Extension is using launchWebAuthFlow which requires reauthentication every 24h
The current implementation is using chrome.identity.launchWebAuthFlow, which means the authorization page dialog is loaded in an extension context, which uses a Guest WebView, which uses an in-memory storage partition (this includes the cookie store) Which means that:
- Cookies are not sharing between chrome.identity.launchWebAuthFlow window and the rest of the browser.
- The in-memory storage is lost when the browser restarts.
So chrome.identity.launchWebAuthFlow may not be the best choice for browser code flow ("PKCE") with a short-lived refresh_token.
Waiting for google to fix this issue seems not to be a good idea, as this is already a known bug since 2018.
Someone commented the following regarding this issue (in 2018):
Because of this bug, our extension is forced to do some hackery for our auth flow - we use browser.windows.create, then add a content script on the redirect_uri to intercept the resulting token and send a message back to the background script. Basically doing what launchWebAuthFlow is supposed to be doing but we get to share the cookie container and show an address bar because we use a normal window.
launchWebAuthFlow is 100% unusable due to this bug.
Comment 17 offers a viable solution but it relies on "blocking" webRequest, which according to @chickahoona will be removed in one of the upcoming releases of Chrome. So it's not clear how long this would last or at least be "clean", but I'm sure someone would come up with an updated polyfill by that time.
Nontheless, I think implementing this would at least be better than the status quo which is for me:
- Clicking on SAML SSO within the psono extension menu
- Typing in my full microsoft mail adress
- Typing in my microsoft password
- Approving the login in my Microsoft Authenticator App on my phone
- Repeat every 24 hours