Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Removing permissions of the extensions

Tags:

javascript

access-token

google-chrome-extension

google-drive-api

I have an extension that first asks for permissions to access Google Drive files. The extension is almost empty except in the popup I load this js: 

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
  // Use the token.
  console.log('Request Token')
  console.log(token)
  chrome.identity.removeCachedAuthToken(
              { 'token': token }, function () {})
  console.log('Removed token')
});

In my manifest I have valid key, oauth2 client id, and "scopes":["https://www.googleapis.com/auth/drive"] besides other standard keys for chrome extension.

It works properly that is it asked for permission at first and then logged my access token. However, when I reinstalled extension (deleted/modified/added) it didn't ask me for permission and just wrote the same access token. And I want to ask the permission again. How can I do this?

like image 330
Sergey Ivanov Avatar asked May 27 '15 19:05

Sergey Ivanov

People also ask

How do I manage Chrome extension permissions?

You can also manage the list of specific sites an extension can run on from the Extensions page. To access it, click menu > More Tools > Extensions. Click the “Details” button for the extension you want to control.

How do I check permissions on my extensions?

To view the permissions of any installed extension, unpacked or from the store, open chrome://extensions page and click the details button on that extension's card. The circled part is for API permissions.

2 Answers

In order to remove permissions I have to add another GET request to revoke permission: 

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
  // Use the token.
  if (token) {
        // Make a request to revoke token
        var xhr = new XMLHttpRequest();
        xhr.open('GET', 'https://accounts.google.com/o/oauth2/revoke?token=' +
             token);
        xhr.send();
   }
  chrome.identity.removeCachedAuthToken(
              { 'token': token }, function () {})
});

That does the trick and now every time I open popup I have a prompt for permission.

There is another problem though: when I grant permission I get 

XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/revoke?token=... 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'chrome-extension://acfnd...' is therefore not allowed access.

which I'm not sure what means.

like image 177
Sergey Ivanov Avatar answered Oct 17 '22 02:10

Sergey Ivanov

During development you can go to chrome://identity-internals to revoke specific tokens. The next time you authorize that user the permissions dialog will be displayed again. Documented on User Authentication: Caching.

like image 38
abraham Avatar answered Oct 17 '22 03:10

abraham
Sign in to Comment

Related questions

AngularJS / Ionic routing using $stateProvider - controller is not reloading the second time a state is called
Cordova's FileTransfer Writing Error (Code 1)
ng-model and value combination not working for input text box
How to detect Tween.js animation finished?
change and refresh session data in Node.js and express-session
What do selectionStart and selectionEnd signify for textarea?
Heroku - Updated JavaScript and CSS Not Loading
Input type FILE multiple - add files sequentially
Button onclick not calling function
jsPDF fromHTML() does not show HTML
Javascript, var name = 1, "typeof name" gives "string"? [duplicate]
How to disable smooth scrolling in IE11
Id is lost while trying to JSON.stringify Ember model
Find maximum difference in array
Unknown reason for "Expected ':'" error in javascript
How to remove the text "entries" on datatables
Convert a number between 1 and 16777215 to a colour value
How to watch for localstorage changes with AngularJS
How to get the nth value of a JavaScript generator?
NodeJS console SyntaxError: Unexpected token * for generator

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!