• Skip to main content
  • Select language
  • Skip to search
MDN Web Docs
  • Technologies
    • HTML
    • CSS
    • JavaScript
    • Graphics
    • HTTP
    • APIs / DOM
    • WebExtensions
    • MathML
  • References & Guides
    • Learn web development
    • Tutorials
    • References
    • Developer Guides
    • Accessibility
    • Game development
    • ...more docs
Add-ons
  1. MDN
  2. Mozilla
  3. Add-ons
  4. Browser extensions
  5. JavaScript APIs
  6. identity

identity

In This Article
  1. Setup
    1. Getting the redirect URL
    2. Registering your extension
  2. Functions
  3. Browser compatibility
    1. Chrome incompatibilities
  4. Example extensions

Use the identity API to get an OAuth2 authorization code or access token, which an extension can then use to access user data from a service which supports OAuth2 access (such as a Google or a Facebook account).

Details of how the OAuth2 flow works differ from one service provider to another, so to use this API with a particular service provider, you'll need to consult their documentation. For example:

  • https://developers.google.com/identity/protocols/OAuth2UserAgent
  • https://developer.github.com/v3/oauth/

The identity API provides the identity.launchWebAuthFlow() function. This authenticates the user with the service, if necessary, and asks the user to authorize the extension to access data, if necessary. The function completes with an access token or authorization code, depending on the provider.

The extension then completes the OAuth2 flow to get a validated access token, and can then use this in HTTP requests to access the user's data according to the authorization the user gave.

To use this API, you must have the "identity" API permission.

Setup

There's some setup you must do before publishing your extension.

Getting the redirect URL

The redirect URL represents the end point of identity.launchWebAuthFlow(), in which the access token or authorization code is delivered to the extension.

You can get a redirect URL by calling identity.getRedirectURL(). This function derives a redirect URL from the add-on's ID, so if you want to use it, you should probably set your add-on's ID explicitly using the applications key (otherwise, each time you temporarily install the add-on, you'll get a different redirect URL).

You don't have to use the redirect URL returned by identity.getRedirectURL(): you can supply your own, and it can be anything that the service will redirect to. However, it should use a domain that you control.

You'll use the redirect URL in two places:

  • supply it when registering your extension as an OAuth2 client
  • pass it into identity.launchWebAuthFlow(), as a URL parameter added to that function's url argument.

Registering your extension

Before you can use OAuth2 with a service provider, you must register the extension with the provider as an OAuth2 client.

This will tend to be specific to the service provider, but in general it means creating an entry for your extension on the provider's website. In this process you will supply your redirect URL, and receive a client ID (and sometimes also a secret). You'll need to pass both of these into identity.launchWebAuthFlow().

Functions

identity.getRedirectURL()
Gets the redirect URL.
identity.launchWebAuthFlow()
Launches WAF.

Browser compatibility

ChromeEdgeFirefoxFirefox for AndroidOpera
getRedirectURLYesNo5353No
launchWebAuthFlowYesNo5353Yes

The "Chrome incompatibilities" section is included from https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Chrome_incompatibilities using the WebExtChromeCompat macro.

If you need to update this content, edit https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Chrome_incompatibilities, then shift-refresh this page to see your changes.

Chrome incompatibilities

None.

Example extensions

  • google-userinfo

Acknowledgements

This API is based on Chromium's chrome.identity API.

Microsoft Edge compatibility data is supplied by Microsoft Corporation and is included here under the Creative Commons Attribution 3.0 United States License.

// Copyright 2015 The Chromium Authors. All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
//    * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//    * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
//    * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Document Tags and Contributors

Tags: 
  • Add-ons
  • API
  • Extensions
  • Identity
  • Reference
  • WebExtensions
 Contributors to this page: andrewtruongmoz, wbamberg
 Last updated by: andrewtruongmoz, Jul 7, 2017, 1:50:42 PM
See also
  1. Browser extensions
  2. Getting started
    1. What are extensions?
    2. Your first extension
    3. Your second extension
    4. Anatomy of an extension
    5. Example extensions
  3. How to
    1. Intercept HTTP requests
    2. Modify a web page
    3. Add a button to the toolbar
    4. Implement a settings page
  4. User interface
    1. Introduction
    2. Toolbar button
    3. Address bar button
    4. Sidebar
    5. Context menu items
    6. Options page
    7. Bundled web pages
    8. Notifications
    9. Address bar suggestions
    10. Developer tools panels
  5. Concepts
    1. Using the JavaScript APIs
    2. Content scripts
    3. Match patterns
    4. Internationalization
    5. Content Security Policy
    6. Native messaging
  6. Porting
    1. Porting a Google Chrome extension
    2. Porting a legacy Firefox extension
    3. Embedded WebExtensions
    4. Comparison with the Add-on SDK
    5. Comparison with XUL/XPCOM extensions
    6. Chrome incompatibilities
    7. Differences between desktop and Android
  7. Firefox workflow
    1. Temporary Installation in Firefox
    2. Debugging
    3. Developing for Firefox for Android
    4. Getting started with web-ext
    5. web-ext command reference
    6. Extensions and the Add-on ID
    7. Publishing your extension
  8. JavaScript APIs
    1. Browser support for JavaScript APIs
    2. alarms
    3. bookmarks
    4. browserAction
    5. browsingData
    6. commands
    7. contextMenus
    8. contextualIdentities
    9. cookies
    10. devtools.inspectedWindow
    11. devtools.network
    12. devtools.panels
    13. downloads
    14. events
    15. extension
    16. extensionTypes
    17. history
    18. i18n
    19. identity
      1. Methods
        1. getRedirectURL()
        2. launchWebAuthFlow
    20. idle
    21. management
    22. notifications
    23. omnibox
    24. pageAction
    25. permissions
    26. privacy
    27. proxy
    28. runtime
    29. sessions
    30. sidebarAction
    31. storage
    32. tabs
    33. topSites
    34. types
    35. webNavigation
    36. webRequest
    37. windows
  9. Manifest keys
    1. applications
    2. author
    3. background
    4. browser_action
    5. chrome_settings_overrides
    6. chrome_url_overrides
    7. commands
    8. content_scripts
    9. content_security_policy
    10. default_locale
    11. description
    12. developer
    13. devtools_page
    14. homepage_url
    15. icons
    16. incognito
    17. manifest_version
    18. name
    19. omnibox
    20. optional_permissions
    21. options_ui
    22. page_action
    23. permissions
    24. protocol_handlers
    25. short_name
    26. sidebar_action
    27. version
    28. web_accessible_resources
  10. Themes
  11. Publishing add-ons
  12. Guides
    1. Signing and distribution overview
    2. Submit an add-on
    3. Creating an appealing listing
    4. Review policies
    5. Developer agreement
    6. Featured add-ons
    7. Contact addons.mozilla.org
  13. Community and support
  14. Channels
    1. Add-ons blog
    2. Add-on forums
    3. Stack Overflow
    4. Development newsgroup
    5. IRC Channel
  15. Legacy add-ons
  16. Legacy technologies
    1. Add-on SDK
    2. Legacy Firefox for Android
    3. Bootstrapped extensions
    4. Overlay extensions