Extension AUTH : How to give default allow permission for Auth purpose?

Question

Created Jul ’20

Replies 2

Boosts 0

Views 1.1k

Participants 2

I have working cross-platform extension which I converted for Safari using xcrun safari-web-extension-converter PATH. Goal of extension is to bookmark any URL into my website account.

My extension is perfectly working fine for Chrome but for Safari version, everything works well if user allows access permission for every website.

The case is, when user presses extension button, we are checking user is logged into its account or not by opening our website URL into another tab.

Code Block var openSignin = function openSignin() {
		console.log('hey');
		chrome.tabs.create({ url: _config.baseURL + '?extension=1', active: false });
	};

When this AUTH tab is loaded, following method will be called as it happens in Chrome which in turn extracts public and private tokens generated when any user logs into our website.

Code Block chrome.tabs.onUpdated.addListener(function (tabID, changeInfo, tab) {
if (tab.status == 'complete' && tab.url.startsWith(_config.baseURL)) {
	  chrome.tabs.executeScript(tab.id, { code: 'localStorage.getItem("PUBLIC")' }, function (r) {
	   localStorage['PUBLIC'] = JSON.parse(r[0]);
	   chrome.tabs.executeScript(tab.id, { code: 'localStorage.getItem("PRIVATE")' }, function (r) {
	    localStorage['PRIVATE'] = JSON.parse(r[0]);
	    if (localStorage['PRIVATE'] && tab.url === _config.baseURL + '?extension=1') {
	     chrome.tabs.remove(tabID);
	    }
	   });
	  });
	 }
	});

The issue lies here is that until user does not grant for "Always Allow on Every Website" (I mean grant permission for https://www.OURDOMAIN.com/extension?extension=1), chrome.tabs.onUpdate is giving tab.url = "" and it does not give proper URL value so we come to know that particular user is signed in or not (we don't get that our domain tab is loaded or not due to this issue).

Do we have any way to allow access for our website without user's consent?

Following is our manifest.json:

Code Block {
	"name": "EXT NAME",
	"description": "DESCRIPTION",
	"manifest_version": 2,
	"version": "1.0.181",
	"minimum_chrome_version": "23",
	"offline_enabled": true, 
	"browser_action" : {
		"default_icon" : {
			 "64": "logo/stash.png"
		},
		"default_title" : "Add to Stash"
	},
	"background" : {
		"scripts" : [
			"bundle.js"
		]
	},
	"content_scripts": [{
			"js": [ "init.bundled.js" ],
			"matches": [ "<all_urls>" ]
	}],
	"icons": {
		 "16": "logo/stash_small.png",
		 "64": "logo/stash.png"
	},
	"permissions" : [
			"https://*.stash.ai/*",
		"activeTab",
		"gcm",
		"storage",
		"notifications",
		"identity",
		"contextMenus",
		"tabs",
		"idle"
	],
	"externally_connectable": {
		"matches": ["https://*.stash.ai/*"]
	},
	"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
	"web_accessible_resources": [
		"corner.css",
		"js/init.js",
		"init.bundled.js",
		"js/jquery.min.js",
		"js/taggle.min.js",
		"js/typeahead.bundle.min.js",
		"ext.html.js",
		"assets/*"
	], 
 "commands": {
		 "_execute_browser_action": {
			 "suggested_key": {
				 "default": "Ctrl+Shift+S",
				 "mac": "Command+Shift+S"
			 },
			 "description": "Send a link to Stash!"
		 }
	 }
}

Please check permissions and content_scripts properties where I tried to put proper options but no solution. I event tried externally_connectable but still without user's consent I am not able to receive proper URL for that particular tab.

Would you suggest me any solution of how I can authenticate my user here? The main authentication is done backend side only and I am not using any API here. I am just opening new tab which if loaded successfully authentication will be validated.

I hope my problem is clear. If there are any queries let me know.

Boost

Answer 1

Frameworks Engineer OP

Apple

Jul ’20

You can use optional_permissions and browser.permissions.request() to prompt the user for permission if it isn’t already granted.

1

Answer 2

jagadish.kannan OP

Jul ’20

Thanks Timothy for the prompt response.

I have gone through the docs and implemented the code related to permission into my background script and now I get permission on the website (https://www.abc.com) but it is not working as expected.

For more insights, check my code below:

In manifest.js, I have included optional permissions like,

Code Block "optional_permissions": ["activeTab", "tabs", "storage", "contextMenus", "*://*.abc.com/*"],

Even if I remove any permissions from here, state does not change. I tried to use only activeTab or tabs permissions. I make sure optional_permissions match permissions.request parameter.

Background.js where permission code block is implemented.

Code Block chrome.browserAction.onClicked.addListener(function (tab) {
	 var reqPerm = {
	  	permissions: ["activeTab", "tabs", "storage", "contextMenus"],
	  	origins: ['https://www.abc.com/']
	 };
	
	 chrome.permissions.request(reqPerm, function (granted) {
	   	if (granted) {
	    	return go(tab.url);
	   	} else {
	    	console.log("Requested not granted.");
	    	chrome.tabs.sendMessage(tabID, { action: 'signin', text: 'Please allow stash.ai to proceed.' });
	   	}
	});
});

Here I am able to see Privacy dialog and I do press Allow for the Day.

Now if I see in Safari > Preferences > Websites > Stash Extension, I am clearly able to see abc.com -> Allowed which proves prompt worked as expected I believe.

Still when new tab is opened for authentication, the above mentioned code for chrome.tabs.onUpdate is executed and gives tab.url = ''. This definitely works when Allow for Every website is turned on.

And other thing is, when I open https://www.abc.com, my extension icon still shows disabled and on click of the icon it again asks me for the permission. If on this tab, I do give permission, everything works smooth.

Thus, chrome.permissions.request() turned of no use if I have to manually give permission from tab.

Regards,
Paresh.

0