Authenticate Chrome extension with non-Google API using Google account
Mark Embling
I work for an educational institution which is making heavy use of Google Apps and now ChromeOS devices. A project we've embarked upon is to develop a Chrome extension (possibly multiple) which will duplicate functionality we have in the Windows environment. These will be used only within our domain and on our devices, not available generally.
We have an HTTP/JSON-based API built in-house which provides various details such as reminders and other stuff from our MIS (again, built in-house) and can provide popups with this information and so on. It's possible to make sure the API knows who the current user is via NTLM authentication under Windows.
I need some way of the API being able to know who the user is when accessing from a Chrome device. This means the extension needs to be able to tell the API who the user is in a secure manner. If the API can establish the logged in user's Google Apps email address, it can determine who the person is from our database. My question is, how do I achieve this?
Some solutions that have been considered and rejected:
- Have the extension simply tell the API the current user's email address
Rejected due to the fact it could be easily faked. This must be secure. - Ask the user for their Active Directory credentials instead
The extension should be able to operate without user input - we can authorise the extension against the Google Apps domain on users' behalf.
In addition the Google OAuth 2.0 for login seems to be specific to websites which are presented in a browser. This needs to be handled silently.
I understand that this is a very vague question, but any recommendations or examples of very similar problems being solved would be appreciated. The core of it is this: how can I have a Chrome extension authenticate with a non-Google API using Google credentials? (The API can be extended to support this in any way necessary.)
Some further details:
- Our API is .NET-based
- The Chrome extension will run on our devices within the College only and these devices will be registered to our domain. Only users within that domain will be logged on and running the extension.
David
You can do the following :
- In the Google Cloud Console, create an API credential for a Chrome extension
In the Chrome extension, use the Identity API to obtain an authentication token for this application and send it to your API. You only need this scope :
https://www.googleapis.com/auth/userinfo.emailOn your API side, every time you receive a token, access the following URL (replace the access token in the example with the one sent by the extension) :
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ya29.iAXXXXXXXXXXXXXXi-mrflhzc-X-U14eb
You will get something like this :`
{
"issued_to": "407408718192.apps.googleusercontent.com",
"audience": "407408718192.apps.googleusercontent.com",
"user_id": "1170123456778279183758",
"scope": "https://www.googleapis.com/auth/userinfo.email",
"expires_in": 3585,
"email": "[email protected]",
"verified_email": true,
"access_type": "offline"
}
Make sure that the audience is the Chrome client id (very important), and you have the email !
Collected from the Internet
Please contact [email protected] to delete if infringement.
edited at
- Prev: Which version of NEST NuGet package should be used with Elasticsearch 1.x?
- Next: Why jsf life cycle skips render response after Invoke application when redirect the page?
Related
Related Related
- 1
Access Local Files using a Google Chrome Extension
- 2
Google Chrome - Extension vs App
- 3
Google Chrome Extension Opening Url
- 4
Javascript not working in a google chrome extension
- 5
angularjs and google chrome extension
- 6
Redirect to url Using Google chrome Extension
- 7
Insert event with Google Calendar API in Chrome Extension keeps failing
- 8
How to authenticate with Google Email Settings API using service account oauth2 Python client?
- 9
Use oauth2 service account to authenticate to Google API in python
- 10
chrome extension: getting user's email address who logs into the google account/gmail account
- 11
Chrome Extension - Javascript Origins for Google API
- 12
Changing the background of the google search page using my chrome extension
- 13
Injecting jQuery into Google.com using a Chrome Extension
- 14
Authenticate own Google account for Blogger API with Java
- 15
Using Google Charts in Chrome extension
- 16
Add contact using contact app to a non google account
- 17
Outputting Google API Calls Inside Chrome Extension
- 18
Using non-default service account in Google Cloud dataproc
- 19
Authenticate own Google account for Blogger API with Java
- 20
Extension to Google Chrome browser that restarts Google Chrome
- 21
Using google closure library inside chrome extension content script
- 22
Is there a way to pass information from Google Chrome using an extension?
- 23
angularjs and google chrome extension
- 24
Error with google chrome extension
- 25
Google Chrome extension malware?
- 26
Add contact using contact app to a non google account
- 27
Sign in to Chrome with google account
- 28
Defining a hotkey in Google documents using Chrome extension
- 29
Powershell for Google Cloud: Authenticate with a service account
Comments