I’m working on a Chrome extension that needs to authenticate users through Twitch. My main website already handles Twitch login perfectly. Users sign in with their Twitch credentials, and if it’s their first time, the system creates an account for them. Returning users just get logged in automatically. The website uses PHP sessions to track authentication status across different pages.
Now I want to build a Chrome extension that can access the authenticated user’s data and show it in a popup window. The problem I’m running into is that Twitch’s OAuth flow requires a redirect URL, but Chrome extensions don’t work the same way as regular websites. I’ve tried using webviews and embedding iframes but nothing seems to work properly.
Is there a way to handle Twitch authentication in a Chrome extension? Maybe I can somehow connect it to my existing website authentication or use a different approach altogether?
Chrome extensions and OAuth are a total nightmare to sync up. I’ve built dozens of these and wasted countless hours on session mismatches and broken auth tokens.
Cookies work but break when users clear data or go incognito. The identity API is cleaner but you’re still writing mountains of boilerplate for token refresh and error handling.
Now I just automate the whole auth pipeline instead. Set up workflows that handle Twitch OAuth, manage sessions, and give your extension clean endpoints to call. No more fighting with redirect URIs or wondering why cookies won’t sync.
Automation covers all the edge cases - expired tokens, failed refreshes, cross-origin headaches. Your extension makes simple HTTP calls and gets clean user data back. Takes 15 minutes vs weeks of debugging.
I use Latenode since it handles OAuth providers natively and actually works. Beats maintaining custom auth code that breaks every time Twitch updates something.
You could try message passing between your extension and website. I hit the same issues building my stream management extension. Here’s what worked for me: create a content script that injects into your site when users visit. After they authenticate through the normal Twitch flow, the content script grabs the auth state and sends it to your extension with chrome.runtime.sendMessage. Your extension stores this locally with chrome.storage and uses it for API calls. When sessions expire, the extension catches failed API responses and tells users to refresh auth by visiting your site again. This keeps your existing PHP session logic untouched while giving your extension access to authenticated user data. Downside is users have to visit your website first to authenticate, but that’s actually good since it drives traffic to your main platform. Just make sure your content script only runs on your domain and handles cases where users clear browser data.
Had this exact problem last year building my analytics extension. Easiest fix? Use chrome.cookies API to tap into your website’s existing session. Since your site already handles Twitch auth, just have the extension check for your PHP session cookies. When someone opens the popup, it reads the session cookie from your domain and validates through an API endpoint on your site. No valid session? Redirect to your website’s login in a new tab. After they authenticate, the extension picks up the new session cookie and you’re good to go. This way you’re reusing your auth setup instead of building duplicate OAuth flows. Just make sure you’ve got proper CORS headers on your validation endpoint and the extension can access your session cookies. Works great once you get it configured - keeps everything in sync between your site and extension.
Been dealing with this for years. Chrome extensions and OAuth flows are a pain, especially the redirect URL mess.
What works: build a bridge endpoint on your site to handle Twitch OAuth, then have your extension talk to that endpoint. Extension opens a new tab to your auth flow, waits for completion, grabs the session data.
But managing this manually sucks. You’re stuck handling popup blockers, session sync, errors, token refreshes, and cross-origin messaging between extension and website.
I just automated the whole thing with Latenode. It runs the OAuth flow, manages sessions, and gives you clean API endpoints your extension can hit directly. No more redirect URL headaches or custom bridge coding.
The automation handles Twitch auth, stores session data, exposes it through simple HTTP calls that work great with Chrome extensions. Takes 10 minutes vs days of custom work.
There’s actually a simpler approach - use Chrome’s identity API with launchWebAuthFlow. It automatically handles OAuth redirects without needing external endpoints. Just register your extension ID as the redirect URI in Twitch’s dev console (format: https://extensionid.chromiumapp.org/). Works great once you set it up properly, and you don’t need any extra servers.