Chrome Extension example of oAuth 2.0

8
votes

The chrome developer extension tutorials use an outdated oAuth 1 that will be phased out in April 2015: https://developer.chrome.com/extensions/tut_oauth

Is there a tutorial of implementing oAuth 2.0 inside a chrome extension?

4
google-chrome-extensionoauth-2.0
Bulk, seriously the internet is larger than the first results of google. Knowledgeable people could point out golden results otherwise not found through a query. - Dmitry Sadakov
I for one am glad you asked this question, upvoted. Also, that's one deep sentence :D - "Bulk, seriously the internet is larger than the first results of google." - Dheeraj Bhaskar
@cDima While searching for information on doing oauth2 calls from an extension I landed back on this page (from a google result). I had totally forgotten I said what I said and 1. I feel like a total idiot, and 2. owe you an apology. I don't want to make excuses so I'll just say clearly you didn't deserve my comment, and I'm very sorry for it. - Dan Smith
@bulk all good my friend ;) - Dmitry Sadakov

4 Answers

14
votes

I've written an example of how to integrate any OAuth2 system into a Chrome extension. My extension uses AngularJS as the framework, but you could do it in plain old JavaScript or some other framework if you so choose by following the same patterns.

The trick is to use the chrome.identity.launchWebAuthFlow() method.

My example is actually configured to use Google, but that's merely because it is convenient. You can use your own OAuth2 provider, as I do at my company. The important distinctions are that launchWebAuthFlow() doesn't require the browser to be logged into Google the way the chrome.identity.getAuthToken() method would, and that you can use it with non-Google OAuth2 systems.

4
votes

The right answer was to use Google Identity api, which under the covers uses oAuth 2.0 endpoints to https://.chromiumapp.org/* urls.

3
votes

I personally find the Chrome Identity API hard to use. Maybe it's because the documentation is poorly written or because Google is only straightforward about doing authentication against their own services.

I found an old library that does most of the OAuth dance and the required injections pretty well. I did some cleaning and extended the API. You can find it here: https://github.com/whoisjuan/ChromeAuth2

0
votes

At this point, you may need to add "https://www.googleapis.com/auth/contacts" in manifest.json

....
"oauth2": {
    "client_id": "[Your Client Id]",
    "scopes": ["https://www.googleapis.com/auth/contacts"]
  }
....