In my packaged app I call
chrome.identity.getAuthToken({'interactive': true }, function (token) {
console.log('user token: ' + token);
});
but every time i enter with different google accounts it produces the same token. What could possibly go wrong here?
Chrome app identities are tied to the Google account signed into Chrome. You can change the current signed in account in Chrome settings, but I recommend you create a new Chrome profile instead.
Related
I've previously setup and followed these steps, and got it to work:
https://firebaseopensource.com/projects/firebase/quickstart-js/auth/chromextension/readme/#license
But cloning this extension, but with a different Extension ID, different firebase instance and OAuth/key setup, I've tried to follow the steps at least 3 separate times, but every time it fails at the last step, the login (the consent screen works though)
Upload a fresh dummy extension (without key field in manifest.json) (But it is the exact same code as the working one)
Get the Chrome Extension ID, and the Public Key, no problem
Create OAuth Client ID with the Extension ID, configured consent screen, no problem, the screen shows up and I can click through
Add OAuth & Public Key to manifest.json
Make another OAuth Client ID? (I think this is a duplicate step, because which Client ID should I use? and afaik the whitelisting is optional)
Use chrome.identity to get OAuth token:
export function startAuth(interactive) {
// Request an OAuth token from the Chrome Identity API.
chrome.identity
.getAuthToken({ interactive: !!interactive }, (token) => {
if (chrome.runtime && !interactive) {
console.error('It was not possible to get a token programmatically.');
}
else if (token) {
// Authorize Firebase with the OAuth Access Token.
const credential = firebase.auth.GoogleAuthProvider
.credential(null, token);
firebase.auth()
.signInWithCredential(credential)
.catch((error) => {
// The OAuth token might have been invalidated. Lets' remove it from cache.
if (error.code === 'auth/invalid-credential') {
chrome.identity
.removeCachedAuthToken({ token }, () => {
startAuth(interactive);
});
}
});
}
else {
console.error('The OAuth Token was null');
}
});
}
Note: This code is working with another extensionID/OAuth/key, so the code itself can't be the problem.
There isn't much to change between them, it's really the ExtensionID, the OAuth client ID url, and the public key.
I've followed the steps 3 times, to no avail, every time I get the error auth/invalid-credential. I do get a token though, but that token won't authenticate. How to find out why this is?
It's trying to post to this address, and returning error 400:
POST: https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=xxxxx
Error: INVALID_IDP_RESPONSE : Invalid Idp Response: access_token audience is not for this project
My conclusion
There must be something changed with how to set this up, even though it works with different credentials
The problem was that I didn't create the OAuth in the same project in google cloud console, as the firebase project...
I'm having issues with my authentication on a Chrome Extension that I am working on to learn. Currently, my extension works for my profiles if users are logged in. As soon as I test this (by giving another party access), the extension does not seem to authorize. Am I doing something wrong here?
Could the below code be causing the issues with authentication? To give some context, this is in the background.js file of my extension.
function auth(token){
chrome.identity.getAuthToken({ 'interactive': true }, function (token) {
if (chrome.runtime.lastError) {
console.log(chrome.runtime.lastError);
//Push Manual Authorise Button to UI
} else {
//Authorised
console.log('Token acquired: ' + token +
' See chrome://identity-internals for details.');
classroomsExist(token);
}
return token;
});
}
Update:
I have tested this on another user account by loading the extension manually, as an unpacked extension and the authentication works. What could be causing the issue when installing from the webstore? My application ID is the same in manifest.json as Google Developer Console.
The client_id changes when you publish, so the manifest.json and app code needs to update any references to it when publishing to the web store.
I'm building a tool where a user would want to authenticate multiple Instagram accounts into the application. The problem I run into is if the user has already authenticated one and I initiate the OAuth dialogue again, the OAuth assumes that I want the access token of the user already logged in.
I have an iOS app that is similar and the way to avoid this is clear all the cookies of the Safari browser.
I'm using the instagram-node module right now.
app.get('/authenticateInstagram', function(req, res) {
res.redirect(ig.get_authorization_url(redirectURI, {
scope: ['basic', 'public_content', 'likes', 'follower_list', 'relationships'],
state: 'a state'
}));
});
app.get('/handleInstagramAuth', function(req, res) {
ig.authorize_user(req.query.code, redirectURI, function(err, result) {
if (err) {
console.log(err.body);
res.send('Didn\'t work');
} else {
console.log('Yay! Access token is ' + result.access_token);
res.send('You made it!!');
}
});
});
So when I try to add another IG account (now that I've signed into an Instagram account already), I don't get prompted to log in by the OAuth sequence. It assumes I'm the previously signed in user.
I can think of the following approaches
You can make a request to logout end point if Instagram supports it. Once you logout you can login again
I am not sure if instagram supports prompt=login parameter. If so it should take you to login page for each call.
I checked Instagram documentation and I think you can use Client side (Implicit) flow to login every time to get access token.
