"OAuth2 not granted or revoked" when trying to evaluate free trial in Chrome extension

Question

I'm attempting to offer a free trial period for my Chrome extension and have been following the Chrome documentation about how this can be accomplished.

When my extension loads, though, the background script is logging the following error to the console:

Unchecked runtime.lastError while running identity.getAuthToken: OAuth2 not granted or revoked.

The console is pointing at the call to chrome.identity.getAuthToken as the culprit. Here's the relevant code in my background script:

var CWS_LICENSE_API_URL = 'https://www.googleapis.com/chromewebstore/v1.1/userlicenses/';

chrome.identity.getAuthToken({
    'interactive': false
}, function(token) {
    console.log('token', token);

    var req = new XMLHttpRequest();
    req.open('GET', CWS_LICENSE_API_URL + chrome.runtime.id);
    req.setRequestHeader('Authorization', 'Bearer ' + token);
    req.onreadystatechange = function() {
        if (req.readyState == 4) {
            var license = JSON.parse(req.responseText);
            console.log('license', license);
        }
    };
    req.send();
});

My manifest is setup like so (some pieces omitted for brevity):

"manifest_version": 2,
"key": "kkkkkkkkkkkkkkk",

"background": {
    "scripts": [
        "background.js"
    ]
},
"permissions": [
    "storage",
    "identity",
    "https://www.googleapis.com/"
],
"oauth2": {
    "client_id": "cccccccccc.apps.googleusercontent.com",
    "scopes": [
        "https://www.googleapis.com/auth/chromewebstore.readonly"
    ]
}

Here's what I've tried or confirmed:

1. The client id matches the value in the Google developer console that was generated using my extension's id.
2. The Chrome Web Store API is enabled in the Google developer console (it is the only API enabled).
3. The key in the manifest matches the value generated after I put the extension on the web store.
4. Calling getAuthToken with interactive mode enabled results in the same error.
5. I compared my code to this example and nothing jumps out at me as being substantially different (although an extra pair of eyes to confirm wouldn't hurt).

In case it matters, I'm using Chrome 42.0.2311.135 (64-bit) on Mac OS X.

Any ideas about what is causing the error and what I need to change to make it go away so I can lookup the auth token and license?

Answer 1

Code-wise, the only change needed is to enable interactive mode:

chrome.identity.getAuthToken({
    'interactive': true
}, function(token) {
    ...
});

There were also a couple of PEBCAK issues going on. Namely:

1. It can take a few seconds for the interactive auth page to appear. This seems to be a bandwidth issue. This may be part of why the documentation suggests triggering the auth request on some kind of user interaction and not when the extension first loads.
2. Flipping interactive between false and true and reloading the extension was not a sufficient test of functionality. The result of getAuthToken is cached. When I revoke the auth and then refresh or even delete and re-add my extension the same token continues to be returned for some amount of time. Restarting Chrome with interactive mode enabled is what got me to this solution.