如何在我的网站和chrome扩展程序之间保持用户的登录状态 [英] How do I persist login state for a user between my website and my chrome extension
问题描述
我构建了一个Chrome扩展程序,其中使用内容脚本注入将登录表单显示为侧边栏.如果用户已经在网站上登录,我不希望用户看到此登录表单;如果用户在Chrome扩展程序上登录然后访问该网站,则反之亦然;
I built a Chrome Extension, where a login form is displayed as a side bar using content scripts injection. I do not want the user to see this login form if the user is already logged in on the website and vice versa if the user logs in on the Chrome Extension and then visits the website, user should automatically log in.
当用户成功登录时,我正在从后端返回令牌.
I am returning tokens from the backend when a user successfully logs in.
我的问题是,存储这些令牌的最佳方法是什么,以便扩展程序和网站中的内容脚本都可以访问令牌以检查用户是否已经登录.
My question is, what is the best way to store these tokens so both the content scripts in my extension and the website have access to the token to check to see if the user is already logged in.
据我了解,我有localStorage和ChromeStorage,但我不知道它们是否在浏览器和扩展程序的选项卡之间共享.
As far as I understand I have localStorage, ChromeStorage but I do not know if they are shared between the tabs of the browser and the extension.
高度赞赏任何方向.
谢谢.
推荐答案
如果要返回令牌,一种合理的方法是将内容脚本注入与包含令牌的回调URL匹配的页面中,将其提取并保存到 chrome.storage 中.它在内容脚本和所有其他扩展上下文之间共享.
If you're returning tokens, a reasonable way to do it would be to inject a content script into pages that match the callback URL containing the token, extract it and save into chrome.storage. It is shared between the content script and all other extension contexts.
请注意: chrome.storage 并不完全安全:它没有在磁盘上加密,可以通过Dev Tools监听.再一次,令牌通常存储在cookie存储中,即使没有访问(稍微)更安全的密码存储也可以对其进行检查.
Do note: chrome.storage is not exactly secure: it's not encrypted on disk, and can be snooped upon with Dev Tools. Then again, the token is normally stored in the cookie store, which can be likewise examined even without access to the (slightly) more secure password storage.
也许将令牌保留在扩展中的唯一更安全的方法是 chrome.identity API,但随后您必须单独登录,这会打败您的目标.
Perhaps the only more secure way to keep the token in the extension is chrome.identity API, but then you have to login separately, defeating your goal.
这篇关于如何在我的网站和chrome扩展程序之间保持用户的登录状态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
