6

I'm wondering what will be the best way to implement Facebook connect for a browser extension .
the two options I have in mind are:

  • Implement Oauth protocol directly in the extension context (http://developer.chrome.com/extensions/tut_oauth.html)
  • Implement it in a website then pass somehow the access token to the extension to make the API calls

What in your opinion are the pros and cons of each method?
Also would love to get some examples of browser extensions that use Facebook for authentication (apparently there aren't too many that are easy to find...)

Thanks

Yaniv Golan
  • 982
  • 5
  • 15
  • 28

1 Answers1

1

I'll be honest, it's a little hard to weigh up Pros and Cons without knowing what your extension will actually be doing since the implementation of authentication is only one piece of the puzzle (a very small piece at that). Regardless I'll take a punt and assume that most of the time your extension won't be doing things with users data unless they have their browser window open.

1. Client side authentication (your first option)

Pros

  • Easier to develop and maintain since you'll have all your application logic all in one place and written in one language (JavaScript)

Cons

  • The access token is stored in the users browser and therefore you can't perform autonomous server side operations (unless you pass that token to your service)

2. Server side authentication (your second option)

The pros and cons for this one are pretty obvious based on my answer above. Generally speaking the only time you'll ever need to use server side authentication is if most of your application logic is already on the server and therefore it (usually) makes sense to have this aspect there too.

Note: Which ever option you choose, you'll ultimately still need to display the authentication pop-up window to the user where they will choose to either accept or reject using your application.

Anton Babushkin
  • 406
  • 2
  • 12
  • The extension won't need to do much on facebook on behalf of the user how ever it will need to fetch some data to initialize each user, my major concern is that when implementing it client side I'll be harder to push changes without updating the extension, I think I'll need to go with the server side thingy then just hack away to get the access token in the extension as well (putting it somewhere in the DOM or something...) – Yaniv Golan Sep 12 '12 at 10:28
  • Sounds like you have quite a bit of application logic on the server side then. Keep in mind that, pushing updates to Google Chrome extensions is very easy. – Anton Babushkin Sep 13 '12 at 23:04