auth0-spa-js icon indicating copy to clipboard operation
auth0-spa-js copied to clipboard

Published 20 hours ago verified publisher icon auth0

Add support to run SDK in service-worker of a Chrome Extension

Open matteobad opened this issue 4 years ago • 3 comments

Describe the problem you'd like to have solved

We are trying to use this SDK inside a chrome extension. Since the Manifest v3 of the Chrome Extensions, all the code run in the background.js script that is a service-worker. The problem we are facing is that the SDK makes use of es-cookies library witch internally accesses the document object that is undefined on the chrome-extension context.

Chrome has its own API to access cookies, so theoretically it should be possible to add support in some way.

Describe the ideal solution

In the storage.ts check the existence of the document object before using es-cookies library, and add fallback to chrome.cookies API. I didn't have time to test this for now.

Alternatives and current workarounds

As of right now, the only solution for us is to implement the auth flow by hand without using the library

Additional context

After some debugging it seems that all of the incompatibility is due to external dependencies of the SDK such as es-cookies (document object) and browser-tabs-lock (access window object)

matteobad avatar Nov 05 '21 09:11 matteobad

Thanks for raising this feature request @matteobad 🎉 As you say, there are a few dependencies that could get in the way here so it's not a small undertaking, nor can I say right now whether we will or will not support this. However, we have an internal tracker for feature requests, to which I will add this one for us to investigate.

I don't have a timeline for when that will happen, but as soon as we've looked at it we'll get back to you here.

stevehobbsdev avatar Nov 05 '21 10:11 stevehobbsdev

Hey @matteobad!

Not on the Auth0 team, but I recently ran into this same exact issue while working on my own Chrome extension, and decided to create a fork of auth0-spa-js that works in background scripts with MV3. It's still in pre-release and a bit buggy, but if you want to check out what I have so far I'd love to hear any feedback or issues you run into. Right now it supports basically all the same functionality except refresh tokens & local storage caching. Here's the link to the repo with setup instructions (it's a little bit more involved than auth0-spa-js) or on npm.

Cheers!

pjhul avatar Feb 03 '22 00:02 pjhul

and browser-tabs-lock (access window object)

@matteobad This part might be the sticking point here, as we're unable to remove this dependency right now. Does this completely block you even if we were to solve the es-cookie issue?

stevehobbsdev avatar Feb 07 '22 15:02 stevehobbsdev

Even though we might be able to look into working around es-cookie, I believe it still won't work because of the fact that we can not drop browser-tabs-lock as mentioned by @stevehobbsdev .

Closing this for now, as there is no direct action we can take from our SDK.

frederikprijck avatar Aug 30 '22 19:08 frederikprijck