Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate a POST request from a chrome extension to my app with JSON web tokens?

Tags:

javascript

authentication

oauth

jwt

google-chrome-extension

Context

My HapiJS web application is currently using OAuth 2.0 to access Google APIs. Once a user authenticates in the app, the server generates a JSON Web Token (JWT) which is stored on the client and sent back in the Authorization header of subsequent requests.

What I would like to accomplish

I now would like to use the same steps (authorization + creation of a JWT) with my Google Chrome extension which syncs data back to the app via a REST endpoint.

Current Thoughts

My idea is to use the same OAuth authorization as I have in my application to generate a JWT and then to save this JWT into the Chrome extension. This JWT will then be passed with each request from my chrome extension to my application to validate the request.

Unfortunately, it seems that the Chrome extension is using its own authorization through the Chrome Identity API and won’t let me use the authentication process I had in mind.

The diagram below describes the steps I’m envisioning to get the JWT created on my application then saved on my chrome extension (and also points to where the problem lies): diagram

The Question

So my question is: Is there another or a better way to store a JWT created on my application to my Chrome extension?

Hope my explanation is clear enough

like image 512
Anita Avatar asked Nov 23 '15 15:11

Anita

People also ask

How do I use OAuth extension in Chrome?

# Create OAuth client ID Once ready, select Credentials in the sidebar, click Create credentials and choose OAuth client ID. On the Create client ID page, select Chrome App. Fill out the name of the extension and place the extension ID at the end of the URL in the Application ID field. Finish by clicking create.

1 Answers

You can use your localStorage to save your jwt from the web app, then, if your extension runs on the same domain, you can access saved information from the localStorage through a content script, that gets injected in that page. You can communicate with your popup using the Message Passing API for Chrome extensions.

The problem with this approach comes with the fact that saving sensible information like user info (which is encoded in the jwt) is frowned upon due to security concerns.

Ideally, you should have a server which handles the authentication back and forth, saves the information and emits a session token for its clients, which then you can save in the localStorage if you wish.

like image 84
Avram Tudor Avatar answered Sep 18 '22 06:09

Avram Tudor
Sign in to Comment

Related questions

jQuery: find next table-row
Laravel 4, Pass a variable to route in javascript
How to parse a URL?
How do I escape some html in javascript?
Antialiasing not working in Three.js
Forcing form text to be lower-case
Where is my implementation of rot13 in JavaScript going wrong?
What does ‘::’ (double colon) do in JavaScript?
Javascript, SublimeCodeIntel and hinting Code Intelligence auto-completion
IE11 innerHTML strange behaviour
Can anyone recommend a good Hashtable implementation in Javascript? [duplicate]
Circular / radial progress bar [duplicate]
JavaScript constructs/patterns to avoid on iOS Safari?
Play Framework 2: JavaScript gets duplicated as a result of minification (google closure compiler)
div onclick or oncontext is working only one time after webview load in cocoa
Android main thread blocking WebView thread
Browser Link: Failed to invoke return value callback: TypeError: Cannot read property 'files' of null
Webpack watch() with multiple entry points - emitting bundles for non-changed files?
Grouping istanbul code coverage report by folder
Cookies don't show up in developer console of Safari/Chrome with Set-Cookie Header, but exist when looking at server logs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!