Firebase Phone Number authentication in Chrome Extension

Is it possible?
I read a bit on but it mentions OAuth redirect domains all the time, not sure if chrome extension domains are valid for this?

Logoff oauth chrome extension

I’m developing a chrome extension and I using chrome.identity.getAuthToken to autenticate with google, the autentication login is working fine, but how I do to set logoff?

I see many ways to do it, but anyone don’t works great.

How I do to logoff an autentication from chrome extension?


How to solve a never ending loop of login screens when trying to OAuth in chrome extension?

Trying to learn oauth for my chrome extension using identity api.

I have uploaded code to

Issue :
When background file runs – it opens a new tab with Gmail login page.But even I provide right credentials login page keep appear again and again and I have to force quit Chrome.

A solution provided at
Stack Overflow Solution – mentions this occurs when app-ID in chrome is different at app-ID in
But I checked and rechecked it.Both values of app-ID is exact.
Can anybody guide me on this.


       "manifest_version": 2,
       "name": "outh-test-2",
       "short_name": "outh-test-2",
       "description": "Description for outh-test-2",
       "version": "1.0",
       "background": { "scripts": [ "background.js" ], "persistent": true },
       "content_scripts": [
           "run_at": "document_end",
           "matches": [
            "js": [ "content.js" ]
       "permissions": [
       "oauth2": {
          "client_id": "",
          "scopes": [


console.log('Welcome to background Page');

console.log('chrome Identity  = ', chrome.identity);

chrome.identity.getAuthToken({ interactive: true }, function (token) {
 if (chrome.runtime.lastError) {
 access_token = token;

Steps I followed
1. Created basic chrome extension with client-id and key values missing

2.Upload ziped extension file to

3.Copied public-key and item-id.

4.Create new project at google developer console

a)Create credentials for OAuth Client ID
b)Picked Chrome App as application type
c)Inserted Item-ID I got from webstore developer dashboard in application-ID text field
d)Got Client-ID in return.

6) Copied this client-ID in manifest.json file and also inserted pulic key here.

Wrote code for background.js and ran extension on chrome and boom – I am inside a loop where google ask for email password again, again and again…

Please guide me on this

A forward slash from https:// is being removed when sending a /oauth/authorize request to a Rails app from a chrome extension?

I am making a launchWebAuthFlow authorization code request from a Chrome extension to a Rails app hosted on Heroku. Doorkeeper is an OAuth wrapper for Rails, and that is what is processing my request. More specifically Doorkeeper::AuthorizationsController#new is processing the request as HTML (why HTML?).
The forward slash (/) is missing from both the URL encoded redirect_uri and the redirect_uri shown in the rails params. The url is correct on the chrome extension side of things (unless the launchWebAuthFlow built in function is doing something to it), so I think something is happening on the server.
It works in development so I don’t think anything is wrong on the extension. The app is hosted on Heroku.

Any idea of what could be going wrong here?

Can I authenticate a user from a Chrome Extension via their Github account without a backend server?

I am writing a Chrome extension^ and want allow users to authenticate via their Github account (targeting developers). I don’t want to setup a back-end server just for authentication, because all functionalities work perfectly offline within a browser.

I have done some research. It seems that there are two options to implement OAuth without your own backend server:

  1. Implicit grant (which github does not support?)
  2. Use some other services (e.g. Auth0)

My questions are:

  1. Can I authenticate a user via their Github account without any backend server?
  2. If I have to what does the authentication flow look like?

^ the tool without the authentication feature can be found here.

Can’t find Chrome extension installed in developer mode in Chrome Default Extensions folder

I’m trying to set up OAuth with the instructions on this page.
At step 2, ‘Copy key to your manifest’, I can’t find my app listed in this folder ~/Library/Application Support/Google/Chrome/Default/Extensions How do I find this key? I tried looking at the manifest file with the link ‘chrome-extension:///manifest.json’ by there is no key property on it.

Chrome Oauth Extension tutorial appears damaged

Sat 2017.10.07

I downloaded and unpacked chrome extension from:

L-Click on ‘Sample – OAuth Contacts’ (jigsaw puzzle icon) doesn’t start extension

R-Click on ‘Sample – OAuth Contacts’ (jigsaw puzzle icon) doesn’t allow ‘Inspect Popup’

and sub-menu ‘Sample – OAuth Contacts’ is also grayed out.

This example appears to be damaged as it is not possible to interact with details.

Also, What are the plans to provide more favorable tutorials now that Web Apps are no longer supported?

Thank you in advance

Using Oauth for authentication from a browser extension

I’m creating a browser extension to add functionality to some websites and I’m pairing it with my own web app/ api backend. I want authenticate users who POST to the api. And I’m using the Doorkeeper gem with a Rails app to make my app an Oauth2 provider.

The Google page on the topic ( says the client needs to register with the app (I have a sign up page set up) and then use

  {'url': '', 'interactive': true},
  function(redirect_url) { /* Extract token from redirect_url */ });

to hand the oauth


being an example of the url

So, my questions are:

1) Doorkeeper gives you an app_id and an app secret I don’t see anywhere to put those in this process. And since it’s an extension it’s all public so I don’t see the point in that anyway.

2) I don’t see how the user is supposed to get a client_id. My idea is that when a user logs in that will trigger the extension to send an ajax request in the background which will get the client_id and then I can keep that in storage. And if it ever gets lost the user can log in again and get it resent.

But just sending a client id doesn’t seem secure and really easy to brute force. Maybe you couldn’t log in as someone particular but you could log in as lots of people if you just have one number to guess.

And if I do make it more secure doesn’t that replace the functionality of the the token, or couldn’t I get the token more directly?