Hi,

Using chrome web store extension i'm bumping into:

XMLHttpRequest cannot load http://localhost/api/auth/google/client_id. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://XYZ' is therefore not allowed access.

Am not a golang expert, trying to learn :) i understand that oauthClientIDGet() method needs modification, would appreciate the help.
thanks

Hi, thanks for reporting that.

I'm not sure what's better: add Access-Control-Allow-Origin header with the client ID to the server, or just add http://localhost:4000 to the Chrome extension's manifest permissions. For now I've done the latter because it's easier, however, publishing to Chrome Web Store is ridiculously hard: their robots always think that my extension violates policy (although it does not) and refuse to publish anything, after that I have to wait for a few business days for a real person to review my extension and finally publish it.

So, you can just enable "developer mode" in your chrome://extensions page, click "Load unpacked extension" and select the directory client/chrome-ext from the repository. (of course, pull the latest changes before doing that).

Hi,
thanks for looking into this,

i've tried the alternate way,

• no modifications to the extension's codebase
• unpacked extension loaded in chrome (macos)
• options for extension: server address: http://localhost:4000 - via options page
• geekmarks-server build on macos and running successfully with:
  sudo ./server/geekmarks-server --logtostderr --v=5 --geekmarks.port=4000 --geekmarks.postgres.url=postgres://geekmarks:geekmarks@localhost:5432/geekmarks?sslmode=disable --google_oauth_creds_file=/tmp/geekmarks_dev/main/google_oauth_creds.yaml
• valid google_oauth_creds.yaml

on the login screen (page-wrapper.html?page=login-logout...) when Login with GOOGLE is clicked:

Error in response to identity.launchWebAuthFlow: TypeError: undefined is not a valid argument for URI at new d (chrome-extension://fblmllolgliioiodenckffkphokpalnd/common/webui/vendor/uri/URI.min.js:26:454) at Object.callback (chrome-extension://fblmllolgliioiodenckffkphokpalnd/core/gmclient-factory.js:74:27) at chrome-extension://fblmllolgliioiodenckffkphokpalnd/core/gmclient-factory.js:65:29 chrome-extension://fblmllolgliioiodenckffkphokpalnd/page-wrapper/page-wrapper.html?page=login-logout&port_name=loginLogout#:1

Unchecked runtime.lastError while running identity.launchWebAuthFlow: Authorization page could not be loaded. at chrome-extension://fblmllolgliioiodenckffkphokpalnd/core/gmclient-factory.js:65:29

it seems the URI is expected as https://chromextensionID... (when chrome extension installed from chrome web app) while it actually is a chrome-extension:// like URI.

I'm using unpacked extension all the time, so it shouldn't be a problem (although I never tried it in mac, but I don't think it can make any difference at this level)

Will look into it later (I'm afk at the moment)

UPD: I think I got it, see the next message

Hmmm, I can't reproduce. I've taken the latest master, ran the backend locally which listens the port 4000, removed previously installed extension, loaded unpacked extension (from client/chrome-ext), set server address in the options to http://localhost:4000 , and when I click "Login with Google", it logs in just fine. And actually I was doing the same during development of the whole thing, so, no idea what could be wrong so far. :(

Backend logs:

I0218 15:50:49.366532       1 main.go:51] Listening at the port 4000 ...
I0218 15:51:05.576785       1 logger.go:94] 18.02.2017 | 200 |     664.461µs | 172.18.0.1:55908 |   GET     /api/auth/google/client_id
I0218 15:51:07.609575       1 authn_google.go:151] Google user "123456789123456789" (email "xxxxxxxxxxxx@gmail.com") belongs to user id 4
I0218 15:51:07.609791       1 authn_google.go:175] Getting or creating geekmarks token: "Created for Google user \"123456789123456789\" (email: \"xxxxxxxxxxxx@gmail.com\")"
I0218 15:51:07.612623       1 logger.go:94] 18.02.2017 | 200 |  1.336377165s | 172.18.0.1:55908 |   POST    /api/auth/google/authenticate?code=4%2FY0ar8xzU9S_Pd5EF797V5otsfVVhD8Rzby6mToiJXhI&redirect_uri=https%3A%2F%2Ffblmllolgliioiodenckffkphokpalnd.chromiumapp.org%2F
I0218 15:51:07.629373       1 authn.go:67] Getting token from the query string
subj user: &{4 xxxxxxxxxxxx@gmail.com  xxxxxxxxxxxx@gmail.com}

I'm afraid that your backend logs contain only request to /api/auth/google/client_id, so it's not useful to post..

Weird, but, what version of Chrome do you use? Mine is 56.0.2924.87 (64-bit).

@mariusrugan, ah, I think I got it: obviously you use your own Google OAuth2 credentials, so you need to add a couple of authorized redirect URIs in the settings of your Google oauth client:

• https://fblmllolgliioiodenckffkphokpalnd.chromiumapp.org/ - for the unpacked extension;
• https://nhiodffdihhkdlkfmpmmnanekkbbfkgk.chromiumapp.org/ for the one from Chrome Web Store.

(Probably I'll get rid of the separate ID for the unpacked extension soon, but at the moment it's still there)

Note that the trailing slash is necessary. Also keep in mind that it may take a few minutes for the settings to apply.

Of course I should've mentioned that in the readme, sorry for missing that. Let me know if it helps.

Hi
thanks a lot for spending the time to look into this!
i can confirm it works!

Sorry for not being clear and also because i created "OAuth Client ID" of type "Other" and not "Web app". Maybe you could confirm the following, (also use it in the readme):

I kept debugging the app and led to nowhere :) and was ready to drop the code for launchWebAuthFlow() and replace it with https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/github-auth.

Yeah right, readme was still not clear enough, thanks for pointing that out. So I added details about Web application there, and also added your screenshot, commit: 85f34ec

Thanks again. :) Closing this issue.