2

I am making Firefox extension and implementing google-authentication , problem is that Firefox extension (browser.identity.getRedirectURL()) redirect_uri is not allowed to white list in google developer console, so redirect_uri mismatch error is happening , any guidance in this regard will be appreciate.

First i have implemented google-authentication in chrome extension ,there i have used (chrome.Identity.getAuthToken && chrome.identity.getProfileUserInfo) in chrome but these two function are not avaliable for firefox, for firefox i have created web application project in google developer console , but problem is that redirect_uri mismatching error happening. Google developer project not white listing the url generated by (browser.identity.getRedirectURL()) 

const redirectURL = browser.identity.getRedirectURL();
const clientID = "clientId";
const scopes = ["openid", "email", "profile"];
let authURL = `https://accounts.google.com/o/oauth2/auth?

client_id=${clientID}&response_type=token&redirect_uri=${encodeURIComponent(r edirectURL)}&scope=${encodeURIComponent(scopes.join(' '))}`; return browser.identity.launchWebAuthFlow({ interactive: true, url: authURL } , function (done , err) { console.log('done' , done); });

How to add the extension url in white list, or any other solution to handle this situation.

zaheer ahmed
  • 69
  • 1
  • 5

1 Answers1

0

Starting with Firefox 86, you can use a special loopback address as the redirect URI that does not require domain validation with Google. The format of this URI is http://127.0.0.1/mozoauth2/[subdomain of URL returned by identity.getRedirectURL()]. Below is an example of how to generate this URI.

const baseRedirectUrl = browser.identity.getRedirectURL();
const redirectSubdomain = baseRedirectUrl.slice(0, baseRedirectUrl.indexOf('.')).replace('https://', '');
const redirectUri = 'http://127.0.0.1/mozoauth2/' + redirectSubdomain;

Here are some additional details quoted directly from the MDN documentation:

identity.getRedirectURL() returns a URL at a fixed domain name and a subdomain derived from the add-on's ID. Some OAuth servers (such as Google) only accept domains with a verified ownership as the redirect URL. As the dummy domain cannot be controlled by extension developers, the default domain cannot always be used.

However, loopback addresses are an accepted alternative that do not require domain validation (based on RFC 8252, section 7.3). Starting from Firefox 86, a loopback address with the format http://127.0.0.1/mozoauth2/[subdomain of URL returned by identity.getRedirectURL()] is permitted as a value for the redirect URL.

Note: Starting with Firefox 75, you must use the redirect URL returned by identity.getRedirectURL(). Earlier versions allowed you to supply any redirect URL.

Starting with Firefox 86, the special loopback address described above can be used too.

mark.monteiro
  • 2,609
  • 2
  • 33
  • 38