将Chrome扩展程序popup.html页面重定向到Oauth的URL [英] Redirect the Chrome extension popup.html page to a URL for Oauth

问题描述

是否可以将Chrome扩展程序的弹出式HTML重定向到远程URL?

Is it possible to redirect the popup Html of a chrome extension to a remote URL?

出于OAuth的目的，我正在研究这种情况.当用户单击使用FB登录"按钮时，

I'm looking into this scenario for the purpose of OAuth. When a user clicks on the "Login with FB" button,

我希望chrome扩展程序的HTML页面重定向到: https://www.facebook.com/dialog/oauth?client_id= {app-id}& redirect_uri = {redirect-uri} ，以便提示用户登录.

I want the Html page of the chrome extension to redirect to: https://www.facebook.com/dialog/oauth?client_id={app-id}&redirect_uri={redirect-uri} so that the user is prompted to log in.

这是否是在Chrome扩展程序中进行身份验证的正确方法?

Is this the right approach to do authentication in a Chrome extension anyway?

推荐答案

弹出式窗口非常脆弱.它们太容易关闭，用户无法使用密码管理器填写表单等.它们的大小也非常受限制.也许不是最好的主意.

Popups are very.. fragile. They are too easy to close, the user can't use password managers to fill the form etc. They are also very size-constrained. Maybe not the best idea.

您可以改为使用 chrome.windows 创建登录类型的窗口:

You can, instead, use chrome.windows to create a login-type window:

chrome.windows.create({
  url: "YourLoginURL",
  type: "popup",
  focused: true
});

---

但是，所有这些都不是在Chrome扩展程序中进行OAuth的本机"方法.

---

However, all that is not the "native" way to do OAuth in Chrome extensions.

本机方法是使用 chrome.identity API 特别是 chrome.identity.launchWebAuthFlow .

The native way is to use chrome.identity API, specifically chrome.identity.launchWebAuthFlow.

作为一项额外的好处，它使您可以使用虚拟的 https:回调URL，这是最受支持的选项，而无需拥有域.

As an added bonus, it allows you to use a virtual https: callback URL, which is the most widely supported option, without having to own a domain.

这篇关于将Chrome扩展程序popup.html页面重定向到Oauth的URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！