I’m working on a Chrome extension that needs to integrate with Google Drive API. I’m confused about which authentication method to use since different documentation suggests different approaches.
The Chrome extension docs say to use OpenID for user authentication. But when I look at Google Drive API documentation, it tells me to use OAuth2 instead.
I’m not sure if I should implement both authentication methods or just pick one. If I go with both, how can I make sure that when someone logs in with OpenID and then accesses a Google Drive file, the system knows these are the same user account?
What’s the best practice here? Should I stick with just OAuth2 since it works with Google Drive, or is there a benefit to supporting both authentication types?
oauth2 is the way to go! openid is kinda like an add-on to oauth2, so just keep it simple. google’s docs can be tricky, but for drive api, really you need oauth2 with the right scopes. trust me, mixing methods is a pain. stick with chrome.identity and oauth2 flows.
I’ve been through this exact mess before. Google’s docs are confusing because their auth standards keep changing, but here’s the deal: OAuth2 is what you want for your Chrome extension. OpenID Connect sits on top of OAuth2 - it’s for verifying who someone is, while OAuth2 handles permission to access stuff like Drive files. But here’s the thing: when you use OAuth2 for Google Drive API through chrome.identity, you automatically get OpenID Connect too. Just set up the right scopes in your manifest and use chrome.identity.getAuthToken() with Google Drive scopes. Done. You’ll get both user ID and Drive access with one setup. Don’t try to run separate auth flows - I’ve seen people do this and it’s a nightmare. You end up juggling tokens and creating security holes. Stick with OAuth2 and proper scopes. That’s all you need.
You’re overcomplicating this. Just use OAuth2 for Chrome extensions hitting Google APIs. The confusion comes from mixing up use cases - OpenID Connect sits on top of OAuth2 and handles authentication (who the user is), while OAuth2 handles authorization (what they can access). For Google Drive API, OAuth2 gives you everything. You authenticate the user AND get permissions for their Drive files in one shot. I’ve built several extensions this way and it works perfectly. Use chrome.identity API with OAuth2 scopes for Google Drive. User logs in once, grants permissions, and you get an access token for all Google services you need. No point in implementing multiple auth methods - you’re just adding complexity and security holes. Stick with OAuth2 and skip the headache.