Menu
I'm creating a Chrome extension popup and need login. For now, I will make my own authentication with a username and password, but what are best practices within an extension?
Here are my thoughts:
Is it good to keep it all inside the extension? This is where I want my users to be, and not in some website to register and so on.
The change from login to "home page" or the registration page, should this be done with messaging?
986
You now seem to need sign in to a Google account to install any extensions/add-ons from Chrome Web Store. But you can still install an extension without logging in to a Google account by doing the following: Find the ID for the extension you want to install. You can see it in the URL on in Chrome Web Store.
But do you know how browser extensions work? Some browser extensions require access to almost everything your browser sees. They can see sites visited, keystrokes, and even passwords.
You should always use OAuth 2.0 for authentication within extensions. Never pass the username/password because an attacker can simply steal such information.
An example from Chromium regarding OAuth in extensions is Tutorial: OAuth.
Additionally, there's an experimental API available for OAuth 2.0, which is supposed to make the whole process a little easier. There's a comprehensive blog post, OAuth 2.0 from Chrome Extensions.
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
