How do chromiumapp.org extension redirects work for Google Chrome?
This is handled by the WebAuthFlow
class, whose purpose is the following:
Given a provider URL, load the URL and perform usual web navigation until it results in redirection to a valid extension redirect URL. The provider can show any UI to the user if needed before redirecting to an appropriate URL.
When the server instructs the browser to redirect to a valid extension redirect URL, that URL is instead passed to the callback function provided to chrome.identity.launchWebAuthFlow
.
The 'appropriate' URLs are hardcoded in web_auth_flow.cc
:
static const char kChromeExtensionSchemeUrlPattern[] = "chrome-extension://%s/";static const char kChromiumDomainRedirectUrlPattern[] = "https://%s.chromiumapp.org/";
So the special URL https://<app-id>.chromiumapp.org/*
only works in the context of a WebAuthFlow of the chrome.identity
API. Note that the mechanism is totally internal to Chrome. The URL is never requested.