It seems like chrome.identity.launchWebAuthFlow is the way to go. I found resources that explain how to implement it client-side but they all say nothing about how to authenticate server-side for non-Google accounts:
- "The provider will perform authentication" - how?
- "Validation of the returned access token isn't shown here"
It seems that the last missing ingredient is to write server-side (ideally Python) code that listens on my app's server and validates URLs such as:
https://www.my-app.com/dialog/oauth?client_id=123456789012345&redirect_uri=https://abcdefghijklmnopqrstuvwxyzabcdef.chromiumapp.org/provider_cb&response_type=token&scope=user_photos
I'm guessing that would be done by another Chrome Identity API call from my application's server. I looked through a large number of resources (and related stack overflow questions) and they provide no clear answer. Thanks!
[migrated discussion here from this question]
