Chrome extension login best practices

Question

I\'m creating a Chrome extension popup and need login. For now, I will make my own authentication with a username and password, but what are best practices within an extensi

Answer 1

You should always use OAuth 2.0 for authentication within extensions. Never pass the username/password because an attacker can simply steal such information.

An example from Chromium regarding OAuth in extensions is Tutorial: OAuth.

Additionally, there's an experimental API available for OAuth 2.0, which is supposed to make the whole process a little easier. There's a comprehensive blog post, OAuth 2.0 from Chrome Extensions.