2

The difference between interactive an non-interactive modes as staed in the documentation of chrome.identity.getAuthToken() is not so clear to me even after repeated readings.

For a good user experience it is important interactive token requests are initiated by UI in your app explaining what the authorization is for. Failing to do this will cause your users to get authorization requests, or Chrome sign in screens if they are not signed in, with with no context. In particular, do not use getAuthToken interactively when your app is first launched.

and

Fetching a token may require the user to sign-in to Chrome, or approve the application's requested scopes. If the interactive flag is true, getAuthToken will prompt the user as necessary. When the flag is false or omitted, getAuthToken will return failure any time a prompt would be required.

  1. How to initiate interactive token request by an UI (that explains the reason for authorization) in my app? How will getAuthToken() understand if it has been invoke from an UI?
  2. "Do not use getAuthToken interactively when your app is first launched" - what is this caution for?
  3. How do interactive & non-interactive modes differ?
  4. "When the flag is false or omitted, getAuthToken will return failure any time a prompt would be required" - how do I know if a prompt is required or not?
sherlock
  • 2,397
  • 3
  • 27
  • 44

1 Answers1

1

Answers to your questions:

  1. For example, have a HTML button in your app to connect to the API:

myApp.html

<button id="connectMe">Connect to the API</button>
<script src="myApp.js"></script>

myApp.js

document.getElementById("connectMe").onclick = function(){
    chrome.identity.getAuthToken({interactive:true},function(token){
        if (token) // you have received authorization ...
    });
};

  1. It is to prevent the users of your app to be presented with an authorization request screen without them knowing what the authorization is for or why your app needs it. That is why they reccommend using a clear UI element (like the button in the answer 1).

  2. In interactive mode, the user will be presented the authorization screen if an authorization is needed (see here). In non-interactive mode, if an authorization were needed, calling the getAuthToken method will return error.

  3. A prompt is required when the user is not signed into Chrome or when the requested scope was not previously authorized.

In my (very limited) experience, I use {interactive:true} everytime: the first time it is used, the user is presented with the authorization screen. The subsequent requests are automatically handled by the identity API (if my requests return a 401 error Invalid Token, I use the same getAuthToken method and it fetches a new token automatically).

Iván Nokonoko
  • 4,888
  • 2
  • 19
  • 27
  • In my case it doesn't fetch it automatically, it rather creates a sign in popup and asks the user to authenticate and authorize the extension again. More details in the question below. https://stackoverflow.com/questions/52953850/oauth-for-gapi-avoid-authentication-and-authorization-after-initial-sign-in-fo – Afsan Abdulali Gujarati Oct 26 '18 at 14:21