I'm seeing this error:

Uncaught TypeError: _oauth2.default is not a constructor

Perhaps, it's is because I am using es6?

Please see my code: https://github.com/daljeetv/react-chrome-extension-boilerplate/blob/master/app/components/Home.js

This project is still one of the premier results for searches regarding Extensions and OAuth2, but it appears to be deprecated. Is there a successor?

So I tried following the steps .. i assume this is for making a Chrome App? If it is then I am getting this error "window.localStorage is not available in packaged apps. Use chrome.storage.local instead." is this library to old? Is there a newer one I should be using?

After auth. 'Oauth 2.0 Finish page' window stays unclosed.

console log : Scripts may close only the windows that were opened by it.

How can I remove this created chrome tab ?

"content_scripts": [
{
"matches": ["http://www.google.com/robots.txt*"],
"js": ["oauth2/oauth2_inject.js"],
"run_at": "document_start"
}
],

this code is not injecting script in given matches.

Somewhat related to issue #2.

var googleAuth = new OAuth2('google', {
    client_id:      client_id,
    client_secret:  client_secret,
    api_scope:      scopes.join(' ')
});

googleAuth.authorize(function() {
    /* ... */
});

Both OAuth2 and authorize load the adapter.

OAuth2 doesn't set the source config until after the adapter is loaded. Sometimes the loadAdapter() callback in authorize is called before the loadAdapter() callback in OAuth2, and when that happens openAuthorizationCodePopup() doesn't have a valid config.

I hacked it by adding a callback to OAuth2, and calling authorize from there, but that's just a hack.

If you try your app with this module, it tends to be stuck with a blank page right after the authentication...
just as described here:
http://productforums.google.com/forum/#!topic/chrome/1vgddw_gSC8

Not sure what causes this.

After granding permissions the target page "oauth2.html" don't work. It is no more alowed to use inline js.

clearAccessToken() makes subsequent authorization calls get stuck in its 'oauth2_finish.js' script. More precisely it gets stuck when calling lookupAdapterName() since 'localStorage.oauth2_adapterReverse' is undefined.

To reproduce this issue, do following:

1. Go through a complete authorization flow, and make sure you get authorized
2. Force a call to clearAccessToken()
3. Try to authorize again. You'll see that the finish script gets stuck

Will look further into this when I find time, but thought I could share my findings here already.

Hi,

I was wondering what other settings I have to take care of besides the steps mentioned in the Readme/blog and in the source code, that the OAuth 2.0 authentication will work correctly?

At the moment if I implement the client login in my Chrome extension following the simple samples, I keep getting Error: redirect_uri_mismatch messages.

I have set up a new project in the Google Cloud Console, registered a new app with "Chrome" type (with the extension ID from the Web Store), and got a client ID and client secret. No Redirect URI setting is shown me in the interface, and if I download the settings JSON, I see the following (as part of the total settings)

"redirect_uris":["urn:ietf:wg:oauth:2.0:oob","oob"]

If I set either of these as the return value of the redirectURL function in oauth2/adaptors/google.js I successfully get an access token - but the copy-paste type, which is not the intended outcome using this library.

I wonder how the sample code are set up from the Cloud Console point of view if that's used, that it can successfully redirect to https://www.google.com/robots.txt?

Any pointers, what am I missing?

I've been looking at ways to fix this, but I'm not sure if there are multiple ways to call it, but if you do something like:

var github = new OAuth2('github', .....);
github.authorize(function(){...});

This will load up two versions of the adapter as when they get called, they basically get called at the same time and the line of:

if (OAuth2.adapters[adapterName]) {
callback();
return;
}

is null. I added the code console.log(OAuth2.adapters[adapterName]); right above and it comes up with undefined.

Now if I do something like:

var github = new OAuth2('github', .....);
setTimeout(auth, 5);
function auth(){
github.authorize(function(){...});
}

Then the console.log(OAuth2.adapters[adapterName]) will display undefined and then the object, so at that time only one adapter will load. I'm trying to think of a way to fix this, but I'm stuck.

Hi,

First off, thank you for the library! It definitely makes working with OAuth easier.

