2

How would I go about creating an auth system requiring a user to log in to a Chrome app or extension via my own service?

A good example is the TweetDeck app, where the user can log in completely within the app with no need to visit an external website.

Sebastian
  • 3,548
  • 18
  • 60
  • 95
  • What did you research prior to asking the question? What service are we talking about? As is, it's not an acceptable quality question. – Xan Apr 17 '14 at 17:17
  • I've looked at previous SO questions (http://stackoverflow.com/questions/7287061/log-in-to-my-web-from-a-chrome-extension and http://stackoverflow.com/questions/7287061/log-in-to-my-web-from-a-chrome-extension) and read about the Chrome Identity API (https://developer.chrome.com/apps/app_identity) but I've come away none the wiser. I don't want to start developing anything before I have even a vague idea of the correct process. Google is not very forthcoming on this topic so trust me, I'm not being lazy. – Sebastian Apr 17 '14 at 17:22
  • Okay, but still, log in to what? Different services offer different auth schemes. – Xan Apr 17 '14 at 17:56
  • Log in to the application via my own database - as in no Facebook, Google or anything else. Does that make sense? – Sebastian Apr 17 '14 at 18:00
  • Yes, and you should edit to reflect in your question that you're looking to build an auth system for your own web service. – Xan Apr 17 '14 at 18:01

1 Answers1

4

Use the Chrome Identity API to authenticate users: the getAuthToken for users logged into their Google Account and the launchWebAuthFlow for users logged into a non-Google account. If your app uses its own server to authenticate users, you will need to use the latter.

from https://developer.chrome.com/apps/app_identity.

Here's an example of an app that implements the Identity API: https://github.com/GoogleChrome/chrome-app-samples/blob/master/github-auth/index.js

Joe Mornin
  • 8,766
  • 18
  • 57
  • 82
  • Basically, the author of the question needs a good overview of OAuth2 to decide whether to use that (and subsequently `chrome.identity`). Do you know of one? – Xan Apr 17 '14 at 19:00
  • I've updated my answer with sample code showing how to use `chrome.identity` with GitHub OAuth. – Joe Mornin Apr 17 '14 at 19:01
  • You misunderstand the question. He needs a server-side overview: he's looking to build his own auth system, not simply a client. – Xan Apr 17 '14 at 19:10
  • This seems to be geared more towards those looking to develop a public API, but is it the sort of thing I'm looking for? http://www.sitepoint.com/creating-a-php-oauth-server/ If it's easier I can implement logging in with Facebook, but I still have values in my database that are attributed to users (I use a model similar to Twitter-style following). – Sebastian Apr 17 '14 at 19:51
  • Alternatively, I'm happy to log in via a popup window in the browser if that makes things easier? – Sebastian Apr 17 '14 at 20:02
  • In that case, this question isn't really about JavaScript or Google Chrome. If you want to build an OAuth system, here is a good tutorial: http://lepture.com/en/2013/create-oauth-server. Once that's running, the sample code I posted shows how to connect it to a Chrome extension. – Joe Mornin Apr 17 '14 at 20:08
  • Thanks, I'll take a look, though I'm not familiar with Python. Rookie question: what's so wrong about having the user log in via an AJAX request and storing the login cookie on the user's computer? – Sebastian Apr 17 '14 at 20:19
  • Nothing, as long as it's implemented correctly. But you still need a server-side application to handle the authentication. Based on your questions, it sounds like you'd be better off using a third-party login system, like Facebook Login, rather than building your own authentication system. – Joe Mornin Apr 17 '14 at 20:23
  • That's not a problem. Just to confirm, Facebook takes care of the authentication but I can still store user information, right? – Sebastian Apr 17 '14 at 20:30
  • No problem, I only need minimal details from Facebook. The majority will be data based on their actions within the extension. Finally, why couldn't I just build a login script like this and execute it via AJAX, bypassing OAuth completely? http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL – Sebastian Apr 17 '14 at 20:34
  • You sure could. OAuth is a common authentication protocol, so there's a lot of good documentation, but you don't need to use it. – Joe Mornin Apr 17 '14 at 20:47
  • 1
    Thanks very much. Accepted your answer for everything I learnt in this discussion! – Sebastian Apr 17 '14 at 21:20