Single sign in based on cookie - website and chrome extension #190
Comments
tomerzcod7
added
the
third-party-cookie-deprecation
tomerzcod7
changed the title
|
Hi @tomerzcod7, can you describe what breaks in a little more detail? It sounds like this breaks sign-in to your extension, but how did it work prior to 3PC blocking? There must be some messaging between the site or iframe and the extension involved here, no? A more detailed description of the flow of information would be nice :) Thanks! |
|
Hey @johannhof, thanks for replying. The way it works at the moment is when you log in, you get a 3rd party (SameSite=none) authentication cookie. The iframe has access to the 3rd party authentication cookie and the cookie is being sent with the HTTP requests and the user is authenticated. So the extension code itself doesn't actually contain any logic regarding the authentication, it is only responsible for some UI stuff and for loading the iframe. |
|
You could try to transition your SSO to use one of the new Privacy Sandbox APIs, but given that this seems to be an internal tool for your business, allow-listing the affected site via the chrome.ContentSettings API or Enterprise Policies seems like the easiest thing to do, for now. |
|
Closing, please re-open if there is any further discussion. |
In our company, we have a main website and a Chrome extension that runs on any website, which loads an iframe.
(For example, our website is dashboard.y.com, and the iframe loads iframe.y.com)
We use a single login mechanism, based on a 3rd party cookie, to make sure that when a user logs in on the website he will also be logged in on the extension.
This mechanism obviously breaks with third-party cookie deprecation. I've been reading the guide provided for the phasing out, but I don't think CHIPS or any of the other solutions would be suitable for this use case.
Are there any other recommendations?
Thanks in advance
The text was updated successfully, but these errors were encountered: