Is it possible to get extension user's email without him having SYNC enabled on his account?

[tradingc...@gmail.com]

We'd like to start identifying users as soon as they start using the extension, while it seems not many users have SYNC enabled on the accounts they use to sign in to Chrome.

By "start identifying", I'm not saying we're after user data, but we want to do Chrome-based userauth - distinguish unique users and actually have some unique ID (email would be best) for further reference on API and payment process. And ultimately - we would like to avoid that somebody pays for our service and his "license" is used by many other cheating users.

So far we see that user needs to be signed in to Chrome + have SYNC enable so that we can retrieve an email or anything unique for this user. Is there any way to do it for users without SYNC enabled?

Thanks,

Tom

[Cuyler Stuwe]

Yes.

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/b84cd71e-1796-446a-9f9e-1014407ae251n%40chromium.org.

[tradingc...@gmail.com]

How ? :)

[Cuyler Stuwe]

Depends.

First condition which affects your options is whether you’re using the current MV2 or the upcoming MV3.

[tradingc...@gmail.com]

Manifest V2, but I guess it could be updated to V3 if that's the requirement.

[Cuyler Stuwe]

Alright. I recommend thinking about what you can do with a background script, an iframe, and a content script.

[Trading Connector]

Could you elaborate on this concept? Somehow we cannot figure out how a background script and an ifrome could help in achieving our goal.

Allow me to repeat - we are trying to get users email, the one he is logged in to Chrome with. Without user having Sync enabled.

[hrg...@gmail.com]

Salem doesn't want to reveal his sneaky secret tricks... ;-P

Here is a hint:

You have to inject a content script into a page that displays the user's email.

[Cuyler Stuwe]

Yeah, I was trying to make him work for it a bit.

Trying to help people come up with more imaginative solutions, since MV2 really enables a lot of creativity beyond just "here's some API call".

There's actually several different ways to skin this cat.

The simplest, though, for grabbing what you're asking for, is just:

async function gimmeDatUserEmailPlz() {

    return new Promise(resolve => {
        chrome.identity.getProfileUserInfo({ accountStatus: "ANY" }, userInfo => resolve(userInfo.email));
    });
}

You need to have the following permissions in the manifest:

"identity"

"identity.email"

The latter of those too is poorly (if at all) documented.

Poor/incomplete documentation is a big part of why being a browser extension developer means high job security. 😉

[Cuyler Stuwe]

Also... *two.

[Cuyler Stuwe]

I should state further that this seems like an XY Problem though.

While my reply resolves the issues with your stated solution "Y", I'm not confident that your stated solution "Y" is necessarily the best solution to lead to the outcome "X" that you seem to want.

If you really want to protect your app against the people you call "cheaters", you really should have as much application logic as possible exist server-side, set up auth, and ask users to log in. Client-side extensions aren't hard to break for anyone who is minimally technical (and the non-technical people can just hire some dude from Pakistan to crack at it for $5/hr. until he breaks it).

[tradingc...@gmail.com]

It works! Thank you Salem!