There is a third-party google chrome extension that has been written to interact with my website. It automatically logs a client computer into my website and then submits information to a particular page on my website.
Once this client computer is logged into my secure website, is there a way for this Chrome extension to extract information from other pages that would only be visible when a user is logged into my website?
Yes, chrome extensions have full access to everything you are doing in the browser while the extension is enabled.
Related
We are advertising our product on Facebook and Linkedin. When users click on our ads, a webview opens with an opinion for Google SSO as a sign-up option. We support only webview at the moment.
The Google OAuth as a sign-up/login mechanism works on desktop and mobile, but when the site opens inside a mobile app such as Facebook, the user gets this error shown.
the error leads to: https://developers.google.com/identity/protocols/oauth2/web-server#authorization-errors-disallowed-useragent
As I understand Google wants us to set 2 configuration files in our site route directory, "apple-app-site-association.json" file for iPhone and "AndroidManifest.xml" for android.
I'm trying to configure them, but I don't understand how to without a mobile app.
This is expected due to security changes to Google's OAuth 2.0 authorization endpoint, you can find more details here
When setting up the Google OAuth consent screen for a new project (a chrome extension), what exactly should be put in the Authorized Domains field? If my extension can pop up on any website, then is there any way for me to fill this out so I can log in to the extension?
This should help: https://firebase.google.com/docs/auth/web/google-signin#authenticate_with_firebase_in_a_chrome_extension
You basically need to introduce chrome-extension://CHROME_EXTENSION_ID in the Authorized domains field
You all know this page.. Is there ANY way to customize this page somehow?
I thought using an iframe and custom the HTML but Google won't let
me embed their websites..
I thought using a Google Site and inserting a login gadget but there
is no login gadget.
What I want is a custom page where my clients can login to their gmail, drive....
What I want it's not impossible, this guys http://www.cloudcodes.com/custom-login-page.html offers you the possibility to custom the login page and even redirect you to another page after you've logged in.
Directly editing the native login page at accounts.google.com is not possible.
However, for Google Apps accounts, you have the option to set up the Single Sign On service, which allows you to authenticate through a third party provider (Or yourself, if you have the ability). What GControl are offering is this service, although they've labeled it misleadingly, to make you believe your actually editing the login page, rather than redirecting your users to a secure login.
They do it very well though, leveraging the Google Apps APIs to allow you to write and setup the service in their own console.
Source: I installed the service and tried their free trial, and they simply used the APIs to enable SSO on my domain.
Edit for clarity: SSO setup is not available for consumer Gmail.com accounts.
I am using multiple authentication providers and protocols(Oauth2, Open ID 2, SAML) for authentication which need client to be redirected to providers authentication URL. After successful authentication server will redirect client back to application server URL with user information/code/token in header.
This is already working fine in web browser, node webkit app and cordova as I can use window.open and then see the changes in the url or close the popup window after getting the access token.
Since this is not an extension I will not be able to use chrome.tabs. I tried chrome.window also and it also doesn't allow redirection.
Even webview allows to open an external url, but doesn't allow redirect.
I can't use chrome.identity as its just specific to Oauth 2. Sandbox also doesn't work.
Can someone please tell me if they have ever used Oauth, OpenID, SAML, redirections in chrome packaged apps without using the chrome.identity
I am developing a chrome plugin which allows the users to email any web content from a html page. For that, I need to use the google authenticator api to allow users to log into their google accounts for sending emails. The OAuth2.0 specs require the redirect_ui parameter which is the url to be called after google authenticates the user. My question is whether it is possible to skip this parameter. I don't want the plugin to be hosted anywhere. I am thinking that it would be hosted locally on the user's machine.
Thanks in Advance.
Google has made a library specifically for using OAuth in Chrome extensions. You can check out the tutorial here.
In case someone stumbles upon this answer in 2017+, extensions (in Chrome and FF) now have a chrome.identity API.
It takes care of the OAuth dance for you, and provides you with a virtual redirect address https://<your-extension-id>.chromiumapp.org/ that will be intercepted by the browser. That way, you can provide a redirect URL without hosting anything.