I have a Chrome extension built with MV3. It is a companion product to a mobile app that allows users to sign up / sign in with email, Google, and Apple. I have used the Firebase Authentication service to set up email sign up and Chrome Identity API to set up Google Sign in (solutions offered e.g. here & here). However, Apple Sign in (or any other 3rd party auth) seems to be completely broken in MV3 because popup/redirect OAuth operations are not yet supported in MV3. Seems like such a big miss by the Chrome Extension team!
My question
Is there a workaround solution to implement Apple Sign in for Chrome extensions using MV3?
Solutions I've tried thus far
I've spent a week now testing/trying different ideas and this is the closest I've gotten. Quick summary of solutions tested (in case it can help others save time):
- Firebase Authentication service for Apple Sign in. It offers two methods that can be used,
signInWithPopupandsignInWithRedirect. As noted above though, popup/redirect operations aren't supported in MV3, so neither of these worked. I also tried this approach (also seen here) of storing the Firebase Auth files locally in case fetching remote scripts was the main culprit. That however didn't work either because the files still have some dynamic (remote) script imports that are called at compile time (I think) which again is prevented in MV3. - FirebaseUI library. In short, this library depends on the main Firebase library and therefore you get the same issues as the above.
- Sign in with Apple JS. This implementation makes a call to fetch the Apple JS script. Again, MV3 doesn't allow for remote scripts, so it fails. As a workaround, same as with the first option above, I copied the Apple JS script and stored it locally in the extension. But it doesn't work in this case either. (I don't recall the exact reason, but the Apple auth object in the file wasn't instantiating or something).
- Sign in to Apple manually. The most promising result thus far but I am stuck at how to read/extract the authorization response from Apple. I've outlined that issue here.
The only remaining workaround that I can think of is that I set up an externally hosted site using Sign in with Apple JS (option 3 above). Then when the user clicks the Apple Sign in button in my Chrome extension, I redirect them to that site, they conduct the Apple Sign in, and the auth details are then sent back to the Chrome extension. That however is both a very poor user experience and presumably has many security flaws.
Has anyone successfully implemented Apple Sign in with Chrome extension MV3 or can offer some workable solutions?? Thanks in advance.
