3

I'm working on a developing a browser extension which uses StackExchange API authentication. I was able to successfully implement the authentication for Microsoft edge/Chrome when I added chromiumapp.org as the OAuth Domain in the app settings & redirecturi = browser.identity.getRedirectURL('oauth2') as mentioned here.

But this doesn't work with Firefox since the domain chromiumapp.org is specific to chromium browsers. The domain for Firefox is allizom.org. And its not possible to add multiple domains to the StackApp in app settings.

  1. So as suggested in the questions here & here, I tried adding stackexchange.com as the OAuth Domain in app settings & redirect_uri = https://stackexchange.com/oauth/login_success, but this create another issue (similar to this & this),

    where, when the user clicks the login button, a new window is opened for the authorization which lets the user login to stack overflow. And once the login is successful, the window should automatically close. But the window gets redirected to the https://stackexchange.com/oauth/login_success which is the redirect_uri and gets stuck there. (below screenshot)

    I tried the same in a new instance of a browser which lets me login to using Google/GitHub OAuth, but even that returns to the same page an gets stuck there.

  2. I'm also wondering if using the domain chromiumapp.org or allizom.org is secure at all! As mentioned in this answer, it sounds like a security concern.

Can anyone please help with solving this issue?

OAuth screen - Authorizing Application


5
  • 2
    You can register 2 apps, one for the chromiumapp.org and one for the allizom.org oauth domain. Not ideal but if nothing betters comes up it might be the workaround.
    – rene
    Commented Sep 18, 2022 at 14:16
  • Yes, that's what I'm working on right now, but I was hoping to have one single app.
    – Gangula
    Commented Sep 19, 2022 at 6:43
  • I'm also wondering if using the domain chromiumapp.org or allizom.org is secure at all! As mentioned in this answer, it sounds like a security concern.
    – Gangula
    Commented Sep 19, 2022 at 6:50
  • So while you say it is "stuck" you're also sure the url doesn't have the access_token as fragment (end of the url after the #) added. Because that might look like you're on the same page but if only the fragment changed nothing visible will happen on the page.
    – rene
    Commented Sep 19, 2022 at 17:05
  • A new window is opened for the authorization which lets the user login to stack overflow. And once the login is successful, the window should automatically close. But the window gets redirected to the page in the screenshot above and gets stuck there.
    – Gangula
    Commented Sep 19, 2022 at 17:10

1 Answer 1

0

The best solution that I'm currently using for one of my applications is to have 2 different "Stack Apps", with different OAuth Domains - one for the chromiumapp.org and one for the allizom.org.

This is the only way that's working for me.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .