diff --git a/docs/references/chrome-extension/overview.mdx b/docs/references/chrome-extension/overview.mdx index 2f2ba6ffd8..992d897d24 100644 --- a/docs/references/chrome-extension/overview.mdx +++ b/docs/references/chrome-extension/overview.mdx @@ -52,3 +52,19 @@ See [the Chrome Extension deployment guide](/docs/deployments/deploy-chrome-exte ## Configure a consistent CRX ID A Chrome Extension can be identified by its unique CRX ID, similar to how a website can be identified by its domain. The CRX ID rotates by default, which can cause errors with the Clerk integration. [Learn how to configure a consistent CRX ID](/docs/references/chrome-extension/configure-consistent-crx-id) so that your extension will have a stable, unchanging key. + +## Frequently asked questions (FAQ) + +### Can I use Clerk in a content script? + +Unfortunately, no. Clerk has strict security restrictions on the allowed origins for requests from the application or extension to Clerk's API. Since a content script could run on any domain, there is no way to enforce origin restrictions. + +### Why can't I use OAuth, SAML, or Email Links with the extension popup or side panel? + +OAuth and SAML require a redirect back from the Identity Provider (IdP), which is not currently supported in popups or side panels. + +Email Links require the popup to remain open while the user checks their email, copies the link, and returns to paste it. Since popups close as soon as a user clicks outside of them, this flow is not possible. The sign-in status resets when the popup closes. + +### Why aren't options like Google One Tap or Web3 available in a popup or side panel? + +Chrome Extensions can't load code from remote sources. Features like Google One Tap, Web3, and some other authentication options require loading remote code to function. This functionality is removed from the Chrome Extension SDK to ensure extensions using Clerk are not rejected by the Chrome Web Store.