How do I authenticate users inside a chrome extension using vanilla javascript?
I need to do the same thing as usual, authenticate using the universal login, but from a chrome extension.
How do I authenticate users inside a chrome extension using vanilla javascript?
I need to do the same thing as usual, authenticate using the universal login, but from a chrome extension.
@benjamin1 I’m not surprised you haven’t gotten a response yet.
My experience with this has been 100% trial and error as Auth0 no longer officially supports browser extensions since they decided to not just deprecate, but outright delete and unpublish the npm package they used to have to support this scenario. But I digress…
What I’ve done is set up things on the Auth0 side as a single page application, and used the auth0-spa-js npm package.
First…
Go to the developer dashboard for the chrome web store and create your extension, uploading “something” and just functionally having the entry created. Make a note of the extension ID, then look up how to specify your extension ID in your manifest file (otherwise it will change with each install, not what you want).
Once your extension is reusing the same extension ID with each install (just test it locally unpacked at this point) set the extension ID as part of your allowed CORS and callback URLs in Auth0 as “chrome-extension://” if you plan on initiating logins from your popup, or options pages, you may want to also add those paths explicitly as allowed URLs. It may look like “chrome-extension:///options.html”, for example.
So far I’ve gotten the loginWithPopup()
to work consistently without major issues, however you will/do need to decide how you want to handle the callbacks, persist a token/session, and talk across the different scripts in your extension to mention a few aspects to be concerned with.
If you intend to also support Firefox, I’m (as I write this) trying to get things working on that side. Firefox has a slightly different style when it comes to approaching cross-domain security, and the meaningful feedback auth0 itself, and the browser each provide is lackluster, if not close to non-existent.
Best of luck!
Thank you for sharing that with the rest of community @nater !
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.