What it does
- Allows an extension to get an OAuth2 access token for the signed-in Google user.
- This token can then be used to make authenticated API calls to Google APIs (like Google Drive, Calendar, etc.) on behalf of the user.
- Provides methods to launch a web-based auth flow for other identity providers (e.g., Facebook, GitHub).
- Can also be used to retrieve the user's email address and a unique user ID.
When to use it
Use this permission when your extension needs to integrate with a service that uses OAuth2, especially Google services.
Examples:
- An extension that saves files to the user's Google Drive.
- A "to-do list" extension that syncs with the user's Google Tasks.
- An extension that displays events from a user's Google Calendar.
Manifest Declaration
{
"name": "My Google Drive Saver",
"version": "1.0",
"manifest_version": 3,
"permissions": [
"identity"
],
"oauth2": {
"client_id": "YOUR_CLIENT_ID.apps.googleusercontent.com",
"scopes": [
"https://www.googleapis.com/auth/drive.file"
]
}
}Security & Privacy
Why is it risky?
This permission allows an extension to act on your behalf on other websites and services, such as your Google account. When you grant it, you'll see a popup from Google (or another service like Facebook) asking you to approve the extension's access.
This popup will list exactly what the extension wants to do (e.g., "Read and change your Google Calendar events"). If you approve, the extension gets a special key that lets it perform those actions. A malicious extension could use this to:
- Read your private emails or documents.
- Delete your files or calendar events.
- Post on your social media accounts.
Always read the consent popup carefully to see what you are agreeing to. Only grant this permission to extensions from developers you trust.
API Usage Example
This example retrieves an OAuth2 token for the Google Drive API.
// background.js
chrome.action.onClicked.addListener(() => {
chrome.identity.getAuthToken({ interactive: true }, (token) => {
if (chrome.runtime.lastError) {
console.error(chrome.runtime.lastError.message);
return;
}
if (token) {
console.log('Successfully retrieved auth token:', token);
// You can now use this token to make API requests to Google Drive.
}
});
});For non-Google OAuth providers (GitHub, Microsoft, Facebook, custom IdPs), use launchWebAuthFlow instead. It opens the provider's authorization URL in a controlled window and resolves with the redirect URL once the user finishes signing in.
// background.js — generic OAuth provider
const redirectUri = chrome.identity.getRedirectURL();
const authUrl = new URL('https://github.com/login/oauth/authorize');
authUrl.searchParams.set('client_id', 'YOUR_GITHUB_CLIENT_ID');
authUrl.searchParams.set('redirect_uri', redirectUri);
authUrl.searchParams.set('scope', 'read:user');
chrome.identity.launchWebAuthFlow(
{ url: authUrl.toString(), interactive: true },
(responseUrl) => {
if (chrome.runtime.lastError || !responseUrl) {
console.error(chrome.runtime.lastError?.message ?? 'No redirect.');
return;
}
const code = new URL(responseUrl).searchParams.get('code');
console.log('Got authorization code:', code);
// Exchange `code` for an access token via your backend.
}
);Extensions with the identity permission
Here are some popular browser extensions that use the "identity" permission. To explore more, try our Advanced search.
Chrome extensions with "identity" permission
37M 4.50 
(43,094)
12M 2.67 (5,885)
11M 3.86 (1,497)
9M 2.65 (1,189)
8M 3.72 (2,437)
8M 3.44 (1,603)
8M 3.31 (78)
7M 3.96 (26)
6M 4.00 (7,979)
6M 1.35 (31)
Edge add-ons with "identity" permission
14M 4.00 (12)
12M 3.90 (1,161)
9M 3.00 (2)
3M 3.80 (99)
3M 3.50 (144)
3M 3.50 (269)
2M 4.40 (718)
2M 0.00 (0)
800K 4.70 (23)
530K 4.30 (122)
Firefox add-ons with "identity" permission
538K 4.09 (3,207)
321K 4.20 (4,319)
298K 4.75 (615)
212K 3.81 (1,264)
175K 4.18 (1,019)
155K 4.23 (394)
155K 4.16 (1,222)
95K 3.06 (500)
89K 4.04 (580)
85K 4.76 (1,024)References
Related Permissions
- This is a standalone permission with no direct relatives.