6

I'm using chrome.identity.launchWebAuthFlow method to initiate a OAuth2 token generation from our OAuth2 server.

In the Identity API documentation, it is specified that to authenticate a user, there are two available methods: getAuthToken and launchWebAuthFlow. We use the latter because as specified in the documentation:

If your app uses its own server to authenticate users, you will need to use launchWebAuthFlow.

We're struggling to cache the results. When reading the documentation of getAuthToken, it seems that there is some smart-caching involved.

Chrome catches the response and store the access_token and renew_token in the browser (visible here: chrome://identity-internals/). Chrome requests for an access_token to the OAuth server only when the access_token is expired.

However, using launchWebAuthFlow, we're struggling to use the Chrome Cache, and it calls our OAuth server each time.

Does anyone know how to cache the result using this method of the API?

Improve this question
3
  • 1
    I feel the same way and am in the discussion you posted on the deprecated project oauth2-extensions issue tracker. "if you want to do similar stuff yourself you'll have to implement it yourself." is not very encouraging... is there no scaffolding available for alternative providers under chrome.identity API? We oauth2 with Bitbucket and read private repos so our bespoke app can deploy from them. I'll use a deprecated lib, or write ~600 lines of my own code to handle token refreshes and cope with varying implementations of oauth. :-( Commented Aug 27, 2018 at 16:44
  • By contrast I was able to get the bitbucket adapter integrated with my app code using that deprecated library in a couple of hours, and I don't know why I would switch to chrome identity API except to avoid the label "deprecated." If anything, rewrite the oauth2-extensions library to support chrome.identity and maybe shave off 100 lines of code from the core? I don't even know where to start with that, and I'm not sure why I should want to other than abstract "bad mouth feel" of using something that has been marked deprecated. Commented Aug 27, 2018 at 16:48
  • Good catch @Kingdon ;) Commented Aug 29, 2018 at 14:35

1 Answer 1

Reset to default
4

getAuthToken only refers to authenticating with Google's own apis, if you want to do similar stuff yourself you'll have to implement it yourself.

Simply use chrome.storage to store the incoming credentials and when they are used, then only fire launchWebAuthFlow if enough time has passed, else make the fetch call anyway and if it comes back unauthenticated then refresh your token

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That's what I finished doing. Is it me or it's very badly explained in their documentation?
@Erowlin it's not you, I've had lots of issues with the chrome docs

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.