I've been using it with the Google adapter and it seems to be losing refresh tokens.

I tracked the problem down and it looks like in oauth2.js on line 426 it sets newData.refreshToken to the refresh token value returned by refreshAccessToken(). The problem is that Google only sends a refresh token during the first OAuth exchange.

I modified my local copy of oauth2.js to set the refresh token like this instead: newData.refreshToken = re || data.refreshToken; and submitted a pull request

There should to be a possibility to define the redirectURL in the config, since some oauth providers only accepts one single pre-defined redirect url. This means that it won't be possible to use e.g. the 'http://www.facebook.com/robots.txt' one if you add oauth authentication on e.g. your main site as well (hence need another redirectURL than facebooks robot.txt).

I tried to add this support, but ended up getting problems after the redirect since the config wasn't known at that point (since it hadn't been saved to local storage yet) hence I couldn't call the redirectURL(config) since config was unknown. I'm sure this can be solved but I haven't had time to go to the bottom with this, so right now I just modified the redirect url in the provider library file.

Btw, thanks for a great extension oauth library! Have made my life a lot easier already! :)

I am attempting an oauth2 authorization for a project management system API, Everything seems to be functioning properly, until I get to the end of the injected JS.

When changing window.location to "redirect+params", it opens "about:blank" instead of "oauth2.html."
Of course this means the the process never truly finishes and I can not access the api.

If I console.log the redirect+params, I can click it in the console and it finishes properly.

Has anyone else seen this issue?

on Chrome Version 51.0.2704.106 (64-bit) in Ubuntu 14.04

I tried using it for a project and then tried the demo extension in the tree, and in both cases after loading the extension a tab opens up in chrome on the Facebook robots.txt page but the JS code doesn't end up executing the query with the token. Guessing something might've changed with how the end of the auth callback works? But with the demo, each time I click the browser action icon, a new tab opens but my music never gets populated.

could you please make library to support bower of twitter? i'd like to use the lib via bower. i think it much better handy.

Does this require storing them in plain text, or is there a way to do so more securely? If someone takes your client_id/client_secret they could impersonate your app and piggy back on it's reputation to encourage the user to grant them access, right?

Thanks!

If I include oauth2/oauth_inject.js in my manifest as a content script, and have it run at start, any time I try to go to any page using Chrome it redirects to about:blank. I'm not sure what it is I am expected to do.

Here's a link to my extension: https://github.com/BeagleLab/beagle/tree/feature/143-smus/build

I would like to know how to correctly setup the Google API Access.

The task sample worked fine for me.

I wanted to fill in my own client_id and client_secret in the sample code and then it no longer worked:
The User Dialog to accept access to tasks did come, afterwards the tab just closed and the app did not get access to the task API.

I set it up as a web application like this:

Client ID for web applications
Client ID: ......
Email address: ....
Client secret: ......
Redirect URIs: http://www.google.com/robots.txt
JavaScript origins:
https://localhost
http://localhost

Is this not correct? Should it be setup as an Installed Chrome Application or sth?
I tried setting it up as a chrome application but then there is no redirect URI to specify...
I am a bit lost, any help would be greatly appreciated :)

I'm developing a chrome extension for GitHub and wondering what values I should use on the registration page for Main URL and Callback URL. Since it's an extension it really has no URLs, so... is that what the values in the table are for? 😕

Google adapter can be update to accept the following optional parameters.
-- access_type (default: offline)
-- response_type (default: code)
-- approval_prompt (default: auto)

Whenever users first install the extension and it tries to OAuth, they get an invalid client id error (client id is undefined), presumably because the config data is written to localStorage after authorize() gets called. The quick fix I've made on my end is to pass an additional callback parameter to the OAuth2 constructor that gets called with the OAuth2 scope after instantiation instead of the suggested flow:

/* Before */
var googleAuth = new OAuth2('google', configHash);
googleAuth.authorize(function() {
  // Ready for action
});
/* After */
new OAuth2('google', configHash, function(auth) {
  auth.authorize(function() {
    // Ready for action
  }
});

Thoughts?