This recipe shows how to authorize Firebase via signInWithPopup in a Chrome extension with manifest v3
There are a number of ways to authenticate using Firebase, some more complex than others.
signInWithPopup
requires a popup to be displayed to your user. Additionally, many Firebase authentication methods need to asyncronously load sub dependencies. Manifest v3 extensions are required to package code they need to run within their extension.
To get around these incompatibilities, our service worker connects to an offscreenDocument. That document creates an iframe that connects to the remote web service, which loads a compiled version of our signInWithPopup
wrapper directly from our extension. This would normally be blocked by the browser, but we allow for this specific remote web service to connect to this specific file by specifying web_accessible_resources in our manifest.json. Once the compiled script has been loaded inside of the iframe, the firebase code is execute in the context of the remote web service. As a result, it is no longer blocked by the strict CORS rules used in Manifest v3.
As the firebase code executes, it will show the popup from signInWithPopup to your user. Once they complete their login flow the iframe sends the authentication results to the offscreenDocument via postMessage. The offscreenDocument then repeats the same data to the service worker.
- Clone this repository.
- Update firebaseConfig.js with your Firebase Config. This can be found on your Firebase dashboard.
- Run
npm run compile:signInWithPopup
. This will package the a specific version of the Firebase client into a single file controlled by our extension, rather than rely on an external service. - Ensure that
https://positive-fanatical-machine.glitch.me
is an "Authorized domain" in your Firebase Authentication dashboard - Load this directory in Chrome as an unpacked extension.
- Open the Extension menu and click the extension named "Firebase Auth - signInWithPopup".
- Open a console and run
let {userCred} = await firebaseAuth()