CRX auth was broken because it didn't have any way to get our custom JWT. chicken-and-egg problem -- it can't call /user/register to get the jwt, because that itself is protected by jwt header auth.
CRX launchwebauthflow calls /oauth/login/google instead of google directly.
pass auth credentials and user profile back to chrome via the callback response params.
After this I think we can deprecate /user/register, because both web and crx clients now get userProfile during auth flow.
CRX auth was broken because it didn't have any way to get our custom JWT. chicken-and-egg problem -- it can't call /user/register to get the jwt, because that itself is protected by jwt header auth.
After this I think we can deprecate /user/register, because both web and crx clients now get userProfile during auth flow.