Simplify your customer’s entry point.

This tutorial uses a boiler-plate Google Chrome Extension setup.

If you want to know how to get that setup,
Check out my write-up here:

Or the video tutorial here:

This tutorial also uses a ‘Passwordless Authentication Server’ built with NodeJS and Express.
Check out my write-up here:

Or the video tutorial here:

Image for post
Image for post

Let’s Begin.

We’ll start with creating a page that allows the user to ‘sign in’ with their email address.

Note:
We’ve attached a script that we’ll get to later.

We’ll also have a ‘sign out’ page.

Note:
We’ve attached a script that simply messages our ‘background.js’ script and signs the user out.

Let’s write our ‘manifest.json’.


Allow your users to use their Spotify credentials to login to your Chrome Extension

This tutorial uses a boiler-plate Google Chrome Extension setup.

If you want to know how to get that setup,
Check out my write-up here:

Or the video tutorial here:

Image for post
Image for post

Let’s Begin.

Before we even touch a line of code, we need to setup our development workspace so that we have the ability to use Spotify’s OAuth2 endpoint.

Navigate to ‘https://developer.spotify.com/dashboard/' and login.

Click ‘Create an App’.
Fill out the ‘Name’ and ‘Description’, agree to the terms, and click ‘Create’. …


This is a response to a concern raised regarding access tokens while engaging with Spotify’s Oauth2 endpoint.

See that video here:

Yes, anyone who downloads your Chrome Extension can see ALL of the code you’ve written.

This brings us to the main concern which is,

Image for post
Image for post

Can’t people then use the access tokens or even the client id present in your code?

Short answer is “Yes” to both of those.

Let’s tackle the access token.

The access token will not give you or anyone access to truly sensitive information about the user.
No passwords.
No credit card details.

The access token will only give information and allow modification of information you request in the SCOPES parameter of the OAuth2 request.

The access token can be saved in the RAM(as a variable) or in local storage for a more permanent solution. …

About

An Object Is A

Learning to code…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store