Chrome Extension + Devise + Rails App - Making authenticated requests from extension?

问题:

I'm building a chrome extension that facilitates the creation of contacts straight from the browser without needing to go to my devise-powered rails app itself. Contacts#Create requires authentication so I'm wondering how I can do send authenticated requests from the extension.

I've enabled devise TokenAuthenticatable and so my users have an authtoken. I've written a method in my extensions js that posts to my rails app's contacts#create action. For testing, I've simply hard coded my own auth token in, which seems to work. But how can the extension access the auth tokens for users? It doesn't seem right/secure to store this token into a cookie.

I think I'm supposed to use chrome.cookies to access and do something with my app's session info somehow. But I only get a sessionID here.

any help appreciated!

回答1:

Although not from a chrome extension, I was building something similar that would work from terminal. I ended up bypassing devise and creating by own token authentication that would allow users to access just the one controller#action I needed. That way you can minimize the damage if the token gets stolen.

So anyway, I would allow users to generate (and regenerate) tokens within the rails app interface and make it so that the extension asks for the token on the very first launch. I'd store the token itself in localStorage.

回答2:

You can also check authentifiation_tokenstored in your app cookie.

You can achieve this using the chrome.cookies.getAll() method detailed here - https://developer.chrome.com/extensions/cookies#method-getAll

文章来源: Chrome Extension + Devise + Rails App - Making authenticated requests from extension?