I have a react application with authentication managed by Auth0.
I want to create browser extensions with users sharing their sessions between the web app and the extension.
I successfully followed this guide and it works well for google chrome and firefox in development. However, the callback_uri needs to be whitelisted in my Auth0 dashboard, and this is going to be a problem for firefox since uuid are non deterministic in firefox and change at every install, so the url moz-extensions://uuid cannot be used as a callback_uri
It looks like currently there’s no workaround for the issue of changing UUID of the extension app.
My first thought was to use wildcard character for the part of the extension UUID in the Callback URIs on the Auth0 tenant.
And on the app side specifying the ‘return to’ URI (URI the Auth0 server return the user after successful authentication) by asking at call for the installed by the enduser extension UUID (if possible at all…).
But it wouldn’t be a good solution from the security stand of view.
Anyway I’m happy to discuss this topic further. Thanks!