firefox support

[janat08]

firefox adopted chrome's extension format

[janpio]

Just cloned the codebase and now testing on Firefox:

• Warning after install:
• Options are automatically opened after install
• "Use OAuth" button does not work :(
• "Create an auth token" button works
• Token is not persisted after pasting into text field :(
  • Think I found the reason:
  • Should be fixable quite easy:
    • Add this to manifest.json:

        ,
        "applications": {
          "gecko": {
            "id": "contributors-on-github@hzoo.github.com"
          }
        }

• With the fix in place the token is successfully persisted in the options 🚀
• "Use OAuth" now also opens a popup, but the URL https://cjbacdldhllelehomkmlniifaojgaeph.chromiumapp.org/provider_cb?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch does not seem to work
• It is definitely showing something for PRs now (no idea if this was there before I entered the token, didn't check), unfortunately no information:
  • I am not sure where the requests would/should be made to fill this, and what they would look like

[janpio]

• I am not sure where the requests would/should be made to fill this, and what they would look like

Checked in Chrome for https://github.com/fastlane/fastlane/pull/15255:

https://api.github.com/search/issues?q=+author:mollyIV+repo:fastlane/fastlane+type:pr&access_token=...&order=asc&per_page=1&sort=created
https://api.github.com/search/issues?q=+author:mollyIV+repo:fastlane/fastlane+type:issue&access_token=...&order=asc&per_page=1&sort=created

You can also trigger a re-request by clicking the reload button - nothing is happening in Firefox if you do this.

[janpio]

After some glorious console.log debugging of content.js I know that update throws this:

TypeError: "NetworkError when attempting to fetch resource."

The generated searchURLs are totally fine though and would return the correct data.

---

Turns out you have to request access to the URLs you want to fetch from: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#Host_permissions Makes sense.

Adding this to the manifest.json makes it work:

  "permissions": [
    "https://github.com/*/*",
+   "https://api.github.com/*",
    "storage",
    "identity"
  ],

Tadaaa!

[janpio]

On to:

• "Use OAuth" now also opens a popup, but the URL https://cjbacdldhllelehomkmlniifaojgaeph.chromiumapp.org/provider_cb?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch does not seem to work

The url generated for getTokenFromOauth looks valid enough: https://github.com/login/oauth/authorize?client_id=1a3ac4d44a9e65a75a77&client_secret=ab3c3a116e35d9fe11d409cb8c1205e9ae5a7e91&redirect_uri=https%3A%2F%2Fa5214dd0dba2954f758dc5038d74737e71ba6e6a.extensions.allizom.org%2Fprovider_cb&scope=public_repo

Some documentation on this strange allizom.org URL and how to get it: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/identity#Getting_the_redirect_URL

Looking at the error URL from before, we have this:

• error = redirect_uri_mismatch
• error_description = The redirect_uri MUST match the registered callback URL for this application.
• https://developer.github.com/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch

That explanation links contains:

To correct this error, either provide a redirect_uri that matches what you registered [...]

So I guess there is a GitHub app (client_id = "1a3ac4d44a9e65a75a77" from auth.js) involved that has registered a redirect_uri that is allowed:

From looking at what Chrome does, it seems this is https://cjbacdldhllelehomkmlniifaojgaeph.chromiumapp.org/provider_cb there.

Manually overriding the URL in auth.js with the one from Chrome leads to a successful OAuth popup:

- const redirectUri = chrome.identity.getRedirectURL("provider_cb");
+ const redirectUri = "https://cjbacdldhllelehomkmlniifaojgaeph.chromiumapp.org/provider_cb";

Yay!

But of course this is a terrible hack, as I assume this cjbacdldhllelehomkmlniifaojgaeph thing could change any time.

So I guess @hzoo could/should add "https://a5214dd0dba2954f758dc5038d74737e71ba6e6a.extensions.allizom.org/provider_cb" to the GitHub app as accepted redirect_uri as well and the OAuth popup should work as well 🚀