I'm trying to implement user authorization for chrome extension.
I want to open new tab, log in there and receive access token and next get back to extension tab to update options page (show user is logged).
I use chrome.identity.launchWebAuthFlow but it opens new window instead of tab as I'd like to.
I want to achieve login similar like in Pocket extension.
Do you have any suggestions?
Then you will need to forgo using the chrome.identity API. There is no such option.
Instead, you'll have to do magic with content scripts to extract the resulting token, and you might have some problems with regards to callback URL - you can no longer use the one provided by the identity API.
Related
Chrome is auto-filling the credentials, but not log me in until I click login. How to automate? (windows, non-google websites).
Using the Chrome Identity API you can have Chrome (on desktop and Android) automatically attempt to log in the user when they hit your page, even if their session has expired.
Following is a workflow diagram of how it works, but the details can be found in the Google Authentication API: Let the user automatically sign back in section:
It is not the browser's responsibility to auto-login to websites. This is the responsibility of the website you are accessing. The browser can remember form data and auto-fill for you, as can various extensions like LastPass.
However, in order to actually auto-login, you must first login to the website you are trying to access and enable the option they provide, often called 'Remember me?'. The website would typically use a cookie to store the credentials (securely with a hash + salt), and if the cookie still exists (not cleared from the browser or expired), and the hash of real password in database matches the one in the cookie, the website will auto-login.
You could force the browser to try and auto-login with extensions, which are essentially macros. You could try Auto Login or iMacros extensions for this. I would generally avoid this though.
Anyone else stumbling into this thread from a google search.... you can do this with autohotkey. If you browse to yourbankhere.com and chrome fills in the user/pass, you can have autohotkey perform a mousemove then a mouseclick to click the login button.
I'm building an Add-on that needs to open a window and send some for data (via POST) to a remote server. I can do either of those items fine - UrlFetchApp() for sending the data, and an anchor tag to open a new window, but I couldn't find a way to do both of them together.
Basically I need to send the user to another website temporarily and provide that website with some data entered within the Add-on. I tried doing this with pure javascript, but the window.open() method is not available within the GAS sandbox.
Thanks!
Its not possible in apps script (and not possible in javascript either).
What you need is to open the external site with anchor & needed parameters (post data) in the url itself. Your external url in its javascript must convert the params to a Post (or handle it directly in its server's Get)
Also, if the external page is for doing some authentication with callback (like oauth flow) apps script now support such 'oauth callbacks'
I am using GoogleApis to upload documents to Google Drive using the InsertMediaUpload class from the FilesResource namespace and the Upload method. It is working well for me with the following exception:
After calling InsertMediaUpload, a browser window appears asking the user to log into their Google (usually Gmail) account. If the user simply closes the browser window instead of clicking on "Accept" or "Cancel" then the current process appears to be hung. I suppose there should a timeout of a minute or two so that if the user opts to not log in the current windows application will not simply hang and stop working indefinitely.
There is no need for sample code here. What should happen when the user simply closes the browser window instead of clicking cancel if they are no longer interested in uploading a document? Crashing (or hanging) the current process should not be a possibility, but that is what occurs. One would hope closing the browser window would have the same effect as clicking the cancel button -- just another way of opting out of an upload to Google Drive, right?
Thanks in advance for any help with this.
You're not supposed to get authentication message from InsertMediaUpload class. You should handle authentication by yourself. Authentication browser window you get is for your development convenience, not for production code. Please take a look at .net quickstart. In this quickstart, you'll see GetAuthorization method which handles authentication. Modify this method on your needs and you'll get what you want.
I have several accounts for a website and currently I want to write an extension that I can open all the accounts simultaneously in chrome, each tab for one account.
So that means I want each tab with a separate cookie system, is it doable? If so please suggest the API I should use, thanks!
Go to Chrome Preferences. There is a Users section where you can add users. Each new user will have its own cookie jar, so you can log in to a site as many different users at once. It makes new chrome windows, but it seems you cannot drag a tab onto a window of another user.
