Cannot get refresh token for Chrome Web Store API to publish Chrome extension

0
votes

I'm trying to upload and publish my Chrome Extension using Chrome Web Store API in Azure DevOps. I've been referencing the official Google guide but the problem is that it looks like it's outdated now. I'm failing at the step

To create the client ID and client secret, click on Create New Client ID, select Installed Application, and Other under Installed application type.

When I do this, I don't see option for "Other" in Application Type dropdown. Application Types

I've tried the following:

  1. Choosing Web Application as Application Type

With this I'm not able to get an access code with this link:

https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/chromewebstore&client_id=$CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob

it's resulting in "Error 400: redirect_uri_mismatch". If I add an authorized redirect URI in my Client ID settings, like 'localhost', and replace 'urn:ietf:wg:oauth:2.0:oob' in URL above with it, I'm able to invoke authorization process and get the code from URL. But when I try to make a curl request to https://accounts.google.com/o/oauth2/token to get the refresh token I don't receive a refresh token, I only get this:

{
  "access_token": "",
  "expires_in": 3599,
  "scope": "https://www.googleapis.com/auth/chromewebstore",
  "token_type": "Bearer"
}
  1. Choosing Chrome App as Application Type

Pretty much the same happens here as in previous attempt, except I don't have to substitute the redirect URI in request for access code, but I also don't have Client Secret for this application type, so I just omit it. Anyways, it results in the same response that doesn't have refresh token.

  1. When I enable Chrome Web Store API in dev console and try to create new credentials, it suggests to create API key instead of Cliend ID. But it doesn't look like this API can actually work with this key, I've tried sending it as query param, as a header, and I always get 401 result with "Login Required" message. But when I try to send a request with (invalid) token in a header I get meaningful response (smth like Invalid Credentials).

Apparently I do need to have access token to work with Chrome Web Store API but without refresh token I need to manually authorize my permissions and that's not acceptable because I need to use in my CI/CD pipeline. It looks like Google removed the option to just generate this info for such application types.

So, the question is, how can I get the refresh token to actually be able to continuously deploy the chrome extension?

1
google-apigoogle-oauth

1 Answers

2
votes

Ok, so the trick here was to add two params to the request that you use to get the access code (not token):

&access_type=offline&approval_prompt=force

And so the link should be:

https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/chromewebstore&client_id=$CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob&access_type=offline&approval_prompt=force

And Google should do better job in updating their docs.