Menu
When you create a Chrome extension and want to use OAuth 2.0, you can use a https://<app-id>.chromiumapp.org/* URL and be therefore able to have remote servers hit your browser instance directly (answered before - for example https://stackoverflow.com/a/30613603/61239). Does anyone know, or is able to theorize on how this works? And are you able to target any request at your browser, or does this only work for OAuth 2.0?
521
This is handled by the WebAuthFlow class, whose purpose is the following:
Given a provider URL, load the URL and perform usual web navigation until it results in redirection to a valid extension redirect URL. The provider can show any UI to the user if needed before redirecting to an appropriate URL.
When the server instructs the browser to redirect to a valid extension redirect URL, that URL is instead passed to the callback function provided to chrome.identity.launchWebAuthFlow.
The 'appropriate' URLs are hardcoded in web_auth_flow.cc:
static const char kChromeExtensionSchemeUrlPattern[] =
"chrome-extension://%s/";
static const char kChromiumDomainRedirectUrlPattern[] =
"https://%s.chromiumapp.org/";
So the special URL https://<app-id>.chromiumapp.org/* only works in the context of a WebAuthFlow of the chrome.identity API. Note that the mechanism is totally internal to Chrome. The URL is never requested.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
