The anatomy of tokens returned by chrome.identity.getAuthToken

[ilyaigpetrov]

The CWS Payments API is being deprecated so I work on a replacement.

I want to create a script that you can just deploy on a server and swap the URL of `https://www.googleapis.com/chromewebstore/v1.1/userlicenses/${id}` in your extension's code on the URL of your server and expect it to work without additional changes to the code.

The URL on googleapis accepts a token retrieved via chrome.identity.getAuthToken.

It would be good if I can get a user id from this token.

I tried to decrypt the token with jwt.io and google-auth-library to no avail.

My question is: how to extract user id from the token returned from chrome.identity.getAuthToken?

If it's not possible in the easy way, what is the right API to get user id from this token?

[Kos]

Have you tried https://developer.chrome.com/apps/identity#method-getProfileUserInfo ?

[ilyaigpetrov]

Yes, I know about it.

I had an idea of writing a shim drop-in script that may replace chromewebstore APIs **without** changing extension code very much (except the url and maybe some auth scopes).

This is my current solution, it requires adding "https://www.googleapis.com/auth/userinfo.email" scope and one host permission:

```js

import Koa from 'koa';
import Router from 'koa-router';
import Logger from 'koa-logger';
import fetch from 'node-fetch';

const app = new Koa();
const router = new Router();

// Response to GET requests
router.get('/', async (ctx) => {
  ctx.body = 'Hello, World!\n';
});

router.get(
  '/chromewebstore/v1.1/userlicenses/:extensionId',
  async (ctx) => {
    const googleUser = await fetch('https://www.googleapis.com/oauth2/v2/userinfo?alt=json', {
      headers: {
        Authorization: ctx.get('Authorization'),
        'Content-Type': 'application/json',
      },
    }).then((res) => res.json());
    const userId = googleUser.id;
    const userEmail = googleUser.email;
    if (!googleUser.verified_email) {
      ctx.body = '{ "error": "Your google email must be verified!" }';
      return;
    }
    ctx.body = `{ "googleUser": ${JSON.stringify(googleUser)} }`;
  },
);

// Logging
app.use(Logger());

// Add routes and response to the OPTIONS requests
app.use(router.routes()).use(router.allowedMethods());

// Listening to the port
app.listen(8080, () => {
  console.log('Server running on port 8080');
});

```

Was very helpful: https://stackoverflow.com/questions/26256179/is-it-possible-to-get-an-id-token-with-chrome-app-indentity-api/32548057.

[defuhi...@gmail.com]

Nice to meet you, ilyaigpetrov

Client side

Use Google Sign-In (https://developers.google.com/identity/sign-in/web/sign-in) to verify the users

<html lang="en">

  <head>

    <meta name="google-signin-scope" content="profile email">

    <meta name="google-signin-client_id" content="YOUR_CLIENT_ID.apps.googleusercontent.com">

    <script src="https://apis.google.com/js/platform.js" async defer></script>

  </head>

  <body>

    <div class="g-signin2" data-onsuccess="onSignIn" data-theme="dark"></div>

    <script>

      function onSignIn(googleUser) {

        // The ID token you need to pass to your backend:

        let id_token = googleUser.getAuthResponse().id_token;

        

        fetch("https://your-server-url", {

  method: "POST",

  mode: "cors",

  headers: {

    "Authorization": "Bearer " + id_token,

  },

        });

      }

    </script>

  </body>

</html>

Server side

Use laravel and laravel/cashier for Stripe's payment platform 

composer global require laravel/installer

composer require laravel/cashier

composer require google/apiclient

$id_token = $request->bearerToken();// built-in method of laravel

$client = new Google_Client(['client_id' => $client_id]);// google api client library

$payload = $client->verifyIdToken($id_token);

$provider_id = $payload['sub'];// unique id of Google account

$email =  $payload['email'];

$name  = $payload['name'];

2020年9月30日水曜日 1:48:05 UTC+9 ilyaigpetrov: