0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-13 21:30:30 -05:00

refactor(console): add chrome extension guide (#6178)

This commit is contained in:
Gao Sun 2024-07-05 11:49:20 +08:00 committed by GitHub
parent 1efa7e72a4
commit af44e87ebd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 340 additions and 19 deletions

View file

@ -0,0 +1,5 @@
---
"@logto/console": patch
---
add Chrome extension guide

View file

@ -12,6 +12,7 @@ import nativeExpo from './native-expo/index';
import nativeFlutter from './native-flutter/index';
import nativeIosSwift from './native-ios-swift/index';
import spaAngular from './spa-angular/index';
import spaChromeExtension from './spa-chrome-extension/index';
import spaReact from './spa-react/index';
import spaVanilla from './spa-vanilla/index';
import spaVue from './spa-vue/index';
@ -60,6 +61,13 @@ export const guides: Readonly<Guide[]> = Object.freeze([
Component: lazy(async () => import('./spa-angular/README.mdx')),
metadata: spaAngular,
},
{
order: 1.1,
id: 'spa-chrome-extension',
Logo: lazy(async () => import('./spa-chrome-extension/logo.svg')),
Component: lazy(async () => import('./spa-chrome-extension/README.mdx')),
metadata: spaChromeExtension,
},
{
order: 1.1,
id: 'spa-react',

View file

@ -0,0 +1,238 @@
import UriInputField from '@/mdx-components/UriInputField';
import InlineNotification from '@/ds-components/InlineNotification';
import Steps from '@/mdx-components/Steps';
import Step from '@/mdx-components/Step';
import NpmLikeInstallation from '@/mdx-components/NpmLikeInstallation';
import RegardingRedirectBasedSignIn from '../../fragments/_regarding-redirect-based-sign-in.md';
import extensionPopup from './extension-popup.webp';
<Steps>
<Step
title="Installation"
subtitle="Install Logto SDK for your project"
>
<NpmLikeInstallation packageName="@logto/chrome-extension" />
</Step>
<Step title="Understand the authentication flow">
Assuming you put a "Sign in" button in your Chrome extension's popup, the authentication flow will look like this:
```mermaid
sequenceDiagram
participant A as Extension popup
participant B as Extension service worker
participant C as Logto sign-in experience
A->>B: Invokes sign-in
B->>C: Redirects to Logto
C->>C: User signs in
C->>B: Redirects back to extension
B->>A: Notifies the popup
```
For other interactive pages in your extension, you just need to replace the `Extension popup` participant with the page's name. In this tutorial, we will focus on the popup page.
<RegardingRedirectBasedSignIn />
</Step>
<Step title="Configure your extension">
### Update the `manifest.json`
Logto SDK requires the following permissions in the `manifest.json`:
```json title="manifest.json"
{
"permissions": ["identity", "storage"],
"host_permissions": ["https://*.logto.app/*"]
}
```
- `permissions.identity`: Required for the Chrome Identity API, which is used to sign in and sign out.
- `permissions.storage`: Required for storing the user's session.
- `host_permissions`: Required for the Logto SDK to communicate with the Logto APIs.
<InlineNotification>
If you are using a custom domain on Logto Cloud, you need to update the `host_permissions` to match your domain.
</InlineNotification>
### Set up a background script (service worker)
In your Chrome extension's background script, initialize the Logto SDK:
```js title="service-worker.js"
import LogtoClient from '@logto/chrome-extension';
export const logtoClient = new LogtoClient({
endpoint: '<your-logto-endpoint>'
appId: '<your-logto-app-id>',
});
```
Replace `<your-logto-endpoint>` and `<your-logto-app-id>` with the actual values. You can find these values in the application page you just created in the Logto Console.
If you don't have a background script, you can follow the [official guide](https://developer.chrome.com/docs/extensions/develop/concepts/service-workers/basics) to create one.
<InlineNotification>
**Why do we need a background script?**
Normal extension pages like the popup or options page can't run in the background, and they have the possibility to be closed during the authentication process. A background script ensures the authentication process can be properly handled.
</InlineNotification>
Then, we need to listen to the message from other extension pages and handle the authentication process:
```js title="service-worker.js"
chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
// In the below code, since we return `true` for each action, we need to call `sendResponse`
// to notify the sender. You can also handle errors here, or use other ways to notify the sender.
if (message.action === 'signIn') {
const redirectUri = chrome.identity.getRedirectURL('/callback');
logtoClient.signIn(redirectUri).finally(sendResponse);
return true;
}
if (message.action === 'signOut') {
const redirectUri = chrome.identity.getRedirectURL();
logtoClient.signOut(redirectUri).finally(sendResponse);
return true;
}
return false;
});
```
You may notice there are two redirect URIs used in the code above. They are both created by `chrome.identity.getRedirectURL`, which is a [built-in Chrome API](https://developer.chrome.com/docs/extensions/reference/api/identity#method-getRedirectURL) to generate a redirect URL for auth flows. The two URIs will be:
- `https://<extension-id>.chromiumapp.org/callback` for sign-in.
- `https://<extension-id>.chromiumapp.org/` for sign-out.
Note that these URIs are not accessible, and they are only used for Chrome to trigger specific actions for the authentication process.
</Step>
<Step title="Update Logto application settings">
As we mentioned in the previous step, we need to update the Logto application settings to allow the redirect URIs we just created (`https://<extension-id>.chromiumapp.org/callback`):
<UriInputField name="redirectUris" />
And the post sign-out redirect URI (`https://<extension-id>.chromiumapp.org/`):
<UriInputField name="postLogoutRedirectUris" />
Finally, the CORS allowed origins should include the extension's origin (`chrome-extension://<extension-id>`). The SDK in Chrome extension will use this origin to communicate with the Logto APIs.
<UriInputField type="customClientMetadata" name="corsAllowedOrigins" />
Don't forget to replace `<extension-id>` with your actual extension ID and click the "Save" button.
</Step>
<Step title="Add sign-in and sign-out buttons">
We're almost there! Let's add the sign-in and sign-out buttons and other necessary logic to the popup page.
In the `popup.html` file:
```html title="popup.html"
<button id="sign-in">Sign in</button> <button id="sign-out">Sign out</button>
```
In the `popup.js` file (assuming `popup.js` is included in the `popup.html`):
```js title="popup.js"
document.getElementById('sign-in').addEventListener('click', async () => {
await chrome.runtime.sendMessage({ action: 'signIn' });
// Sign-in completed (or failed), you can update the UI here.
});
document.getElementById('sign-out').addEventListener('click', async () => {
await chrome.runtime.sendMessage({ action: 'signOut' });
// Sign-out completed (or failed), you can update the UI here.
});
```
</Step>
<Step title="Checkpoint: Test the authentication flow">
Now you can test the authentication flow in your Chrome extension:
1. Open the extension popup.
2. Click on the "Sign in" button.
3. You will be redirected to the Logto sign-in page.
4. Sign in with your Logto account.
5. You will be redirected back to the Chrome.
</Step>
<Step title="Check authentication state">
Since Chrome provide unified storage APIs, rather than the sign-in and sign-out flow, all other Logto SDK methods can be used in the popup page directly.
In your `popup.js`, you can reuse the `LogtoClient` instance created in the background script, or create a new one with the same configuration:
```js title="popup.js"
import LogtoClient from '@logto/chrome-extension';
const logtoClient = new LogtoClient({
endpoint: '<your-logto-endpoint>'
appId: '<your-logto-app-id>',
});
// Or reuse the logtoClient instance created in the background script
import { logtoClient } from './service-worker.js';
```
Then you can create a function to load the authentication state and user's profile:
```js title="popup.js"
const loadAuthenticationState = async () => {
const isAuthenticated = await logtoClient.isAuthenticated();
// Update the UI based on the authentication state
if (isAuthenticated) {
const user = await logtoClient.getIdTokenClaims(); // { sub: '...', email: '...', ... }
// Update the UI with the user's profile
}
};
```
You can also combine the `loadAuthenticationState` function with the sign-in and sign-out logic:
```js title="popup.js"
document.getElementById('sign-in').addEventListener('click', async () => {
await chrome.runtime.sendMessage({ action: 'signIn' });
await loadAuthenticationState();
});
document.getElementById('sign-out').addEventListener('click', async () => {
await chrome.runtime.sendMessage({ action: 'signOut' });
await loadAuthenticationState();
});
```
Here's an example of the popup page with the authentication state:
<img src={extensionPopup} alt="Popup page" width="100%" />
</Step>
<Step title="Other considerations">
- **Service worker bundling**: If you use a bundler like Webpack or Rollup, you need to explicitly set the target to `browser` or similar to avoid unnecessary bundling of Node.js modules.
- **Module resolution**: Logto Chrome extension SDK is an ESM-only module.
See our [sample project](https://github.com/logto-io/js/tree/HEAD/packages/chrome-extension-sample) for a complete example with TypeScript, Rollup, and other configurations.
</Step>
</Steps>

View file

@ -0,0 +1,3 @@
{
"order": 1.1
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

View file

@ -0,0 +1,16 @@
import { ApplicationType } from '@logto/schemas';
import { type GuideMetadata } from '../types';
const metadata: Readonly<GuideMetadata> = Object.freeze({
name: 'Chrome extension',
description: 'Build a Chrome extension with Logto.',
target: ApplicationType.SPA,
sample: {
repo: 'js',
path: 'packages/chrome-extension-sample',
},
fullGuide: 'chrome-extension',
});
export default metadata;

View file

@ -0,0 +1,26 @@
<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_99_2179)">
<path d="M24 33.9956C29.5228 33.9956 34 29.5185 34 23.9956C34 18.4728 29.5228 13.9956 24 13.9956C18.4772 13.9956 14 18.4728 14 23.9956C14 29.5185 18.4772 33.9956 24 33.9956Z" fill="white"/>
<path d="M24 14H41.3177C39.5628 10.9595 37.0384 8.43462 33.9982 6.67921C30.958 4.9238 27.5093 3.99976 23.9987 4C20.4881 4.00024 17.0395 4.92477 13.9995 6.6806C10.9596 8.43644 8.43551 10.9617 6.68109 14.0025L15.3399 29L15.3477 28.998C14.4668 27.4791 14.002 25.7548 14 23.9989C13.9981 22.2431 14.459 20.5177 15.3364 18.9968C16.2138 17.4759 17.4767 16.2131 18.9977 15.3359C20.5187 14.4586 22.2441 13.9979 24 14Z" fill="url(#paint0_linear_99_2179)"/>
<path d="M24 31.9166C28.3723 31.9166 31.9167 28.3722 31.9167 23.9999C31.9167 19.6277 28.3723 16.0833 24 16.0833C19.6278 16.0833 16.0833 19.6277 16.0833 23.9999C16.0833 28.3722 19.6278 31.9166 24 31.9166Z" fill="#1A73E8"/>
<path d="M32.6594 29.0025L24.0006 44.0001C27.5112 44.0006 30.96 43.0768 34.0003 41.3216C37.0406 39.5664 39.5652 37.0417 41.3202 34.0013C43.0753 30.961 43.999 27.5121 43.9983 24.0015C43.9977 20.491 43.0728 17.0424 41.3167 14.0027H23.9991L23.997 14.0104C25.7529 14.007 27.4786 14.4666 29.0002 15.3428C30.5218 16.219 31.7856 17.4809 32.664 19.0013C33.5425 20.5216 34.0046 22.2466 34.0038 24.0025C34.003 25.7584 33.5393 27.483 32.6594 29.0025Z" fill="url(#paint1_linear_99_2179)"/>
<path d="M15.3405 29.0025L6.68167 14.0049C4.92594 17.0449 4.00153 20.4936 4.0014 24.0041C4.00127 27.5147 4.92542 30.9635 6.68092 34.0036C8.43643 37.0437 10.9614 39.5681 14.002 41.3228C17.0425 43.0776 20.4915 44.0009 24.0021 43.9999L32.6609 29.0023L32.6553 28.9966C31.7803 30.5189 30.5194 31.7836 28.9998 32.6633C27.4802 33.5429 25.7555 34.0064 23.9996 34.007C22.2437 34.0076 20.5187 33.5453 18.9985 32.6667C17.4783 31.788 16.2166 30.5242 15.3405 29.0025Z" fill="url(#paint2_linear_99_2179)"/>
</g>
<defs>
<linearGradient id="paint0_linear_99_2179" x1="6.68109" y1="16.5" x2="41.3177" y2="16.5" gradientUnits="userSpaceOnUse">
<stop stop-color="#D93025"/>
<stop offset="1" stop-color="#EA4335"/>
</linearGradient>
<linearGradient id="paint1_linear_99_2179" x1="21.2683" y1="43.7327" x2="38.5866" y2="13.7365" gradientUnits="userSpaceOnUse">
<stop stop-color="#FCC934"/>
<stop offset="1" stop-color="#FBBC04"/>
</linearGradient>
<linearGradient id="paint2_linear_99_2179" x1="26.1651" y1="42.7511" x2="8.84675" y2="12.7549" gradientUnits="userSpaceOnUse">
<stop stop-color="#1E8E3E"/>
<stop offset="1" stop-color="#34A853"/>
</linearGradient>
<clipPath id="clip0_99_2179">
<rect width="40" height="40" fill="white" transform="translate(4 4)"/>
</clipPath>
</defs>
</svg>

After

Width:  |  Height:  |  Size: 2.7 KiB

View file

@ -17,19 +17,41 @@ import {
} from '@/ds-components/MultiTextInput/utils';
import type { RequestError } from '@/hooks/use-api';
import useApi from '@/hooks/use-api';
import type { GuideForm } from '@/types/guide';
import type {
CustomClientMetadataKey,
GuideForm,
Name,
OidcClientMetadataKey,
} from '@/types/guide';
import { trySubmitSafe } from '@/utils/form';
import { uriValidator } from '@/utils/validator';
import * as styles from './index.module.scss';
type Props = {
readonly name: 'redirectUris' | 'postLogoutRedirectUris';
const nameToKey: Record<Name, AdminConsoleKey> = Object.freeze({
redirectUris: 'application_details.redirect_uri',
postLogoutRedirectUris: 'application_details.post_sign_out_redirect_uri',
corsAllowedOrigins: 'application_details.cors_allowed_origins',
});
type Props =
| {
readonly name: OidcClientMetadataKey;
readonly type?: 'oidcClientMetadata';
/** The default value of the input field when there's no data. */
readonly defaultValue?: string;
}
| {
readonly name: CustomClientMetadataKey;
readonly type: 'customClientMetadata';
/** The default value of the input field when there's no data. */
readonly defaultValue?: string;
};
function UriInputField({ name, defaultValue }: Props) {
function UriInputField(props: Props) {
const { name, defaultValue } = props;
const type = props.type ?? 'oidcClientMetadata';
const methods = useForm<Partial<GuideForm>>();
const {
control,
@ -45,10 +67,7 @@ function UriInputField({ name, defaultValue }: Props) {
const ref = useRef<HTMLDivElement>(null);
const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
const api = useApi();
const title: AdminConsoleKey =
name === 'redirectUris'
? 'application_details.redirect_uri'
: 'application_details.post_sign_out_redirect_uri';
const title: AdminConsoleKey = nameToKey[name];
const onSubmit = trySubmitSafe(async (value: string[]) => {
if (!appId) {
@ -57,7 +76,7 @@ function UriInputField({ name, defaultValue }: Props) {
const updatedApp = await api
.patch(`api/applications/${appId}`, {
json: {
oidcClientMetadata: {
[type]: {
[name]: value.filter(Boolean),
},
},
@ -77,9 +96,13 @@ function UriInputField({ name, defaultValue }: Props) {
}
};
const clientMetadata = data?.oidcClientMetadata[name];
const defaultValueArray = clientMetadata?.length
? clientMetadata
const dataValue =
props.type === 'customClientMetadata'
? data?.customClientMetadata[props.name]
: data?.oidcClientMetadata[props.name];
const defaultValueArray = dataValue?.length
? dataValue
: conditional(defaultValue && [defaultValue]);
return (

View file

@ -1,4 +1,6 @@
export type GuideForm = {
redirectUris: string[];
postLogoutRedirectUris: string[];
};
export type OidcClientMetadataKey = 'redirectUris' | 'postLogoutRedirectUris';
export type CustomClientMetadataKey = 'corsAllowedOrigins';
export type Name = OidcClientMetadataKey | CustomClientMetadataKey;
export type GuideForm = Record<Name, string[]>;