem with my javascript origin. Google only accepts values as valid if they are using the HTTP or HTTPS protocol, but according to my oauth error message, the actual origin actually is chrome-extension://<extension id>. Google will not let me submit this as my origin.What can I do here?Thanks,Chris
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsubscribe...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bd6a62b1-4079-4beb-8203-953138a5a340%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
Bindu Bharathi
Dec 9, 2014, 7:34:14 PM12/9/14
to chromium-...@chromium.org
Hi Chris,
You can solve this 2 different ways.
1. Either you have to access external web page from extension where you can generate oauth code and capture in chrome extension page
2. Use Google app script which is have predefined methods to authenticate and get the oauth token.
Thanks,
Bindu
Chris Drane
Dec 10, 2014, 10:20:02 AM12/10/14
to chromium-...@chromium.org
I figured out my problem. I was using a Web Application client id rather than a Chrome Application client id. It was not clear to me that this was necessary, as Google draws a clear distinction between Extensions and Apps, and I am creating the former.
Reply all
Reply to author
Forward
0 new messages