|
| 1 | +--- |
| 2 | +title: Extension Integration |
| 3 | +description: Build Chrome browser extensions with Reclaim Protocol verification capabilities |
| 4 | +--- |
| 5 | + |
| 6 | +## Overview |
| 7 | + |
| 8 | +Build browser extensions with Reclaim verification in popup/sidepanel. The SDK handles Chrome Manifest V3 complexity including service workers, offscreen documents, and content script orchestration. |
| 9 | + |
| 10 | +<Callout type="info"> |
| 11 | +**Primary Integration Path**: This is the main way to use the SDK. Users trigger verification from your extension UI (popup/sidepanel). For triggering verification from a website, see [Web Integration](/browser-extension/web-integration). |
| 12 | +</Callout> |
| 13 | + |
| 14 | +## When to Use Extension Integration |
| 15 | + |
| 16 | +Choose this integration approach if you are: |
| 17 | + |
| 18 | +- 🔧 **Building a browser extension** from scratch or adding to an existing one |
| 19 | +- 🎯 **Controlling the entire user experience** within your extension |
| 20 | +- 🔌 **Creating popup or side panel interfaces** that trigger verification |
| 21 | +- 🛠️ **Developing productivity tools** that need provider data verification |
| 22 | + |
| 23 | +## What You'll Build |
| 24 | + |
| 25 | +By following this guide, you'll create a browser extension that can: |
| 26 | + |
| 27 | +- Trigger Reclaim verification flows from extension popups or side panels |
| 28 | +- Manage provider authentication tabs automatically |
| 29 | +- Generate cryptographic proofs using WebAssembly |
| 30 | +- Handle verification completion events |
| 31 | +- Securely communicate between extension components |
| 32 | + |
| 33 | +## Architecture Overview |
| 34 | + |
| 35 | +Extension integration involves three main components: |
| 36 | + |
| 37 | +```mermaid |
| 38 | +graph TD |
| 39 | + A[Extension Popup/Panel] -->|User Action| B[Background Service Worker] |
| 40 | + B -->|Initialize| C[Content Script Bridge] |
| 41 | + B -->|Create| D[Offscreen Document] |
| 42 | + B -->|Open| E[Provider Tab] |
| 43 | + D -->|Generate| F[Cryptographic Proof] |
| 44 | + E -->|Intercept| G[Network Requests] |
| 45 | + F -->|Complete| A |
| 46 | +``` |
| 47 | + |
| 48 | +### Components Explained |
| 49 | + |
| 50 | +**Extension Popup/Panel** |
| 51 | +- Your extension's user interface (HTML/CSS/JS) |
| 52 | +- Initiates verification requests |
| 53 | +- Displays results and handles user interactions |
| 54 | + |
| 55 | +**Background Service Worker** |
| 56 | +- Chrome Manifest V3 background script |
| 57 | +- Coordinates between all components |
| 58 | +- Manages extension lifecycle and permissions |
| 59 | + |
| 60 | +**Content Script Bridge** |
| 61 | +- Injected into web pages |
| 62 | +- Enables communication with provider pages |
| 63 | +- Handles message routing |
| 64 | + |
| 65 | +**Offscreen Document** |
| 66 | +- Hidden document for WebAssembly execution |
| 67 | +- Generates cryptographic proofs |
| 68 | +- Required for Manifest V3 architecture |
| 69 | + |
| 70 | +**Provider Tab** |
| 71 | +- Automatically opened during verification |
| 72 | +- Hosts the provider authentication flow |
| 73 | +- Monitored by network interceptor |
| 74 | + |
| 75 | +## Integration Steps |
| 76 | + |
| 77 | +The integration process consists of four main steps: |
| 78 | + |
| 79 | +### 1. Manifest Configuration |
| 80 | + |
| 81 | +Configure your Chrome extension's `manifest.json` with required permissions, content security policies, and web-accessible resources. |
| 82 | + |
| 83 | +[Configure Manifest →](/browser-extension/extension-integration/manifest-configuration) |
| 84 | + |
| 85 | +### 2. Background Initialization |
| 86 | + |
| 87 | +Initialize the SDK in your background service worker to enable offscreen document management and message handling. |
| 88 | + |
