Flexible: Extension does not handle authentication or payment itself - it just uses credentials passed to it from providers, following a set standard. Users have their authentication experience on a web page outside of the extension.
Decentralized: i.e. no direct dependencies in the Window codebase. Method # 2 above below is weak on this (since each new provider would need to be added manually in a window.ai PR), but seems very secure
Secure: method # 1 below (window.postMessage) seems to lack here, same w/ query param. But it's possible to reduce this with e.g. refresh tokens and expiration times
Options
Using window.postMessage to send it to the extension inside a content script
Requirements
Options