Does the chrome.identity api work in chrome extensions in brave?

[ZYinMD]

Description

I'm a chrome extension developer. In my extension I call chrome.identity.getAuthToken() to do oAuth, this normally pops up a sign-in window in Chrome. The identity API is what made oAuth possible in extensions. However, in Brave, the popup doesn't appear, and in the console it shows Unchecked runtime.lastError: The user turned off browser signin.

So is chrome.identity supported in Brave?

Steps to Reproduce

1. call chrome.identity.getAuthToken() in an extension. (if you want to try with an existing extension, try the extension "Full Screen for Google Tasks".

Actual result:

No oAuth window appears. In the console it shows Unchecked runtime.lastError: The user turned off browser signin.

Expected result:

oAuth window appears.

Brave version (brave://version info)

Brave | 1.2.42 Chromium: 79.0.3945.117 (Official Build) (64-bit)
Revision | 04f0a055010adab4484f7497fbfdbf312c307f1d-refs/branch-heads/3945@{#1019}
OS | Windows 10 OS Version 1903 (Build 18362.295)

Version/Channel Information:

• Can you reproduce this issue with the current release?
  Yes
• Can you reproduce this issue with the beta channel?
• Can you reproduce this issue with the dev channel?
• Can you reproduce this issue with the nightly channel?

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields?
  No
• Does the issue resolve itself when disabling Brave Rewards?
  No
• Is the issue reproducible on the latest version of Chrome?
  No

[bsclifton]

@ZYinMD I believe this is expected behavior, as we do disable browser sign in. Any calls made to GAIA are non-routable

@jumde can you confirm?

cc: @pilgrim-brave @tomlowenthal

[pilgrim-brave]

Confirmed. GAIA is unavailable in Brave in any context.

[ZYinMD]

Thanks!

[jamesturnernz]

Hi, just wondering if there is an alternative please?

If I can't use GAIA chrome.identity.getAuthToken() in my extension, but still want to offer Google Auth, how can I do this please?

Thanks

[bsclifton]

Quick update - @jumde is looking at getting some of this functionality working in Brave (put behind a flag of course)

[ss87codes]

@jumde @bsclifton any update on this pls? We are looking to provide Google Auth via chrome extn on brave.

[jumde]

Hi @ss87codes - You should be able to use this api by enabling Allow Google login for extensions in brave://settings/extensions. If you are running into any issues, let us know.

[ss87codes]

Thank you @jumde

[kospl]

@jumde I have enabled Google sign in

but each time extension calls chrome.identity.getAuthToken, browser asks me reauthenticate with my Google email and password. Even after this I am getting

The user is not signed in.

error.

Reset Brave, after that I am getting

OAuth2 not granted or revoked.

error when calling chrome.identity.getAuthToken in non-interactive mode (instead of The user is not signed in., which is better of course). But chrome.identity.getAuthToken in interactive: true mode is hanging and not returning response, anything.

After that restarted Brave one more time - and it worked! chrome.identity.getAuthToken in interactive mode let me chose account and returned valid token, then extension worked.

[jumde]

@kospl - We noticed an issue in the recent builds a few days back: #14041 - we are working on a fix.

[MoeBazziGIT]

Any update on this?

[jumde]

@MoeBazziGIT - Update here: #15754 (comment)

We haven't found any extensions where chrome.identity API is used with 3p Google APIs. So we've paused the work here: brave/brave-core#10103

[dcow]

@MoeBazziGIT - Update here: #15754 (comment)

We haven't found any extensions where chrome.identity API is used with 3p Google APIs. So we've paused the work here: brave/brave-core#10103

Writing in to let you know that our browser extension does use other oauth scopes with the identity api. We request gmail.readonly and gmail.modify and have been approved by Google.

[bsclifton]

@dcow I believe the chrome.identity patches recommended by upstream have been pulled in. If extensions support 3p identity, it should work

cc: @ShivanKaul

UPDATE: here we go - found it - #15754
Fixed with brave/brave-core#14069

[dcow]

@bsclifton neat I'll test our extension out on Brave. Came across this thread in a discussion with another chrome-embedder's team about supporting the identity api and it wasn't clear what the resolution was here. Thanks for the update!

[zereraz]

I have extension working in chrome using chrome.identity.getAuthToken specifically https://developer.chrome.com/docs/extensions/how-to/integrate/oauth case but when I call it in Brave I get

Access blocked: <Name> request is invalid.

Error 400: invalid_request
Custom URI scheme is not supported on Chrome apps.

Is this not supported?

edit: just saw this GoogleChrome/developer.chrome.com#7434 (comment) wonder if it is still applicable.

[jacekzlowocki]

Hi!
Have the same problem as @zereraz here.

We are using Chrome Identity API in our extension (chrome.identity.getAuthToken()), but Brave seem to still send redirect URL with the custom URI scheme, which is no longer supported by Google

The "Allow Google login in extensions" setting doesn't make any difference

You can replicate with our Meeting Timer for Google Meet extension

Please consider reopening the issue