launchWebAuthFlow - inadequate documentation

[DeCastro]

I have been trying to use launchWebAuthFlow in my chrome 

extension but am becoming exasperated by a seeming lack 

of documentation and/or a fully working example. An 

indication of this can be seen in the most upvoted answer to 

this question on StackOverflow. The answer includes the line

"client_id": "Your Client ID from Google Develpers console (Must be Web Application)",

I was puzzled as to where it was documented that a chrome extension 

should declare itself in the google cloud console as a web app, so I

asked the poster how he got this information. His reply was "I remember 

trying different options, and through trial and error, I discovered this 

was the only one that worked at the time."

Both the question and answer are now rather old and employ manifest v2.

Does there exist somewhere an example use of launchWebAuthFlow

and also the corresponding options that need to be set up in 

the cloud console?

[Oliver Dunk]

Hi DeCastro,

Are you looking to authenticate with Google or another provider?

We have some steps here for Google and it actually uses a different method to launchWebAuthFlow, which is mostly for other providers: https://developer.chrome.com/docs/extensions/mv3/tut_oauth/. Hopefully that might help.

If you run into any issues, let me know.

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/e68805cf-56d3-4525-8fab-abb07797597cn%40chromium.org.

[DeCastro]

I have a chrome extension that needs to use the Google Drive API.

I have it up and running successfully employing chrome.identity.getAuthToken()

but using this only works on Chrome. I want to change to any other

method that allows the extension to work on Edge/Brave/Vivaldi etc.

I see that the link you gave appears to use chrome.identity.getAuthToken()

so that won't work for me.

[Oliver Dunk]

Hi,

Replying here so everyone can benefit :)

I have it up and running successfully employing chrome.identity.getAuthToken() but using this only works on Chrome.

That makes sense - in this case I think you are right to look at the `launchWebAuthFlow` function. As you note, `getAuthToken` is only available in Chrome since it relies on a flow which involves the profile system within the browser.

This answer seems fairly comprehensive and in testing worked for me to get a Google auth token: https://stackoverflow.com/a/77283856/5012509. Have you tried that and did you have any luck?

When doing this, you do need to choose "Web application" and you can use `https://[EXTENSION ID HERE].chromiumapp.org/` as your Authorized redirect URI. I'm not certain what validation we have going on behind the scenes but I suspect when you choose "Chrome extension" we only allow getAuthToken based flows.

Hope this helps,

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

[DeCastro]

I did indeed try the answer you linked to (which went through several iterations BTW)

In the last comment you will see a long "Stackoverflow chat" that took place over 

several days. I have still not solved the "Error 400: redirect_uri_mismatch" problem :-(

[Oliver Dunk]

Hi,

Thanks for sharing that, it was helpful to hear what you've already tried.

In my experience, you do need to change your credential type to "Web Application" as one of the answers suggested. The "Chrome Extension" option only seems to work when using getAuthToken().

Unfortunately I'm not certain why this is (I suspect chromiumapp.org is not added as an allowed redirect URI). I've reached out to the team responsible for clarification and hope to hear back soon - I'll keep you posted. In the meantime, I think switching type would be the best option, but I wouldn't be comfortable speaking to your concerns around how this may impact the verification process, since that isn't something I'm involved with. Once I speak to the team I will try to get more clarity there.

Thanks for your patience,

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

[Roberto Oneto]

I agree with @DeCastro's impressions; official documentation on this topic is scarce.
Waiting for the successful outcome of the "OAuth2 consens screen" check (which will probably never arrive), I noticed, like @DeCastro, that some browsers do not support the "getAuthToken" method (Comodo Dragon, Brave, MS Edge, Naver Whale).
Brave doesn't even support the "indentity.mail" permission so I get an error already when loading the extension.
I'm trying now with "launchWebAuthFlow" but I also get the error "Error 400: redirect_uri_mismatch".
I haven't tried setting up "Web Application" in the cloud console yet.
I will do this test, but I think I will create a new project so as not to run the risk of invalidating the ongoing verification of the current project.

[Oliver Dunk]

Hi all,

I confirmed with the team and the allowed redirect URIs on a "Chrome Extension" token are indeed very strict. I think there's definitely scope to make this easier, and it's something I'd like to keep looking at, but any changes would likely be longer term.

On verification, you should be able to get approval with "chromiumapp.org" listed as a domain. However, any of the other optional URLs (e.g your home page) need to be on your own domain if filled out.

Hope this helps,

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB