javascriptgoogle-chrome-extensioncallbackoauth-2.0identity

Chrome identity launchWebAuthFlow only opens empty callback page


Sorry for yet another probably noob question, normally I don't give in until I find a solution myself but this one has me going for 3 days and it is time to admit I'm stuck...

I'm trying to authenicate a Chrome extension to use PushBullet user data via OAuth2:

background.js

var client_id = '<32 DIGIT CLIENT ID>'; 
var redirectUri = "chrome-extension://lgekckejcpodobwpelekldnhcbenimbe/oauth2";
var auth_url = "https://www.pushbullet.com/authorize?client_id=" + client_id + "&redirect_uri=" + encodeURIComponent(redirectUri) + "&response_type=token";

chrome.identity.launchWebAuthFlow({'url':auth_url,'interactive':true}, function(redirect_url){
    console.log(redirect_url)
});

manifest.json:

"permissions": [
    "identity", 
    "*://*.google.com/*",
    "*://*.pushbullet.com/*",   
    "storage"
  ],
  "web_accessible_resources": [ 
    "/oauth2/*"

When I load the extension:

  1. The Pushbullet authorization pop-up opens and asks to give permission to my extension (OK)
  2. I agree (OK)
  3. The Pushbullet window closes and a new empty page opes the URL of that windows is the callback URI with a token:

chrome-extension://lgekckejcpodobwpelekldnhcbenimbe/oauth2#access_token=o.zrrWrDozxMu6kftrMHb89siYJQhRVcoL

I did not expect an empty page to open but rather having launchWebAuthFlow captured the URI and have it written in the console log like coded in the callback function... but it seems to be waiting...

The only option now is to close this empty page only to see the following logged:

Unchecked runtime.lastError while running identity.launchWebAuthFlow: The user did not approve access.

Clearly I'm missing something vital... do I need additional code "somewhere" to get the callback URI in my background.js?

Thanks, really appriciate the help.

ShadowHunter


Solution

  • You are misunderstanding the identity API.

    You cannot use it with a custom callback URL. The API expects you to use a URL of the form

    https://<app-id>.chromiumapp.org/*
    

    which you can obtain with a call to chrome.identity.getRedirectURL(path)

    When the provider redirects to a URL matching the pattern https://<app-id>.chromiumapp.org/*, the window will close, and the final redirect URL will be passed to the callback function.

    This is because a lot of OAuth providers would not accept a chrome-extension:// URL as valid.

    If your does - great, but you'll need to use your own OAuth library (and token storage, which is worse). chrome.identity works only with the above.

    Do note that the network request is not actually sent to the chromiumapp.org address in this flow - it's a "virtual" address intercepted by the API.