1. 技术文章
  2. Removing permissions of the extensions

Removing permissions of the extensions

空扰寡人 提交于 2019-12-23 10:26:05

问题


I have an extension that first asks for permissions to access Google Drive files. The extension is almost empty except in the popup I load this js: 

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
  // Use the token.
  console.log('Request Token')
  console.log(token)
  chrome.identity.removeCachedAuthToken(
              { 'token': token }, function () {})
  console.log('Removed token')
});

In my manifest I have valid key, oauth2 client id, and "scopes":["https://www.googleapis.com/auth/drive"] besides other standard keys for chrome extension.

It works properly that is it asked for permission at first and then logged my access token. However, when I reinstalled extension (deleted/modified/added) it didn't ask me for permission and just wrote the same access token. And I want to ask the permission again. How can I do this?


回答1:


In order to remove permissions I have to add another GET request to revoke permission: 

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
  // Use the token.
  if (token) {
        // Make a request to revoke token
        var xhr = new XMLHttpRequest();
        xhr.open('GET', 'https://accounts.google.com/o/oauth2/revoke?token=' +
             token);
        xhr.send();
   }
  chrome.identity.removeCachedAuthToken(
              { 'token': token }, function () {})
});

That does the trick and now every time I open popup I have a prompt for permission.

There is another problem though: when I grant permission I get 

XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/revoke?token=... 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'chrome-extension://acfnd...' is therefore not allowed access.

which I'm not sure what means.




回答2:


During development you can go to chrome://identity-internals to revoke specific tokens. The next time you authorize that user the permissions dialog will be displayed again. Documented on User Authentication: Caching.




回答3:


Once you've granted permission, of course you won't be prompted again. You'll need to go into your Google Account page and revoke the permission.



来源:https://stackoverflow.com/questions/30491789/removing-permissions-of-the-extensions

标签
javascript
google-chrome-extension
google-drive-api
access-token
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!