Instead of signing-in through the pop-up, the extension will prompt the user to sign-in through https://icloud.com. The background script will sniff the responses of the icloud.com requests (via webRequest listeners) to extract the auth tokens it needs.
Signing-in through the official icloud.com page of Apple has the following benefits:
Feels more secure from a user pov. Even though there's no practical difference, users feel more comfortable submitting their password on an Apple hosted surface rather than a random extension.
TODOs to get the extension into a publishable state:
[x] Add post installation help page
[x] Test 6 digit code 2FA
[x] Test passkey sign-in
[x] Test on Firefox
[ ] Fix dependabot alerts
[x] Stretch: rework the SignInInstructions copies/presentation
Instead of signing-in through the pop-up, the extension will prompt the user to sign-in through https://icloud.com. The background script will sniff the responses of the icloud.com requests (via
webRequestlisteners) to extract the auth tokens it needs.Signing-in through the official icloud.com page of Apple has the following benefits:
TODOs to get the extension into a publishable state: