Skip to main content
crxbase handles authentication for your extension users with a passwordless OTP (one-time password) email flow. You don’t need to build any auth system.

How it works

1

User opens the login page

Your extension calls client.openLoginPage(), which opens the crxbase login page in the browser.
2

User enters their email

The user types their email address and clicks Sign in.
3

OTP is sent

A 6-digit code is sent to their email. The code expires after 10 minutes.
4

User enters the code

The user enters the 6-digit code to verify their identity.
5

Session is created

A signed-in browser session is created automatically. The session lasts 90 days.
After login, all library methods (getUser(), etc.) work with the authenticated session.

Session details

PropertyValue
Session duration90 days
OTP expiry10 minutes
OTP request limit5 codes per 10 minutes/email

Handling expired sessions

When a session expires, getUser() returns null. Check for this and prompt the user to log in again: 
const user = await client.getUser();

if (!user) {
	// Session expired or user not logged in
	client.openLoginPage();
	return;
}

// User is authenticated

Logging out

Call client.logout() to clear the user’s session: 
await client.logout();
This ends the current session. The user will need to log in again to use authenticated features.