I am building an chrome extension in which I used
chrome.identity.getAuthToken({
interactive: true
}, function(token) {
if (chrome.runtime.lastError) {
alert(chrome.runtime.lastError.message);
return;
}
var x = new XMLHttpRequest();
x.open('GET', 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=' + token);
x.onload = function() {
alert(x.response);
};
x.send();
});
on background.js for google login authentication.
When this function called, a window appear which show logged-in google accounts (if any) but my problem is it shows only 1 account but I logged-in 5 accounts in the browser.
Is there anything which I missed over here ?
And I also need to know how to write logout function ?
chrome.identity will use the account that is "signed in" in chrome://settings. If not signed into Chrome, it will pop up a tab to allow you to "sign in" to Chrome, meaning linking the current profile and a google account.
If you want to show all the accounts simply signed in, you will need to manually create a popup window (using e.g. chrome.tabs.create or window.open and have the redirect url go back to your server which then communicates to your extension (e.g. using sendMessage and onMessageExternal), or if you have tabs permission, you could redirect using urn:ietf:wg:oauth:2.0:oob:auto as your redirect url, which will make the oauth grant appear in the window.title, which you can read with your tabs permission.
I'm building a Chrome extension and would like to use Firebase to persist state shared between users. Firebase authentication doesn't work within Chrome extension because there's no origin domain. The chrome.identity API can be used to ensure that the user is authenticated and to get the access token for OAuth requests.
A couple of considerations:
Use chrome.storage to store a token and use that to authenticate with Firebase. The storage area is not encrypted, so it would be trivial to read a user's token from their disk.
I assume the token returned by chrome.identity.getAuthToken is an OAuth access token and therefore transient - it wouldn't be suitable for a permanent unique identifier for a user.
I could make a request to a Google OAuth API to exchange the access token for the user's profile (https://www.googleapis.com/userinfo/v2/me), which contains an id field, but this is public.
I came across this question on my quest to solve a similar problem. I am sure the question is outdated but maybe my solution helps someone else stumbling over this question.
It is indeed possible to use chrome.identity for Firebase authentication... But the way is not through the custom authentication method. There is another method which accepts the OAuth2 token from chrome.identity.getAuthToken.
Here is everything I did following this tutorial:
(It also mentions a solution for non-Google auth providers that I didn't try)
Identity Permission
First you need permission to use the chrome identity API. You get it by adding this to your manifest.json:
{
...
"permissions": [
"identity"
],
...
}
Consistent Application ID
You need your application ID consistent during development to use the OAuth process. To accomplish that, you need to copy the key in an installed version of your manifest.json.
To get a suitable key value, first install your extension from a .crx file (you may need to upload your extension or package it manually). Then, in your user data directory (on macOS it is ~/Library/Application\ Support/Google/Chrome), look in the file Default/Extensions/EXTENSION_ID/EXTENSION_VERSION/manifest.json. You will see the key value filled in there.
{
...
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFbIrnF3oWbqomZh8CHzkTE9MxD/4tVmCTJ3JYSzYhtVnX7tVAbXZRRPuYLavIFaS15tojlRNRhfOdvyTXew+RaSJjOIzdo30byBU3C4mJAtRtSjb+U9fAsJxStVpXvdQrYNNFCCx/85T6oJX3qDsYexFCs/9doGqzhCc5RvN+W4jbQlfz7n+TiT8TtPBKrQWGLYjbEdNpPnvnorJBMys/yob82cglpqbWI36sTSGwQxjgQbp3b4mnQ2R0gzOcY41cMOw8JqSl6aXdYfHBTLxCy+gz9RCQYNUhDewxE1DeoEgAh21956oKJ8Sn7FacyMyNcnWvNhlMzPtr/0RUK7nQIDAQAB",
...
}
Copy this line to your source manifest.json.
Register your Extension with Google Cloud APIs
You need to register your app in the Google APIs Console to get the client ID:
Search for the API you what to use and make sure it is activated in your project. In my case Cloud Firestore API.
Go to the API Access navigation menu item and click on the Create an OAuth 2.0 client ID... blue button.
Select Chrome Application and enter your application ID (same ID displayed in the extensions management page).
Put this client ID in your manifest.json. You only need the userinfo.email scope.
{
...
"oauth2": {
"client_id": "171239695530-3mbapmkhai2m0qjb2jgjp097c7jmmhc3.apps.googleusercontent.com",
"scopes": [
"https://www.googleapis.com/auth/userinfo.email"
]
}
...
}
Get and Use the Google Auth Token
chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
// console.log("token: " + token);
let credential = firebase.auth.GoogleAuthProvider.credential(null, token);
firebase.auth().signInWithCredential(credential)
.then((result) => {
// console.log("Login successful!");
DoWhatYouWantWithTheUserObject(result.user);
})
.catch((error) => {
console.error(error);
});
});
Have fun with your Firebase Service...