Metamask-extension: As a 3d party chrome app, I would like to communicate with Metamask

Created on 20 Dec 2016 · 14Comments · Source: MetaMask/metamask-extension

We're a third party chrome app during its pre-development phase. One of our requirements would allow us to integrate the ethereum blockchain in an existing application (the github frontend, for now).

We want to avoid having to replicate the entire behaviour of metamask to perform transactions on the blockchain. Unfortunately, direct communication with Metamask is not possible due to everything we/you inject being sandboxed by the browser making sure no plugins can access other plugin's changes.

We've had a chat in the past:
https://twitter.com/QuintenDes/status/784373435522777088

Would it be possible to discuss this further here? What would the next steps be?

Initial requirements would be:

call the "metamask" to open with prefilled values
get a callback from metamask after such transaction has finished (done, failed, ..)

I'm willing to help with contributions should this story be approved.

L04-backencore P3-soon T01-enhancement T03-discussion

Source

Qkyrie

Most helpful comment

Hey!
@danfinlay How is going with this issue? I've forked this repo and managed to connect with MetaMask's background script from my extension's background script to use that port with MetamaskInpageProvider to send a transaction. You can check it here (it's only 2 lines of code) https://github.com/MetaMask/metamask-extension/compare/master...jakubsta:master

And here you can check example usage

jakubsta on 11 Apr 2018

👍5

All 14 comments

Hey! Sorry for the late reply, we've been real busy leading up to the holidays, but I got reminded about your issue by your tweet.

This compatibility will hinge on our ability to establish a communication channel between the extensions.

There are two strategies I can imagine, without having dug into the available APIs yet:

If you can load after MetaMask, you could use the web3 provider we inject into every web page.
There may be a way to allow a cross-extension communication channel.

I've had really good luck talking on the addons IRC channel of Mozilla, so I might swing this by them.

Anyways, just wrapping some things up for the holidays & new year, so will probably need to get back to this, but we should try to research ASAP how feasible cross-extension communication is.

danfinlay on 23 Dec 2016

Metamascara could also help here, when its ready as apps and extensions can use the metamascara iframe provider to trigger sig signature popups.

kumavis on 23 Dec 2016

Cheers for the answer. I'm afraid the first solutions is probably not going to work, I'll verify this evening, but I have a hunch that we won't be able to use the injected web3 provider as that's part of the sandbox (user - metamask), which is not accessible from another extension. I still have to verify this again though.

I think a cross-extension communication channel is where we should find the solution somehow. I know chrome supports cross-extension messaging, using the message passing technique. I'm not sure how Mozilla can handle this yet. (https://developer.chrome.com/extensions/messaging#external)

Enjoy your holidays everyone!

Qkyrie on 26 Dec 2016

Any news on this? Is there a production ready solution to integrate MetaMask with another chrome extension?

danielfx90 on 28 Oct 2017

I've looked further into this, talking to some browser developers even, and the solution was basically #1 that I described above:

You can use a contentscript to inject a script tag into the page that can detect the MetaMask web3, and communicate with it, forwarding calls through its originating contentscript and optionally on to a global background script.

We have not developed any drop-in SDK for doing this, although many of the libraries used by MetaMask could be useful for creating this series of communication hops, abstracted as a stream.

If you take the time to implement a solution, please do share it so other developers can benefit from it.

danfinlay on 29 Oct 2017

And here you can check example usage

jakubsta on 11 Apr 2018

👍5

@jakubsta That's fantastic, great work, you simplified this way beyond what I thought possible.

One huge security hole, easily fixed:

+  extension.runtime.onConnectExternal.addListener(connectRemote)

If we use our normal connectRemote function to build this connection, an extension could provide a port.name of popup and impersonate the metamask internal UI, allowing it to propose and sign transactions on a user's behalf when unlocked.

This onConnectExternal method would need to exclusively call the portions of the connectRemote function that set up external connections, which only provide the site-style ethereum provider API.

If you do that, I'd accept this PR in a heartbeat.

In fact, now that you've documented it, I'll put it on our roadmap even if you don't :D

danfinlay on 17 Apr 2018

🎉3

@danfinlay thanks for feedback, just submitted PR.

jakubsta on 17 Apr 2018

Ok so I said heartbeat, but actually I meant "after a thorough security review" ;)

Hang in there, it's on our next sprint!

danfinlay on 17 Apr 2018

👍1

Would love to see this functionality!

mschristensen on 22 Apr 2018

Ditto. When is this planned to be accepted and pushed?

june07 on 23 Apr 2018

Would love to see this functionality!

Ditto. When is this planned to be accepted and pushed?

We will review this when we have time to do it properly. We are currently focused on some high-impact project organization and structure issues, and are not focused on merging new features right now.

We should have time to review within a week or two.

danfinlay on 24 Apr 2018

This is merged and live! We just need to publicize how to develop extensions for MetaMask compatibility now!

danfinlay on 14 Jun 2018

some rough first-draft documentation here. we'll repost from MetaMask shortly~