Replies: 14 comments
-
Interested in this too! |
Beta Was this translation helpful? Give feedback.
-
Uhh I found this. Sounds interesting. Didn't check yet domeccleston/sharegpt#23 |
Beta Was this translation helpful? Give feedback.
-
I copied ShareGPT's approach and it works for me. Here are what I found:
|
Beta Was this translation helpful? Give feedback.
-
Oh, that's not good in my case 😅 I guess all communication between content script UI has to be done with events? |
Beta Was this translation helpful? Give feedback.
-
Please, keep us updated guys 😄. |
Beta Was this translation helpful? Give feedback.
-
Hey! I was looking into this today and implement a basic auth similar to shareGPT but couldn't really understand the use of storing the CSRF token in a hidden input? |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Understood! Thanks for the insight. Also, I was playing around with it a bit and made a few requests to the server and everything. Though I was unsure about the issue with security, suppose if I get the session with the session API endpoint of next-auth and make a request to my server with the UID of the user, doesn't that sound like a security nightmare? I mean, what if the user switches the UID in the request? So I was wondering of an approach where I get the session token itself and then parse the UID of the user in my backend, that will make it more secure. Though I tried making it work, but it does not seem to work as expected with editing the authOptions like-
I still wasn't able to see the session Token in the response despite ps- I am using the T3 stack. |
Beta Was this translation helpful? Give feedback.
-
Hi, this weekend I had the time to investigate this. I think I understood a couple of things about how cookies works in general and with NextJS auth in particular. And how they need to be configured from a Chrome extension. I wrote a discussion about it. Let me know what you think: |
Beta Was this translation helpful? Give feedback.
-
I managed to call my API from a content script. I think if done right is ok. You can read a longer explanation here But the gist is to enforce your API to handle CORS by only allowing some trusted sites to call your api. In my case this is what I want. I think Google would not allow a CORS like this with asterisk "Access-Control-Allow-Origin": "*" I think that's a security risk for your API |
Beta Was this translation helpful? Give feedback.
-
It looks like this issue did not receive any activity for 60 days. It will be closed in 7 days if no further activity occurs. If you think your issue is still relevant, commenting will keep it open. Thanks! |
Beta Was this translation helpful? Give feedback.
-
Ok so few issues here
Suppose you are not logged in to neither Chrome extension nor the web page How should chrome extension check if there was a login, when it should fire There should be a way to let chrome extension know that there was a login so that we can login the user in Chrome extension aka sync. Similar goes for the logout, if we can have a way to let chrome extension know, that there was a logout. But if user wants to logout from chrome extension say popup.html has a Logout button. How should that be implemented. Some of these questions might be not that great as I am new to chrome extension auth. But any help would be useful. |
Beta Was this translation helpful? Give feedback.
-
Hi All - just wanted to share a Chrome extension, dossi, that I had build and just open sourced that uses Next Auth for auth in combination with a web app for managing the Auth flow, etc.
|
Beta Was this translation helpful? Give feedback.
-
Question 💬
I am trying to use next-auth authentication from my chrome extension. I have spent numerous hours looking into different approaches but hitting in the wall and couldn't find a way to implement. I have implemented the next-auth as part of my NextJS app and trying to use the endpoint
'/api/auth/session'
to authorize from the Chrome extension. But this is always throwing CORS error. I have tried bypassing CORS by allowing all origins but no luck.I am using Prisma adapter with MongoDB and JWT strategy.
I have noticed that ShareGPT extension (https://github.com/domeccleston/sharegpt) somehow got this working, but I couldn't figure it out. I wish there was some guide as part of next-auth docs. Please help me figure this out.
How to reproduce ☕️
Call the session API from chrome extension which is running in the tab of different origin.
Contributing 🙌🏽
Yes, I am willing to help answer this question in a PR
Beta Was this translation helpful? Give feedback.
All reactions