api returns the token back to firefox addon 🚀

Author: namila007

background/all.js

@@ -0,0 +1,78 @@
+/* exported getAccessToken */
+
+const REDIRECT_URL = browser.identity.getRedirectURL();
+const CLIENT_ID = "12428";
+const KEY = "f26RUH3uoCiokrEYNeDf9Q(("
+const SCOPES = ["read_inbox", "noexpire"];
+const AUTH_URL =
+`https://stackoverflow.com/oauth/dialog?
+client_id=${CLIENT_ID}&key=${KEY}&redirect_uri=${encodeURIComponent(REDIRECT_URL)}
+&scope=${encodeURIComponent(SCOPES.join(' '))}`;
+
+const VALIDATION_BASE_URL="https://api.stackexchange.com/2.2/";
+
+function extractAccessToken(redirectUri) {
+  let m = redirectUri.match(/[#?](.*)/);
+  if (!m || m.length < 1)
+    return null;
+  let params = new URLSearchParams(m[1].split("#")[0]);
+  return params.get("access_token");
+}
+
+/**
+Validate the token contained in redirectURL.
+This follows essentially the process here:
+https://developers.google.com/identity/protocols/OAuth2UserAgent#tokeninfo-validation
+- make a GET request to the validation URL, including the access token
+- if the response is 200, and contains an "aud" property, and that property
+matches the clientID, then the response is valid
+- otherwise it is not valid
+
+Note that the Google page talks about an "audience" property, but in fact
+it seems to be "aud".
+*/
+function validate(redirectURL) {
+  const accessToken = extractAccessToken(redirectURL);
+  console.log(accessToken+ "access")
+  if (!accessToken) {
+    throw "Authorization failure";
+  }
+  const validationURL = `${VALIDATION_BASE_URL}access_tokens/${accessToken}`;
+  const validationRequest = new Request(validationURL, {
+    method: "GET"
+  });
+
+  function checkResponse(response) {
+    return new Promise((resolve, reject) => {
+      if (response.status != 200) {
+        reject("Token validation error");
+      }
+      response.json().then((json) => {
+        if (json.items) {
+          resolve(accessToken);
+        } else {
+          reject("Token validation error");
+        }
+      });
+    });
+  }
+
+  return fetch(validationRequest).then(checkResponse);
+}
+
+/**
+Authenticate and authorize using browser.identity.launchWebAuthFlow().
+If successful, this resolves with a redirectURL string that contains
+an access token.
+*/
+function authorize() {
+  console.log(AUTH_URL)
+  return browser.identity.launchWebAuthFlow({
+    interactive: true,
+    url: AUTH_URL
+  });
+}
+
+function getAccessToken() {
+  return authorize()
+}

background/authorize.js

@@ -0,0 +1,26 @@
+/*global getAccessToken*/
+
+// function notifyUser(user) {
+//   browser.notifications.create({
+//     "type": "basic",
+//     "title": "Google info",
+//     "message": `Hi ${user.name}`
+//   });}
+
+function logError(error) {
+  console.error(`Error: ${error}`);
+}
+
+/**
+When the button's clicked:
+- get an access token using the identity API
+- use it to get the user's info
+- show a notification containing some of it
+*/
+// browser.browser.addListener(function() {
+//     console.log("clicked")
+//   getAccessToken()
+//     // .then(getUserInfo)
+//     // .then(notifyUser)
+//     .catch(logError);
+// });

background/main.js

@@ -0,0 +1,2 @@
+console.log('test '+browser.identity.getRedirectURL())
+ 

background/stackinit.js

@@ -0,0 +1,25 @@
+// /**
+// Fetch the user's info, passing in the access token in the Authorization
+// HTTP request header.
+// */
+
+// /* exported getUserInfo */
+
+// function getUserInfo(accessToken) {
+//   const requestURL = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json";
+//   const requestHeaders = new Headers();
+//   requestHeaders.append('Authorization', 'Bearer ' + accessToken);
+//   const driveRequest = new Request(requestURL, {
+//     method: "GET",
+//     headers: requestHeaders
+//   });
+
+//   return fetch(driveRequest).then((response) => {
+//     if (response.status === 200) {
+//       return response.json();
+//     } else {
+//       throw response.status;
+//     }
+//   });
+
+// }

background/userinfo.js

@@ -0,0 +1,12 @@
+(function() {
+    /**
+     * Check and set a global guard variable.
+     * If this content script is injected into the same page again,
+     * it will do nothing next time.
+     */
+    if (window.hasRun) {
+      return;
+    }
+    window.hasRun = true;
+
+})

content_script/stackzilla.js

@@ -1,27 +1,47 @@
 {
-
     "description": "Eazy access for your StackOverflow account",
     "manifest_version": 2,
     "name": "StackZilla",
     "version": "1.0",
     "homepage_url": "https://github.com/namila007/StackZilla",
     "icons": {
-        "64": "icons/addon.png"
+        "64": "icons/addon.png",
+        "32": "icons/toolbar.png"
       },
-    "permissions": [
-    "activeTab"
-    ],
-    "browser_action": {
-        "default_icon": "icons/toolbar.png",
-        "default_title": "StackZilla",
-        "default_popup": "popup/index.html"
+      "permissions": [
+        "notifications",
+        "identity",
+        "*://api.stackexchange.com/*",
+        "*://*.stackoverflow.com/*"
+      ],
+      "applications": {
+        "gecko": {
+          "id": "stackzilla1@mozilla.org"
+        }
       },
-
-    "content_scripts": [
-      {
-        "matches": ["<all_urls>"],
-        "js": ["stackzilla.js"]
-      }
-    ]
+      "browser_action": {
+          "default_icon": "icons/toolbar.png",
+          "default_title": "StackZilla",
+          "default_popup": "popup/index.html"
+        },
 
+      "content_scripts": [
+        {
+          "matches": ["<all_urls>"],
+          "js": ["stackzilla.js"]
+        }
+      ],
+      "background": {
+        "scripts": [
+          "background/authorize.js",
+          "background/main.js",
+          "background/stackinit.js"
+        ]
+      },
+      "options_ui": {
+        "page": "options/options.html"
+      },
+      "author": "Namila Bandara"
+    
+    
   }

manifest.json

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<html>
+  <head>
+    <meta charset="utf-8">
+  </head>
+
+  <body>
+
+    <div>Redirect URL: <span id="redirect-url"></span></div>
+
+    <script src="options.js"></script>
+
+  </body>
+
+</html>

options/options.html

@@ -0,0 +1,4 @@
+/**
+Display the redirect URL.
+*/
+document.querySelector("#redirect-url").textContent = browser.identity.getRedirectURL()