| 89 | +[Set Up Background →](/browser-extension/extension-integration/setup#background-initialization) |
| 90 | + |
| 91 | +### 3. Content Script Loading |
| 92 | + |
| 93 | +Load the SDK's content script bridge to enable communication between your extension and web pages. |
| 94 | + |
| 95 | +[Load Content Script →](/browser-extension/extension-integration/setup#content-script-loading) |
| 96 | + |
| 97 | +### 4. Implement Verification Flow |
| 98 | + |
| 99 | +Use the SDK's API in your popup or panel to trigger verification and handle results. |
| 100 | + |
| 101 | +[Implement Usage →](/browser-extension/extension-integration/usage) |
| 102 | + |
| 103 | +## Prerequisites |
| 104 | + |
| 105 | +Before starting, ensure you have: |
| 106 | + |
| 107 | +- ✅ Completed the [Installation guide](/browser-extension/installation) |
| 108 | +- ✅ Obtained API credentials from the [API Key guide](/api-key) |
| 109 | +- ✅ Basic understanding of Chrome extension development |
| 110 | +- ✅ Familiarity with JavaScript Promises and async/await |
| 111 | +- ✅ A Chrome extension project with Manifest V3 |
| 112 | + |
| 113 | +## Security Considerations |
| 114 | + |
| 115 | +### Content Security Policy |
| 116 | + |
| 117 | +The SDK requires specific CSP settings for WebAssembly execution: |
| 118 | + |
| 119 | +```json |
| 120 | +"content_security_policy": { |
| 121 | + "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';" |
| 122 | +} |
| 123 | +``` |
| 124 | + |
| 125 | +<Callout type="warning"> |
| 126 | +**Why `wasm-unsafe-eval`?** This directive is required for WebAssembly instantiation in Manifest V3. While the name includes "unsafe," it's the only way to run WebAssembly in Chrome extensions and is considered acceptable for this specific use case. |
| 127 | +</Callout> |
| 128 | + |
| 129 | +### Permissions |
| 130 | + |
| 131 | +The SDK needs specific permissions: |
| 132 | + |
| 133 | +- **`offscreen`**: Create offscreen documents for proof generation |
| 134 | +- **`cookies`**: Access provider cookies during verification |
| 135 | +- **`<all_urls>`**: Inject content scripts and intercept network requests |
| 136 | + |
| 137 | +### Best Practices |
| 138 | + |
| 139 | +1. **Never expose credentials in client code**: Use environment variables or secure configuration |
| 140 | +2. **Validate all user inputs**: Before passing to verification flows |
| 141 | +3. **Handle errors gracefully**: Implement proper error boundaries |
| 142 | +4. **Clear sensitive data**: After verification completes |
| 143 | +5. **Use server-side validation**: For production deployments |
| 144 | + |
| 145 | +<Callout type="info"> |
| 146 | +For production applications, generate verification requests server-side and only pass the configuration to the client. This prevents exposure of your application secret. Learn more about [server-side configuration](#) (coming soon). |
| 147 | +</Callout> |
| 148 | + |
| 149 | +## Browser Compatibility |
| 150 | + |
| 151 | +This integration works with Chromium-based browsers supporting Manifest V3: |
| 152 | + |
| 153 | +| Browser | Minimum Version | Status | |
| 154 | +|---------|----------------|---------| |
| 155 | +| Chrome | 93+ | ✅ Fully Supported | |
| 156 | +| Edge | 93+ | ✅ Fully Supported | |
| 157 | +| Brave | Latest | ✅ Fully Supported | |
| 158 | +| Opera | Latest (Chromium) | ✅ Fully Supported | |
| 159 | +| Firefox | - | ⏳ Coming Soon | |
| 160 | +| Safari | - | ⏳ Coming Soon | |
| 161 | + |
| 162 | +## Example Extension |
| 163 | + |
| 164 | +For a complete working example, check out our [sample extension](https://github.com/reclaimprotocol/reclaim-browser-extension-sdk) (link to be added). |
| 165 | + |
| 166 | +## Next Steps |
| 167 | + |
| 168 | +Start with manifest configuration: |
| 169 | + |
| 170 | +**[Configure Your Manifest →](/browser-extension/extension-integration/manifest-configuration)** |
0 commit comments