I want to connect to an API which uses Basic or Digest Auth- so the user can use the extension fully, only after he has logged in to the API- the extension will send and receive messages through the API and perform actions based on responses sent by the API.
Is such authentication possible for a google chrome extension? Can i ask user to provide userid/password (or API key) through a popup HTML File which is part of the extension? Or do I have to open a new tab in Chrome itself and ask the user to authenticate through that...
Which is the best/ideal way to authenticate into a web based API from a Google Chrome extension... Any guides or how-to s would be very helpful for me...
You can use popup or a new tab authentication, either way is OK.
Related
I have developed a google apps script web app, in conjunction with an MIT App Inventor app, that will/should allow a user to access their own google drive/sheets/documents.
I am having trouble connecting to the web app through the Appinventor app's web component (not a webview), after the user had given their authorization to use the web app via their device's default browser (Chrome).
My Web App is connected to Google Cloud Console and has been verified by the Trust and Safety Team at Google. The app is set to "User who assesses the app" and "Anyone". I can't use the native webview in AppInventor, because Google blocked this off for authentication in 2016.
The web component offers GET/POST/PUT HTTP functions but I have no idea how to get the authorisation codes and tokens for a user in order to access the web app. (Note; the web app has no GUI, it simply receives GET requests and returns text/stringified json output for a range of functions.) I have been able to translate many curl examples in other situations to good effect with the web component, but not for 0Auth.
I have done my best to read up and use the offerings from Google on 0Auth, but just get lost halfway through, as always, nothing I do is quite the same as the examples or documentation provided.
How do I, therefore, construct HTTP GET URLs, with all the various authorization codes and tokens already in place, that will authorize the Web App to work for the user?
A simple request would be like this:
https://script.google.com/macros/s/AKfycbyZ_27nLOKi8ssX........Bz40yAbGfJt_TRswvm6zpY/exec?func=authenticate
which would return the text output "Authenticated"
With a web browser (Chrome) all of this is fairly straight forward for a user. If they are logged into their Google account in the browser they go to the URL provided for my web app, they will be asked to authenticate, and give my Web App access to their google account. Once accepted, 'magic' happens in the browser (any 'magic' happen at the web app end?), and as long as they stay logged in, they can use the browser to send GET requests (URLs with parameters) to the Web App and see the results returned in their browser. Happy days.
In my scenario, I do not have a suitable web browser capable of all of the above. I have a web component that can send GET/POST requests to web services, and handle the server responses. (think of it as a web 'terminal'). I can, therefore (hopefully) construct URLs with all the right content, codes, and parameters. Remember that this has to be straight forward for the user, who will not be interested in 'back end' activities, they will just want to use the app to do things on their google drive.
They need to, I guess, at the very least, perform the authentication in a web browser, to connect their Google account with the web app. Then with the web component connect to the web app using authorization codes and access tokens, as them (their google account) so that actions by the web app occur on their google drive. As stated above, the web app is set to "User who accesses the app" and "Anyone". This is the part I need help with. I do not understand what I need to do to connect the user to the web app without using a web browser.
This is the kind of thing I mean:
https://developers.google.com/gdata/articles/using_cURL
Your setting of Web Apps and goal is as follows.
Web Apps is deployed as Who has access to the app: Anyone.
You want to make users access to Web Apps.
Issue and solution:
In the current situation, there are the following situations for using Web Apps.
When the users access to the Web Apps by each browser, the users can access by logging in to each Google account.
When you want to make users access to the methods (for example, curl command and script) except for the browser, it is required to share the Google Apps Script project of Web Apps with the users.
Unfortunately, it seems that above situation is the current specification. I confirmed the change of this specification at April 11, 2018. Before this change, the users had been able to access to the Web Apps by the curl command and script with the access token without sharing the Google Apps Script project. By the change of specification, when the project is shared with the users, the users can access to Web Apps using the access token.
In this case, it is required to include the access token to the request headers. Because in the current stage, access_token=### as the query parameters cannot be used. Ref
Note:
From this situation, I think that when sharing the Google Apps Script project is not the direction you expect, in the current stage, the Web Apps with Who has access to the app: Anyone cannot be used by the method except for the browser.
References:
Taking advantage of Web Apps with Google Apps Script
Web Apps
I have a Chrome extension that uses the Gmail REST API to send emails on behalf of the user. This API requires an Oauth2 token, which I'm retrieving using chrome.identity.getAuthToken.
The Problem
However, I am running into some issues with the Chrome Identity API. In particular, if the user authenticates with chrome.identity with a different Gmail account then the one they're signed into Chrome with, then they are prompted to re-login every hour or so (which doesn't happen if the accounts are the same). In addition, I'd like to minimize the number of permissions my extension asks for as a general principle (permissions sometimes introduce warning messages on install and risk disabling existing users on update), so I'd like to not have to ask for the "identity" permission if I can avoid it.
