I have made a Chrome extension that successfully accesses the Google Drive API. It does so by employing access tokens like so…
chrome.identity.getAuthToken({ interactive: true }, (accessToken) => {
sendResponse({ type: MESSAGE_PROTOCOL.AUTH_RESPONSE, accessToken });
…however, when I try and run the code on other Chrome-based browsers like Edge it appears that chrome.identity.getAuthToken is not available. After much Googling it seems that there is an alternative (involving launchWebAuthFlow) but I can not find a complete worked example, only little snippets and clues which I am not expert enough to convert into a solution. Surely there must be a complete example somewhere.
A worked example for a different Google API would probably be fine too.
EDIT: I just found this question which is probably pretty close to what I am after though so far I have failed to get any of the answers to work. I notice that the top voted answer to that question was for manifest v2 and I’m not sure whether the answer will be valid for v3. Can anyone confirm?
EDIT: Just to be clear, I don’t have my own server, I want the whole process to be handled by the extension itself.
EDIT: If anyone knows of an existing extension that accesses a Google API, can work on Edge, uses manifest v3, is not compressed/obfuscated and does not rely on its own server then I could examine the code myself and that should do the trick.
2
Answers
In manifest v3, you need to use a different approach to authenticate with the Google Drive API. Instead of using
chrome.identity.getAuthToken
, you can use thechrome.identity.getRedirectURL
method in combination with a redirect flow.Here’s an example of how you can authenticate with the Google Drive API in a Chrome extension using manifest v3:
background.js
file with the following code:With this setup, when the extension is installed or updated, it will open the authorization URL in a new tab and prompt the user for authentication. After authentication, the extension will receive the access token in the redirect URL, which you can then use for subsequent API calls.
That error should mean there is a mismatch between the redirect URI specified in the OAuth2 request and the one registered in the Google Cloud Console for the OAuth2 client ID.
See "Obtaining OAuth 2.0 access tokens / Redirect to Google’s OAuth 2.0 server".
Go to the Google Cloud Console, navigate to the Credentials page. Under the "
Authorized redirect URIs
" section, make sure to add the exact redirect URI that your extension is using. In this case, it should be the URI to theoauth2callback.html
file in your extension, which would be formed like:https://<your-extension-id>.chromiumapp.org/oauth2callback.html
.In the
manifest.json
file, theredirect_uri
field should be set to the correct redirect URI, with the format shown above. Make sure the redirect URI in yourmanifest.json
file and the one in thebackground.js
file match exactly with the one registered in the Google Cloud Console.When constructing the authorization URL in your
background.js
file, use thechrome.identity.getRedirectURL
method to obtain the correct redirect URI for your extension. Replace'YOUR_REDIRECT_URI'
withchrome.identity.getRedirectURL('oauth2callback.html')
in the authorization URL.Chrome Extensions have a different flow for handling OAuth 2.0 authentication, and they do not require manual configuration of redirect URIs in the Google Cloud Console as web applications do. The redirect URI for a Chrome extension is derived from the extension’s ID and is automatically constructed as
https://<extension-id>.chromiumapp.org/
.In the
background.js
script, theredirect_uri
parameter should be obtained usingchrome.identity.getRedirectURL()
method without any arguments:That will automatically generate the correct redirect URI based on the extension’s ID.
Then make sure the
client_id
specified in themanifest.json
file and thebackground.js
script corresponds to the OAuth 2.0 client ID generated in the Google Cloud Console for the Chrome Extension.And check that the permissions in the
manifest.json
file include"identity"
and the correct API scope for Google Drive:Just in case, check that the OAuth consent screen configuration in the Google Cloud Console is correctly set up, including the application name, support email, and other necessary details.
Load the extension in Chrome (or a Chromium-based browser), check that there are errors in the console, and test the OAuth 2.0 flow again.