Create login security for chrome extension

Create login security for chrome extension



I am creating a chrome extension and I want to add some sort of security method for it. Say if it's on the chrome web store and someone downloads it, I want an HTML to popup that asks the user for an email and a token.



I want to be able to generate tokens automatically and email them to a person so if someone wants to use my chrome extension I have to email them a special token. Then they enter the email they registered with and the token I sent.



I would like the token to be custom for every user so it cant be shared with other people as a sort of security system that prevents it from getting distributed.



When the user enters in the email and the token correctly it gets him past the login screen and they can now use the chrome extension freely The email and token can only be used once so the person can't share the email and token with another person.



I want something similar to this.



https://chrome.google.com/webstore/detail/copbot/immelbeiihmmjebckopecegbndefenjf/related



How would I go about building this? Any help is appreciated.





Do you have a requirement to not have a web server as well? Because an auth system on a webserver can be tailored to specific users, and then send the same 'unlock' token for all which activates the extension's full feature set. The extension is built to start in locked down state. There shouldn't be a leak of the token from MITM attacks because of HTTPS, I think. One other option I can think of is to use the same timed secret key sharing tech in Google Auth, where you give time sensitive passwords to users for perma activation. Is this the direction you want to go?
– snugghash
Aug 20 at 2:15





You just can't do it just client-side. What you can do is the popup to your website only... It could contain some sort of a key in the URL, to match it against a sale transaction on Google Play. I don't know what they can provide you about this. Your website will then use it to log a database entry and... And then... I suggest a quick download and install of the "missing part of the script" from your site. --- All that, just to say that you have to look for what Google Play offers. You're certainly not the first to ask for it. -- StakOverflow isn't the place for that kind of solution. ;)
– Louys Patrice Bessette
Aug 20 at 2:21





I want something similar to CopBot on the chrome web store youtu.be/D0M1wid1L3Q?t=353 ---- youtu.be/D0M1wid1L3Q?t=418 - these two videos are pretty much exactly what I want to be able to accomplish @snugghash I have a website aswell if that is what is necessary to accomplish something like this
– developer12
Aug 20 at 2:39






Hm. That video seems to indicate this flow: generate token somewhere (usually some backend, maybe server of the website that gets user registrations/payments), send token via email, get email+token in extension, make request to webserver to verify that they're valid. This seems like a typical auth flow except the password is now the token, which is generated instead of set by the user. In other news, I have more ideas (Extension-side prng with shared seed, can check to see if token is within X generations for eg.), I'll likely post some answers as full solutions if you're interested.
– snugghash
Aug 20 at 4:13





Yes I would really appreciate the help Thank you!! @snugghash
– developer12
Aug 20 at 4:15









By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Help:Category

Image
Help:Category From Wikipedia, the free encyclopedia Jump to navigation Jump to search For guidelines on the use of categories in Wikipedia, see Wikipedia:Categorization. For a basic readers' guide see Help:Categories. For quick answers, see the readers' FAQ or the editors' FAQ on categories. For a list of categories, see Special:Categories. This is an information page. It describes the editing community's established practice on some aspect or aspects of Wikipedia's norms and customs. It is not one of Wikipedia's policies or guidelines, as it has not been thoroughly vetted by the community. Shortcut H:CAT Wikipedia data structure Namespaces Subject namespaces Talk namespaces 0 (Main/Article) Talk 1 2 User User talk 3 4 Wikipedia Wikipedia talk 5 6 File File talk 7 8 MediaWiki MediaWiki talk 9 10 Template Template talk 11 12 Help Help talk 13 14 Category Category talk 15 100 Portal Portal talk 101 108 Book Book tal...
Read more

How can temperature be calculated given relative humidity and dew point?

Image
How can temperature be calculated given relative humidity and dew point? While looking into the better indicator of how miserable it feels outside, either dew point or relative humidity, I came across this statement: The optimum combination for human comfort is a dewpoint of about 60 F and a RH of between 50 and 70% (this would put the temperature at about 75 F). Source: http://www.theweatherprediction.com/habyhints/190/ This led me to this calculator that will calculate the temperature given relative humidity and dew point - for example a dew point of 70 degrees F and a relative humidity of 90% results in a temperature of 73.11 degrees F. The web site for this calculator says the values are based on the August-Roche-Magnus approximation and gives the following equation to calculate temperature: $T =243.04 Large fracfrac17.625 TD243.04+TD-lnleft(fracRH100right)17.625+lnleft(fracRH100right)- frac17.625 TD243.04+TD$ Given the equation I'm still having a hard time figuring out...
Read more

I have a recursive function to validate tree graph and need a return condition

Image
I have a recursive function to validate tree graph and need a return condition I have a tree graph. Each node has attribute 'amount'. The rule governing the attribute value of root is this, The root 'amount' value is the sum of the 'amount' attribute of each of it's children. This continues to the last node with children. In other words this tree's attributes are unlike a sum tree, because the root node is not the sum of each node in the tree. Here is a toy example as graph G: nodedict = 'apples': 'amount': 5.0, 'bananas': 'amount': 10.0, 'tomato': 'amount': 50.0, 'total_fruits': 'amount': 15.0, 'total_vegetables': 'amount': 9.0, 'carrot': 'amount': 3.0, 'squash': 'amount': 6.0, 'total_fruits_and_vegetables': 'amount': 74.0 edgelist = [('total_fruits', 'apples'), ('total_fruits', 'bananas...
Read more