OAuth Redirect URL in (the new) Safari Web Extension

I am porting my chrome extension to Safari. The extension requires the user to sign-in and I use the OAuth code flow, which requires a redirect url.
In Chrome, I can use chrome.runtime.getURL('/mypage.html') as a redirect url because in chrome the extension id is never changed.
In Safari, however, the extension id keeps changing in every (xcode) build. This is similar to the behaviour of Firefox but in Firefox, I can use browser.identity.getRedirectURL(). Although not reachable, it guarantees to stay the same.
As in Safari, there is NO browser.identity and safari-web-extension:// is blocked by Safari, what url can I use as a redirect URL?
Up vote post of here_nerd Down vote post of here_nerd
3.0k views
Posted by
here_nerd
Reply
Add a Comment

Accepted Reply

As a workaround, you may use whatever reachable URL as an OAuth redirect URL and use webRequest.onBeforeRedirect to capture the redirect attempt and 'force redirect' e.g. by tabs.update.

Although this will work, it is far from being elegant. It could even be error-prone. While Firefox offers a decent solution for this, why safari can't / doesn't. So, if it is an intention for Safari not to support this workflow, I would like to submit my post as a change request because this is so common usecase. (or please suggest where I can submit a change request for this???)
Posted by
here_nerd
Up vote reply of here_nerd Down vote reply of here_nerd
Post marked as solved

  • Do you have any code example you could share with how you solved this? Many thanks in advance.

    rtolton
Add a Comment

Replies

You should be able to use chrome.runtime.getURL or browser.runtime.getURL in Safari to get this information.

Did this not work for you? What do you mean by "safari-web-extension:// is blocked by Safari"?

Thanks!
Posted by
bweinstein
Up vote reply of bweinstein Down vote reply of bweinstein
Add a Comment
Thank you bweinstein for your reply.

I can use chrome.runtime.getURL in safari. That will return a url like 'safari-web-extension://<random-per-xcode-build-id>/'.

I need such a URL in order to configure an oidc-client configuration in my backend such that after a successful login, the user will be redirected to this url -- hence the name redirect url.

The problem is when I use 'safari-web-extension://<random-per-xcode-build-id>/' as the redirect url and it gets redirected (302) by the oidc server, Safari does not allow a redirect to a custom scheme ('safari-web-extension') url. This is what I meant by 'blocking'. This causes a problem for an oidc code flow in general. And I cannot believe I am the only one having this issue. Please help.

Thanks.
Posted by
here_nerd
Up vote reply of here_nerd Down vote reply of here_nerd
Add a Comment
As a workaround, you may use whatever reachable URL as an OAuth redirect URL and use webRequest.onBeforeRedirect to capture the redirect attempt and 'force redirect' e.g. by tabs.update.

Although this will work, it is far from being elegant. It could even be error-prone. While Firefox offers a decent solution for this, why safari can't / doesn't. So, if it is an intention for Safari not to support this workflow, I would like to submit my post as a change request because this is so common usecase. (or please suggest where I can submit a change request for this???)
Posted by
here_nerd
Up vote reply of here_nerd Down vote reply of here_nerd
Post marked as solved

  • Do you have any code example you could share with how you solved this? Many thanks in advance.

    rtolton
Add a Comment

Unfortunately, the proposed workaround cannot be used with manifest v3. The webRequest API is not available from non-persistent background pages (or service workers) and v3 forbids persistent background pages. The declarativeNetRequest allows redirecting to a path in your extension, but via this route the original request is not available. A workaround for this is to redirect using a regexSubstitution. This works fine in Chrome, but not in Safari, because redirects to safari-web-extension:// are blocked. I've filed a bug report for this: https://bugs.webkit.org/show_bug.cgi?id=256054 . As it stands now, I see no way of implementing an OAuth2 redirection flow in a manifest v3 extension on Safari.

Posted by
papegaaij
Up vote reply of papegaaij Down vote reply of papegaaij
Add a Comment