Chrome Extension example of oAuth 2.0

Question

The chrome developer extension tutorials use an outdated oAuth 1 that will be phased out in April 2015: https://developer.chrome.com/extensions/tut_oauth

Is there a tutorial of implementing oAuth 2.0 inside a chrome extension?

Answer 1

At this point, you may need to add "https://www.googleapis.com/auth/contacts" in manifest.json

....
"oauth2": {
    "client_id": "[Your Client Id]",
    "scopes": ["https://www.googleapis.com/auth/contacts"]
  }
....

Answer 2

I personally find the Chrome Identity API hard to use. Maybe it's because the documentation is poorly written or because Google is only straightforward about doing authentication against their own services.

I found an old library that does most of the OAuth dance and the required injections pretty well. I did some cleaning and extended the API. You can find it here: https://github.com/whoisjuan/ChromeAuth2

Answer 3

I've written an example of how to integrate any OAuth2 system into a Chrome extension. My extension uses AngularJS as the framework, but you could do it in plain old JavaScript or some other framework if you so choose by following the same patterns.

The trick is to use the chrome.identity.launchWebAuthFlow() method.

My example is actually configured to use Google, but that's merely because it is convenient. You can use your own OAuth2 provider, as I do at my company. The important distinctions are that launchWebAuthFlow() doesn't require the browser to be logged into Google the way the chrome.identity.getAuthToken() method would, and that you can use it with non-Google OAuth2 systems.

Answer 4

The right answer was to use Google Identity api, which under the covers uses oAuth 2.0 endpoints to https://.chromiumapp.org/* urls.