According to Chrome documentation, you can modify HTTP headers (including cookies) in the onBeforeSendHeaders event handler. So, you need to store new cookies for every account by means of the onHeadersReceived event handler, and then substitute them for every tab in outgoing requests.
There even exists an extension which seems doing almost the thing you want - Chrome Cookie Switcher.
Also I have found an answer that may be helpful for your task: Associate a custom user agent to a specific Google Chrome page/tab.
I really don't think Chrome allows extensions to do this. If I recall correctly, extensions can inspect and block requests, but they can't modify them, such as changing cookies on the fly for each tab.
I suggest you use the --user-data-dir command-line option of Chrome. It allows you to keep several separate profiles, each in its own directory, and then you only need to start chrome with the proper option:
# run this command to use the first profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_1
# run this command to use the second profile
google-chrome --user-data-dir=/home/binchen/my_chrome_profiles/my_profile_2
...
Each profile will be in its own Chrome window, with its own cookie store, instead of its own tab, but it's easier than writing an extension.
Lastly, if the website you're mentioning is Google, you can keep several Google accounts open at the same time.
I am currently trying to port a Chrome extension to Firefox.
The Chrome extension has a "Login" page, which is opened in a new tab as an HTML document. The HTML document is stored in the local directory with other extension files. The user inputs a URL which should represent a server running our application, where the user will be asked to login. After a successful login, the user is redirected back to the options.html page, which is updated to show the user's preferences.
I would like to duplicate this in the Firefox extension, i.e. I would love to avoid writing anything in XUL to build an options page.
I tried opening a new tab with my HTML page like this:
var url = "chrome://myextension/content/options.html";
var win = Components.classes['#mozilla.org/appshell/window-mediator;1']
.getService(Components.interfaces.nsIWindowMediator)
.getMostRecentWindow('navigator:browser');
win.gBrowser.selectedTab = win.gBrowser.addTab(url);
But I don't like this for a few reasons: 1) The navbar in the new tab displays the "chrome:// ..." URL, and 2) it breaks the authentication process. The authentication is done using an OAuth type system, and the current URL is passed into the API so that the user can be redirected back upon successful authentication. The authentication fails with "chrome://" as part of the URL.
Just out of curiosity, I tried hardcoding the URL like this:
http://myextension/content/options.html
And the user is actually successfully authenticated, but then the redirect obviously fails afterward.
The Chrome extension seems to work with no problems or weird hacks. From what I can tell, opening it works like this:
chrome.tabs.create({"url":chrome.extension.getURL("options.html"), "selected":true});
And referencing the URL of the tab later so we can be redirected back to it just works like this:
var options_url = chrome.extension.getURL('options.html');
So, I'm wondering: what is the best way to open a local HTML document in a new tab with a Firefox extension, without using the "chrome://" "protocol"? Is there a similar way to how it can be done with Google Chrome extensions?
UPDATE 23/5/12
So this article says that chrome:// URLs are not accessible from the web, only locally.
http://adblockplus.org/blog/web-pages-accessing-chrome-is-forbidden
I think this could be the reason why my authentication was failing. I'm definitely looking for a way for my extension to display a local HTML file in a window or tab without using chrome://.
UPDATE 07/6/12
Here is my (hopefully temporary) solution:
The user enters the URL of the server running our application. He/she is redirected to the application login page, but instead of passing "chrome://myextension/content/options.html" as the URL to be redirected back to after authentication, I pass a phony URL, i.e. "http://myextension/thisis/madeup.html".
In my extension's overlay.js, I set up an HTTP request listener which listens for the phony URL being requested. When a GET happens for the phony URL, I cancel the request, and open the real, locally stored page at "chrome://myextension/content/options.html".
See the following references:
https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIObserver
https://developer.mozilla.org/en/XUL_School/Intercepting_Page_Loads#HTTP_Observers
If you're trying to do this redirect for an OAuth call you should try using OAuthorizer from Mozilla instead of doing the redirect work yourself. Hope that helps!