My Question
How can I authenticate the Gmail API in Chrome Extensions without using the Identity API?
Current Progress
I initially tried using Google's Javascript Client for auth, but that seems to be incompatible with Chrome extensions. After having searched other SO issues and some Google materials, it seems that the Identity API is indeed the recommended auth solution in Chrome Extensions. However, for the UX reasons mentioned above, I'm finding this solution problematic. And I do think an alternative should be possible -- for example, the MixMax Chrome extension, which uses the Gmail API, does not ask for the Identity permission.
Any help would be much appreciated! Thanks!
I'm making a chrome extension for a classified ads website. With the chrome extension users will be able to get latest lists from their watched categories/search query.
I am already working on a websocket server to send notifications to users, but this way I have to always have a socket connection open to every user.
My second approach was to use Firebase, but this will run the notification only when a user clicks the icon (as I've read), and I would rather have this done from my server
__
Are there any other possible solutions to send notifications to a chrome extension without the user clicking on the icon?
You can use Google's push infrastructure ― the very same that powers Android push notifications ― Google Cloud Messaging.
Note: Firebase Cloud Messaging is presented as an upgraded version of GCM; while true, it's not natively supported by Chrome in a way that GCM is.
chrome.gcm API is the one that works with it. See its documentation, as well as GCM documentation, for details.
There's even a tutorial: Implementing GCM Client on Chrome
But in a nutshell, your extension will register as a subscriber with GCM, pass the subscription ID to the server, and then the application server posts messages to GCM using those IDs.
You should also be able to use Firebase, if you're willing to implement it using the generic JS SDK; "this will run the notification only when a user clicks the icon" sounds pretty nonsensical ― a background page should be able to keep a listener alive and react, which is probably how your system works now. I would still recommend a native API, which should be compatible with Event pages.
Have you looked at the chrome.notifications API? It allows you to create rich notifications using templates and show these notifications to users in the system tray.
https://developer.chrome.com/apps/notifications
You can have a connection to your socket server in the background script, listen for messages from your socket server and trigger an event that shows the notification.
I'm new to web development and currently I'm trying to create a chrome extension.
I followed this google tutorial and also this one and this one but for some reason the push notifications does not work when I define the extension as an extension and not as an application.
Can anyone give some guidance? my code is basically identical to the 2nd tutorial only I am defining the extensions as an extension and not as an application.
To my understanding it might be impossible due to safety reasons(?)..
Any help will be appreciated...
Can I use GCM for a chrome EXTENSION?
Yes you can. GCM docs states that:
For Chrome apps and extensions, GCM enables Chrome instances to send
and receive message data from servers. The
chrome.gcm API allows the
Chrome apps or extensions to access the GCM service. The service works
even if an app or extension isn't currently running. For example,
calendar updates could be pushed to users even when their calendar app
isn't open.
Receive downstream messages
chrome.gcm.onMessage.addListener(function(message) {
// A message is an object with a data property that
// consists of key-value pairs.
});
There's also a dev blog guide that you might want to see. It includes sample codes and instructions like:
How push messaging works
1) Chrome extension gets a Channel ID from Chrome Run-time
2) After receiving Channel ID, your extension sends the channel ID to your web server.
3) Using GCM API, you can send a message to chrome browser which will queued in GCM Server.
4) GCM server sends your message to Chrome Run-time.
5) Chrome Run-time forwards the message to your extension.
Is it possible to determine which user profile is logged in Chrome from my custom extension using Chrome API?
Thanks!
There is no Chrome-API for that, the best (any only) way is to use oAuth:
https://developers.google.com/accounts/docs/OAuth2
UPDATE:
Yesterday Google has published news about the Identity API at the Chromium blog.
The Identity API may only work with packaged Apps!
Identity API
The Identity API allows packaged apps to authenticate users securely
using OAuth 2.0 without the user having to provide a username and
password directly to the app. The Identity API supports authentication
using Google Accounts as well as third party providers such as GitHub
and Foursquare.
The Identity API also gives packaged apps secure access to Google APIs
such as Google+, Calendar and Drive. As an example, Google Keep uses
the Identity API to authenticate users as well as to call the Google
Drive API to save notes to Drive. The Identity API uses a webview
based UI to show the OAuth consent dialog and when the Google+ API
scope is used, it allows users to control who can see their activity
on the app.
Source: http://blog.chromium.org/2013/07/richer-access-to-google-services-and.html
Documentation at developer.chrome.com: https://developer.chrome.com/trunk/apps/app_identity.html
If it's possible to do so, consider writing a Chrome packaged app instead. The Identity API will give you the information you need.