Menu
I'm building a chrome extension that facilitates the creation of contacts straight from the browser without needing to go to my devise-powered rails app itself. Contacts#Create requires authentication so I'm wondering how I can do send authenticated requests from the extension.
I've enabled devise TokenAuthenticatable and so my users have an authtoken. I've written a method in my extensions js that posts to my rails app's contacts#create action. For testing, I've simply hard coded my own auth token in, which seems to work. But how can the extension access the auth tokens for users? It doesn't seem right/secure to store this token into a cookie.
I think I'm supposed to use chrome.cookies to access and do something with my app's session info somehow. But I only get a sessionID here.
any help appreciated!
669
Chrome app and extension permissions. For administrators who manage Chrome Browser or Chrome devices for a business or school. As a Chrome Enterprise admin, you can control whether your Chrome users can install apps or extensions based on the information an app can access—also known as permissions.
When the permission requires access to all data on your computer and the websites you visit, it means that the app or extension can access almost anything. This could be your webcam or personal files, inside or outside of your browser. These alerts may request access to:
You must declare the "webRequest" permission in the extension manifest to use the web request API, along with the necessary host permissions. To intercept a sub-resource request, the extension needs to have access to both the requested URL and its initiator.
(Chrome OS only) Allows app or extension to create file systems that can be accessible from the file manager on a Chrome device. Allows app to open in full screen.
Although not from a chrome extension, I was building something similar that would work from terminal. I ended up bypassing devise and creating by own token authentication that would allow users to access just the one controller#action I needed. That way you can minimize the damage if the token gets stolen.
So anyway, I would allow users to generate (and regenerate) tokens within the rails app interface and make it so that the extension asks for the token on the very first launch. I'd store the token itself in localStorage.
184
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
