Menu
I have an extension that first asks for permissions to access Google Drive files. The extension is almost empty except in the popup I load this js:
chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
// Use the token.
console.log('Request Token')
console.log(token)
chrome.identity.removeCachedAuthToken(
{ 'token': token }, function () {})
console.log('Removed token')
});
In my manifest I have valid key, oauth2 client id, and
"scopes":["https://www.googleapis.com/auth/drive"] besides other standard keys for chrome extension.
It works properly that is it asked for permission at first and then logged my access token. However, when I reinstalled extension (deleted/modified/added) it didn't ask me for permission and just wrote the same access token. And I want to ask the permission again. How can I do this?
330
You can also manage the list of specific sites an extension can run on from the Extensions page. To access it, click menu > More Tools > Extensions. Click the “Details” button for the extension you want to control.
To view the permissions of any installed extension, unpacked or from the store, open chrome://extensions page and click the details button on that extension's card. The circled part is for API permissions.
In order to remove permissions I have to add another GET request to revoke permission:
chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
// Use the token.
if (token) {
// Make a request to revoke token
var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://accounts.google.com/o/oauth2/revoke?token=' +
token);
xhr.send();
}
chrome.identity.removeCachedAuthToken(
{ 'token': token }, function () {})
});
That does the trick and now every time I open popup I have a prompt for permission.
There is another problem though: when I grant permission I get
XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/revoke?token=...
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'chrome-extension://acfnd...' is therefore not allowed access.
which I'm not sure what means.
177
During development you can go to chrome://identity-internals to revoke specific tokens. The next time you authorize that user the permissions dialog will be displayed again. Documented on User Authentication: Caching.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
