How to pass pass user credentials to chrome via Native Messaging API

Question

This is a pretty specific problem to have ... but if you're using Selenium, etc, from a machine which is not part of an Active Directory and you're being foiled by browser popups, I have a solution for you.

I will explain the problem and link to some resources (and my other questions, with even more links in them) which informed the solution then I'll post the change I made to the example for the extension I "wrote."

---

Problem:

You're automating or testing via selenium or something similar ... and an auth popup comes out of the blue! But this popup isn't JavaScript and you're required not to save any credentials on the machine you're testing from.

How do you pass through the authentication credentials to the browser and prevent that popup from occurring ... but without using keystores, browser storage or, ghasp, a file?

Once you know how to pass that data in, how do you then get the values into the browser in such a way as to allow hands-free authentication?

Answer 1

Solution:

You're going to need to use a browser extension. My solution has been built for chromium but it should port almost-unchanged for Firefox and maybe edge.

First up, you need 2 APIs to be available for your browser:

• webRequest.onAuthRequired - Chrome & Firefox
• runtime.nativeMessaging - Chrome & Firefox

While both browser APIs are very similar, they do have some significant differences - such as Chrome's implementation lacking Promises.

If you setup your Native Messaging Host to send a properly-formed JSON string, you need only poll it once. This means you can use a single call to runtime.sendNativeMessage() and be assured that your credentials are paresable. Pun intended.

Next, we need to look at how we're supposed to handle the webRequest.onAuthRequired event.

Since I'm working in Chromium, I need to use the promise-less Chrome API.

chrome.webRequest.onAuthRequired.addListener(
  callbackFunctionHere,
  {urls:[targetUrls]},
  ['asyncBlocking'] // --> this line is important, too. Very.

The Change:

I'll be calling my function provideCredentials because I'm a big stealy-stealer and used an example from this source. Look for the asynchronous version.

The example code fetches the credentials from storage.local ...

chrome.storage.local.get(null, gotCredentials);

We don't want that. Nope.

We want to get the credentials from a single call to sendNativeMessage so we'll change that one line.

chrome.runtime.sendNativeMessage(hostName, { text: "Ready" }, gotCredentials);

That's all it takes. Seriously. As long as your Host plays nice, this is the big secret. I won't even tell you how long it took me to find it!

Links:

My questions with helpful links:

• Here - Workaround for Authenticating against Active Directory
• Here - Also has some working code for a functional NM Host
• Here - Some enlightening material on promises