We're looking for someone to develop a Google Chrome Extension that leverages the Auth0 SPA SDK to facilitate safe authentication.
The implementation should use the [login to view URL] (if possible) and support PKCE.
The extension should have a popup that checks if there is a current valid token, if it does, it should complete an API call with Auth0 to retrieve metadata about that user record and display it in the popup. It should also, create a call that modifies/creates some metadata (such as a random guid) about the Auth0 user at this point.
If there is no current valid token present (stored in cache or otherwise), the popup should guide the user through the Auth0 universal login page process and then follow the steps above. (Retrieve, Display, Call).
The design should store relevant authentication tokens (Safely) in localstorage to ensure the user remains logged in and refreshes tokens to sustain a valid token. Should the token expire, the extension would enable the process to restart.
The extension should have base level error handling (switches), accounting for timeouts, failed requests and common login problems.
Initially, the expectation is that the Auth0 app would be configured for native login and Google / OAuth2, but will likely introduce other social providers such as Microsoft etc. at a later stage.
The scope is limited to e-mail and profile photo if available in all instances.
We look forward to working with you on this project.