chrome.identity.getAuthToken in browsers that don't support "Sign in with Google"

[Roberto Oneto]

Hi developers,

is it possible to know in advance when chrome.identity.getAuthToken method
will fail when called from a non-enabled browser?

Example:
When chrome.identity.getAuthToken is called from the Brave browser,
the chrome.runtime.lastError.message property is set to "The user did not approve access."
However, the "Sign In with Google" popup will appear with the message: "Access blocked: <extension>'s request is invalid."

Is it possible to prevent this popup from opening, or better, hide the link/button that triggers the user gesture for a token request?

chrome.identity.getAuthToken is present in Brave, so I can't rely on a generic
check like: if (typeof chrome.identity.getAuthToken === 'undefined').
Furthermore, building an effective JS control for the browser the user is using (for example, with navigator.userAgentData) is not so trivial.
This algorithm may not work in six months, and in any case, Brave may add support for "Sign In with Google" in the future.

Any suggestions?

TIA

[Deco]

No, there isn't, the API only has support for Chromium browsers and there's none integration for non-chromium browsers, so there's no way of knowing that via a API surface level.

You also cannot block the popup, it is received via Oauth and gesture flow.

The only practical thing you can do is check for capabilities in the browser itself, and then prompt the UI based on that.

Something akin to:

chrome.identity.getAuthToken({ interactive: false }, (token) => {

  if (chrome.runtime.lastError) {

    // This browser won't give us a token

    console.warn("Auth not available:", chrome.runtime.lastError.message);

    disableSignInButton(); // hide/disable UI proactively

  } else {

    // Auth works, token is present

    enableSignInButton();

  }

});

but other than (something like that) your options are limited.

Thanks,

Deco

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/c814d80a-ee32-47e0-b694-ee4d537cd0acn%40chromium.org.

[Oliver Dunk]

If you want to support Google sign-in in all browsers, you can also use the launchWebAuthFlow() method to manually start an OAuth flow: https://developer.chrome.com/docs/extensions/reference/api/identity#method-launchWebAuthFlow

Of course, this is not quite as slick as picking up the user's already signed in profile.

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/CABcX4Udwn%2BoX%2B8SZu9DZL9svXOy9C_Fpx7BzoNSzubaEAsQs-A%40mail.gmail.com.

[Roberto Oneto]

Thank you for all  suggestions

[Stephen S.]

I wrote a series of posts about this last year for launchWebAuthFlow(). It's meant to be more of a guide if you are already working in this direction and trying to piece together all of the bits of docs across the web to get things to work. I knew that I had to write as much down so I wouldn’t have remember in the future :)

1. Configuring chrome.identity.launchWebAuthFlow for Google Sign In in the extension
2. Setting up a Cloudflare Worker to handle the token exchange and refresh
3. Handling the token revoke and refresh in the extension
   
   

Hope that it helps a bit.

Stephen