Different ways to fetch OAuth token from an extension? Different ways to fetch OAuth token from an extension? google-chrome google-chrome

Different ways to fetch OAuth token from an extension?


OAuth providers will return some sort of reusable access token, which can be re-used on subsequent logins. Usually these are very long-lived. For example, dropbox returns an access token in the responseUrl (in the callback from the web flow), matching a regex pattern /access_token=([^&]+)/.

You can store this token in local storage and access it on subsequent attempts without going through the auth flow again.

The auth tokens don't always live forever (or they could be manually deauthorized), so you have to watch out for 401 response code, and do the web auth flow again if that occurs.

Logic ends up quite complex, something like:

  1. Get stored token
  2. If no stored token, then launch web flow and save auth token in local storage
  3. Try some operation using the stored token
  4. if 401, then redo auth flow and retry operation


matomo