"I'm under attack" mode with chrome extension

I am trying to use hubspot authentication API in the google chrome extension. To achieve that I am using “chrome.identity.launchWebAuthFlow” function to open “https://app.hubspot.com/oauth/authorize” with proper GET parameters to authenticate user. However, when this function is called with that URL, the authentication window opens and instantly closes without any chance to click and even see anything. The window works perfectly fine with any other website, so the problem must be on their side. It seems that browser check performed by “I’m under attack” mode from Cloudflare somehow breaks this special google authentication popup.
If you try to go to that website and you have this browser check, then here is the link to the demo project which can demonstrates the issue: https://jmp.sh/xtoxkhY
It has all necessary instructions to reproduce the issue.
It is also strange that this browser checks relies only on cookies. Because this checks performs only for the first time in the regular window but if you try to open it in incognito window, then this check performed for every new incognito window.

:wave: @gluskin_ea,

Sounds like something to bring up with Hubspot as the configuration/ settings they use with Cloudflare are controlled by them.

-OG

I am not sure about that. I agree that configuration and settings are controlled by Hubspot but for me the issue seems to be related to the way the “I’m under attack” mode itself works because this mode is responsible for how the website behaves during the check

Hello, did you fix this issue? I’m trying to auth in Hubspot from my chrome extension using chrome.identity.launchWenAuthFlow() and have the same issue - opens popup and closes. It would be great if you could help me.

Hi, I found a way to do it without this special popup: from chrome extension you can open this auth url in a regular new tab and set redirect URI as url to your extension. Then in the background script you can listen for requests using WebRequests API https://developer.chrome.com/extensions/webRequest. So, you can listen for requests on url of your extension. Then, you can just detect when request to url of your extension contains “code” parameter in the URI which you can easily extract. That’s it, you can then just close this tab. Let me know if you have any other questions

Thanks for quick reply) I’ll try tomorrow. I also have a nice idea - to open it in another window with custom height and width, located in the screen center, with type “popup” https://developer.chrome.com/extensions/windows#type-CreateType. It would be like a native oAuth flow)

That’s a cool idea, kind of extension of the idea which I have suggested, so instead of opening in the new tab, open it in a new tab of custom window, nice!

Thats good you liked my idea) You can connect me via linkedin https://www.linkedin.com/in/bogdan-novak-90588b101/ - maybe, my experience will be usefull for you, and your’s for me)