Login/Register
Change Google account for chrome.identity.getAuthToken
Asked Answered
google-chrome-extensionoauth-2.0google-oauthgoogle-identity
D

1

6

I'm using the identity API in my Chrome extension to authenticate users and prove to my backend who they are. This works fine for the most part, I use getAuthToken to get an OAuth access token that I send over to the server, which it uses to confirm the user's identity.

The only problem is this: the first time getAuthToken is called, the user is asked to choose a Google account from the list of accounts they're currently logged into. Any calls to getAuthToken after that though just keep reusing that same Google account without prompting the user. I'd like to give users the ability to choose a different Google account later. Seems like clearAllCachedAuthTokens would be exactly what I need - and it works - but only when the chosen Google account isn't the account that's logged into Chrome. In that situation, clearAllCachedAuthTokens doesn't do anything.

The only way I've found to reset the locked in Google account of getAuthToken that works even when the user chose the Google account that's logged into Chrome is to get the user to log out of Chrome, which is annoying and awkward. Is there a better way?

Dhoti answered 10/6, 2021 at 20:46 Comment(3)
You could access myaccount.google.com/permissions, select your Chrome Extension and click on button "Remove Access". Not sure how to do it programmatically, though.Discolor
Nicolas, did you ever figure out a solution for this? I'm facing the same issue.Collegium
no never did, sorry!Dhoti
F
1

For folks still looking for a solution here, I was able to get around this restriction by using launchWebAuthFlow and handling OAuth sign-in manually.

Code snippet below:

const getGoogleAuthCredential = () => {
  return new Promise<ReturnType<typeof GoogleAuthProvider.credential>>(
    (resolve, reject) => {
      const redirectUri = chrome.identity.getRedirectURL();
      const authUrl = `https://accounts.google.com/o/oauth2/auth?client_id=${oauthClientId}&response_type=token&redirect_uri=${encodeURIComponent(
        redirectUri
      )}&scope=${encodeURIComponent(oauthClientScopes.join(" "))}`;

      chrome.identity.launchWebAuthFlow(
        { url: authUrl, interactive: true },
        (responseUrl) => {
          if (chrome.runtime.lastError) {
            reject(chrome.runtime.lastError);
          }
          if (!responseUrl) {
            reject("No response URL returned");
            return;
          }
          const params = new URLSearchParams(
            new URL(responseUrl).hash.slice(1)
          );
          const token = params.get("access_token");

          if (!token) {
            reject("No token found in the response");
            return;
          }

          const credential = GoogleAuthProvider.credential(null, token);
          resolve(credential);
        }
      );
    }
  );
};

Hope this helps!

Festival answered 24/12, 2023 at 2:29 Comment(1)
This answer + this answer = never have to rely on the unreliable getAuthToken again: https://mcmap.net/q/1917472/-redirect_uri_mismatch-when-using-identity-launchwebauthflow-for-google-chrome-extensionXl

© 2022 - 2024 — McMap. All rights reserved.