Solid login in chrome extension

Hi, I am building a chrome extension that is supposed to read and write to solid pods and therefore also needs to provide authentication.
The chrome extension by @kidehen unfortunately doesn’t solve this problem as it doesn’t use any solid functionality in the extension popup itself.
I tried multiple approaches and always hit a wall at some point.
My first approach was using a popup login which uses a popup from a solid server. However, the chrome extension’s url is not automatically added to the trusted applications which is necessary for the read and write process as explained here.

Because of that, I included the popup in the chrome extension by just generating one with solid-auth-client. The popup that asks to trust this application does come up, however, the application is named as null and an error window appears after the access has been granted.



Nevertheless, the chrome extension does get added to my trusted applications. When I start the login process again, I get the message that I have been logged in, however, no access token is returned from the process, resulting in the session object to be null. I’m not sure why there would be a difference with the popup being hosted on a solid server or in my extension.

I also managed to get the original source code of the popup.html and tried changing the necessary parts to avoid that error. However, I get another error that occurs when calling getRegisteredRp(idp, options) from solid/oidc-rp.

I also considered letting the user log in through an external home page like @glensimister proposed, however, I am worried that the chrome extension wouldn’t be properly added to the trusted applications as the origin url would now be the one from the external home page.

Any thoughts are very welcome!

1 Like

I got something working by using @inrupt/solid-client-authn-browser and a chrome extension with a content script that adds a login button to the page html. Then the authorized app will actually be the page origin and not the extension url.

3 Likes

Please take a look at the very latest Structured Data Sniffer Extension. It includes an improved login feature that you should be able to reuse.

You can also look at our HTML5-based Single Page Application which also reuses the same Solid Authentication Client library.

In the latest version of WebClip, we manged to extend inrupt’s solid-authn-client-js to work based on chrome.identity.launchWebAuthFlow

All the code is in a dedicated module, so feel free to investigate. Perhaps it will become a library on it’s own one day.

Basically we introduced a custom redirector, the CromeExtensionRedirector that does the trick. All the other is mostly code boilerplate, to get it hooked up. This could be improved, if the inrupt library gets more customizable.

1 Like