#6218 Use extension-specific oauth redirect url

[martgil]

This PR replaces the Google robots.txt redirect URL to extension specific oauth redirect URL.

Closes #6218

---

Tests (delete all except exactly one):

• Does not need tests (refactor only, docs or internal changes)

---

To be filled by reviewers

I have reviewed that this PR... (tick whichever items you personally focused on during this review):

• addresses the issue it closes (if any)
• code is readable and understandable
• is accompanied with tests, or tests are not needed
• is free of vulnerabilities
• is documented clearly and usefully, or doesn't need documentation

[sosnovsky]

Hi @martgil, a lot of tests are failing because local dev extension builds use dynamic extension id. Maybe there is some way to use fixed id for local builds, so we can add this id to the list of allowed redirect URIs for our OAuth app.

[martgil]

You're correct, Roma. I'll look for some other alternative.

[martgil]

Hello @sosnovsky - Just a quick question. The Mozilla Firefox extension id has also this dynamically generated id, does this means, the extension id for both builds should matches exactly identical? Or does the Mozilla firefox build has to had the static extension id too?

[sosnovsky]

identity.getRedirectURL() in firefox uses id from browser_specific_settings property of manifest.json (https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/identity/getRedirectURL), so probably it shouldn't change between builds and remain static

[sosnovsky]

also firefox uses browser.identity.getRedirectURL() instead of chrome.identity.getRedirectURL()

[martgil]

Got it - thanks!

[martgil]

Hello @sosnovsky - I have managed to make a static extension id from which the current one we have on this PR is nnlimfkjgafpgmilbnaabplbokhpicbo. I have certificate where the key is originated from. It it technically a test file but should I keep it uploaded here somewhere in test/?

[sosnovsky]

is this certificate required for creating local builds? if no, then there is no need to put it in the repository
also your current solution adds key property directly to manifest.json which will probably affect our production builds. I think we should have a separate chrome-consumer-local build and inject key property only for this build type

[martgil]

is this certificate required for creating local builds? if no, then there is no need to put it in the repository

Edit: No, it is not required for creating the local builds. Thanks for your answer.

I think we should have a separate chrome-consumer-local build and inject key property only for this build type

Got it - will do.

[martgil]

Hi @sosnovsky - May I here your feedback on this one, please? I may have missed important ones.

[sosnovsky]

it'll probably won't work, as we now use extension id specific redirect URIs, and https://www.google.com/oauth2/callback won't be called causing auth process stuck.

I also re-checked launchWebAuthFlow documentation, and looks like it should work with our current OAuth Client ID, so users won't need to re-authenticate and their current refresh tokens will stay valid. Also switching to launchWebAuthFlow will allow us to remove a lot of our custom OAuth code (like oauth2_inject.ts, oauth2_finish.ts etc).

So let's try to migrate auth to launchWebAuthFlow, hopefully it won't require a lot of code changes and we already have it implemented in ConfiguredIdpOAuth, so you can re-use some code from it.

[martgil]

Thanks Roma. I have followed your suggestions. It doesn't seem to have required alot of code changes. Can you please give it another check?

[sosnovsky]

well done 👍

[martgil]

Hi @sosnovsky - I have manually tested it on Firefox and it works well now. Then tests for the chrome build have passed too. Feel free to re-check at your convenience.

[sosnovsky]

works great now, well done 👍

[sosnovsky]

let's use existing Catch.isFirefox() check