What type of OAuth flow do I need for my webextension?

Hi all,
I’m writing an extension that fetches data from Azure and gives users an overview of their resources. In order to build it I need to invoke this api and other similar ones.

As I understand it there are several types of flows. My web extension is both similar to and different from web apps (service to service), single page apps and desktop apps. A Firefox extension does not perfectly fit in any category.

For start I want to fetch data at install time once. I might want to fetch it more in the future but this is just the start. On install, I want my user to see a popup: “please allow NewExtension to access your data on your azure tenant”. Once that is done, I need a token to call the APIs. This will be done in the background script but it’s fine if we have user interaction in v1. Maybe in future versions I will want non-interactive data fetch.

I need it to act as the user and see their resources. My initial configs only allowed me to see my azure resources from my tenant.

What is the best flow from an OAuth point of view to use? I need to figure out the protocol first and then seek out Azure documentation.
Secondly what is the redirect URL used for? It’s something like https://1234553456374575678sdfgsdfg345.extensions.allizom.org/ but there is no server there. How would my extension get the token?

Thank you!

The redirect URL is primarily useful when used in conjuction with the OAuth popup window. The popup will detect the URL and extract the token (or code, depending on the flow) from the resulting URL and return it to your extension.

1 Like

So what type of flow should I look up in the Azure docs?
Will that URL change from install to install or is it the same for all users?