Trying to authenticate a chrome extension user
Is there any existing functionality that would allow for this with relative ease? I want the user to open the chrome extension, click log in, and it will open my site in a new tab and either ask them to log in or if they're logged in, authenticate them as being logged in to at least validate that they have access to an account.
but then I want to check their subscription status via API, which I found an endpoint for in an old post, but the problem is getting their user id in the first place. Do you have a suggestion for this? At the end of the day I just need to validate the fact that they've logged into my website, and then check their subscription status. Right now I'm literally just reading the html from an http request, but obviously this is not a good solution, so if anyone has any ideas I would appreciate it.
thanks
edit: I found a post about paddle webhooks which seems like an okay way to check their status without needing their userid, but if anyone has any suggestions on how to get the necessary information to use the webhook for a user, in the process of authenticating their log in to my website, I would appreciate any tips. thank you.
Depends on what your extension is built with I guess. 🤷♂️ HTML and JavaScript? Or are you using some framework like React? Either way Wave does provide an API that supports authentication, I personally have never used it so cannot say much about the implementation details. From there you can add an API endpoint that accepts the bearer token and returns the information you need.
If you really want to dig into it you could see how Laravel itself handles authentication via an API. Laravel Breeze has an API option, and you can source dive those stubs and see how they do it if using a bearer token isn't what you want.
The difference between the two is Wave uses JWTs and is stateless, Breeze isn't and does store state like a regular session-based authentication system, so the auth middleware and such works with Breeze's example. And Breeze does provide several implementation examples, like this NextJS one.
In the end, if you think that the state one is a better option for you, then you'll have to modify Wave yourself to support it.
But I hope this will give you some insight and that it helps you out. 🙂
2
That is very helpful, thank you so much. It's built with HTML and vanilla JS, yeah.
I'm not a developer really, I'm just learning how to do things as I encounter problems, and so if it's not something I've ever had a problem with before then I likely don't know how do do it. That's just to explain why I might not know the answer to some questions that it seems like I should, lmao.
From there you can add an API endpoint that accepts the bearer token and returns the information you need.
Are you saying that the bearer token could be captured somehow without user intervention? I just want to make sure I know what you mean so I can know what I'm getting into before I spend hours trying to do the wrong thing.
The difference between the two is Wave uses JWTs and is stateless, Breeze isn't and does store state like a regular session-based authentication system, so the auth middleware and such works with Breeze's example. And Breeze does provide several implementation examples, like this NextJS one.
I am still so new that I have absolutely no clue which of these would be better. It's a pretty basic chrome extension and obviously my site is built with Wave, so knowing that, if you have a recommendation for which of those would be better for any reason (easier to implement, more secure, does not require user intervention, etc) I would love to get your input.
Thank you very much for the help.