I'm using an API that requires oAuth authorisation before it is usable for a React chrome extension.

The app requires me to allocate it an OAuth Domain. The oAuth Domain is described as to be used whenever a redirect occurs from authentication sessions the redirect must go through that domain.

This would be fine if I was using a hosted domain or localhost but I'm not able to use either of those because chrome extensions are held in the browser.

I've been able to navigate to the index.html file of my extension through chrome://extensions/extension ID/index.html, but when I provide that as my OAuth domain it rejects it and says that it must not have a protocol or port.

On the client side (my chrome extension code) I require a channelUrl which is used to for cross domain communication and should be a completely blank fast loading page that matches the OAuth domain.

My problem is that I can't find a way to provide a valid OAuth domain and therefore I can't use the API. Is there a method that would enable Chrome Extensions to work with OAuth redirects?

CodePudding user response：

You need to look at the chrome.identity API.

It allows you to use a web OAuth flow (using launchWebAuthFlow) with a redirect to a URL of the form https://<app-id>.chromiumapp.org/*. The actual redirect to the URL will be intercepted by Chrome and instead pass the data to the extension.

Note that you need to "fix" the app ID of the extension for the URL to be consistent - likely by providing a "key" field in the manifest. Take a look at the docs to that effect - they talk about Google OAuth, which uses a different part of the chrome.identity API, but the concepts are the same.