Error 400: invalid_request - Custom URI scheme is not supported on Chrome apps.

[sturmenta]

Describe the bug This google tutorial (OAuth2: Authenticate users with Google) (Updated on Monday, February 6, 2023) is not longer working after this new OAuth Custom URI scheme restrictions (blog post created on October 02, 2023).

This means that new chrome extensions cannot make use of chrome.identity.getAuthToken to login.

✅ I found that using chrome.identity.launchWebAuthFlow can work to get the access_token in this repo example

To Reproduce Steps to reproduce the behavior:

1. Go and follow the tutorial step by step

Expected behavior chrome.identity.getAuthToken return a token

Screenshots

Desktop:

• OS: MacOS Ventura 13.5.2
• Browser: Brave Version 1.58.135 Chromium: 117.0.5938.140 (Official Build) (arm64)

[camflan]

yep same issue here, Arc browser

[sturmenta]

yep same issue here, Arc browser

Hi man, I found a way to make it work, code example in this repo https://github.com/sturm-dev/chrome-extension-google-auth

[albertpratomo]

Hi @sturmenta, could you share a brief explanation on how to make it work? Is Supabase required?

[sturmenta]

hello @albertpratomo, no supabase it's not required, there is 2 type of tokens, the access_token and the id_token, the first one is for use the google/youtube api, and the second one is only for identification for use with services like supabase

in the repo I use the chrome.identity.launchWebAuthFlow with a param of response_type:token to get the token instead of the old chrome.identity.getAuthToken that now not work anymore in chrome extensions

only using the launchWebAuthFlow_and_getAccessToken function that show in the repo example you can get this token to later make your own custom use

I hope this helps

[asaadmahmood]

Encountering the same issue!

[albertpratomo]

@sturmenta In your Google cloud console, are you having OAuth client ID for Chrome extension or web application??

For me I choose "Chrome extension", and I can't specify a redirect URI

[sturmenta]

@sturmenta In your Google cloud console, are you having OAuth client ID for Chrome extension or web application??

For me I choose "Chrome extension", and I can't specify a redirect URI

hi @albertpratomo, in this repo in the readme file I share the config for the google cloud console and more, I make it work using "web application"

[albertpratomo]

@sturmenta I also made it work using "web application" token and chrome.identity. launchWebAuthFlow. Thanks a lot!

[jpmedley]

@oliverdunk This seems more your area than mine. Can you give me a hand?

[albertpratomo]

Hi @sturmenta, now in this example we can get the access_token. But it expires in 1 hour.

Do you know how to make this access_token valid for a long term (can go months without login in again).

Do we need to get refresh_token?

[oliverdunk]

Hi all, using chrome.identity.getAuthToken is still supported but this requires using Chrome (not just Chromium) since it is based on Google account sign in. I just ran through the tutorial and was able to get things setup on my end.

It looks like there might be some support in Brave but it would be better to contact them for help with that.

Could you confirm if you were testing the tutorial in Chrome and if you did anything differently at any point?

[albertpratomo]

Indeed, chrome.identity.getAuthToken works in Chrome, but not in Arc or Brave.

So you mean this is something that should be taken care of by Arc or Brave?

[oliverdunk]

So you mean this is something that should be taken care of by Arc or Brave?

Definitely in the current state, at least. It looks like Brave are applying their own patches and that is where the custom URI scheme is being added: https://github.com/brave/brave-core/blob/9b9b01ac4a6eb7686ed971fc44bbded09b3d9175/patches/chrome-browser-extensions-api-identity-identity_get_auth_token_function.cc.patch#L97

Speaking personally, I think it'd be interesting to look longer-term at if we can support all Chromium browsers in the implementation. I haven't looked in to that yet though or checked to see if that has been considered in the past.

[sturmenta]

Hi @sturmenta, now in this example we can get the access_token. But it expires in 1 hour.

Do you know how to make this access_token valid for a long term (can go months without login in again).

Do we need to get refresh_token?

hello @albertpratomo, I will try to make it work using a refresh_token or something else and share the code here, thanks for continuing testing this 🙌🏻

[oliverdunk]

Closing this for now since I don't think there are any immediate action items in our documentation, but I definitely hope to look at this more in the future.

[sturmenta]

@albertpratomo sorry man but I ran into a blockage in the extension I was making so I had to give up the project, so I won't be able to continue trying to use the "refresh_token" to make the login last longer, I apologize and I hope you understand 🙏🏻

[albertpratomo]

No worries man @sturmenta I appreciate the effort, thanks!

[albertpratomo]

@jpmedley @oliverdunk Hi guys, is it maybe a good idea to include a tutorial on how to refresh the auth token? I imagine it's quite common that a Chrome extension needs the auth token valid for longer than only 1 hour. But it's quite hard to know how to achieve this with refresh_token.