Auto-login user into webview

[Karl Marqueed]

I have a Chrome Packaged App where users login to our App with an email and password and get an Auth Token back from our servers.

We later open a webview with our website in the webview. What would be the best way to auto-login the user into our website inside the webview?

I was thinking we could pass along the Auth token via the URL in the webview, but that probably isn't the most secure method. Are there other ways to pass info to the webview via the Chrome app?

[Fady Samuel]

+courage@ who worked on the identity API.

Fady

--
You received this message because you are subscribed to the Google Groups "Chromium Apps" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-app...@chromium.org.
To post to this group, send email to chromi...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-apps/.
For more options, visit https://groups.google.com/a/chromium.org/groups/opt_out.

[Ken Rockot]

What I've done is pass the auth token in an Authorization header. webview in M30+ (or in M29 with "experimental" permission enabled) supports a WebRequest API. You can use this to inject a header as follows (|webview| is a handle to your <webview> element and |token| is your auth token string):

webview.request.onBeforeSendHeaders.addListener(function(details) {

    var headers = details.requestHeaders;

    headers.push({ 'name': 'Authorization', 'value': 'Bearer ' + token });

    return { 'requestHeaders': headers };

  }),

  { urls: [ 'https://*.yourappdomain.com/*' ] },

  ["blocking", "requestHeaders"]);

Then your app of course needs to recognize this header and do the right thing.

You can see http://developer.chrome.com/extensions/webRequest.html for general webrequest API documentation. This maps pretty much 1:1 onto webview.request, though the latter remains undocumented.

--