'Chrome extension authenticate user via your website

I'm creating a chrome extension and already have a website running. I want to authenticate my extension using my website on which the user is already authenticated.

Now, my understanding is, I can exchange information betwen my website and my extension using window.postMessage and window.addEventListener, but what is unclear to me is the following:

How do I check if the message was infact send from my extension and is not a forged request?

javascriptgoogle-chromeauthenticationgoogle-chrome-extension


Solution 1:[1]

I would invoke the chrome extension to open a unique URL which is generated to authenticate the user.

This is the same concept as the password reset by email with only a link

Also make sure that the URL has an expiry date something like 2 minutes.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Sal7_one

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?