Script to open chromium in kiosk mode and inject JWT in localstorage

ONLINECAST

2 min read

·

23-09-2024

23

0

Share

In today's fast-paced digital landscape, creating a seamless user experience is vital for businesses. One common requirement is the ability to run web applications in a controlled environment, such as a kiosk. This article will discuss how to launch Chromium in kiosk mode and programmatically inject a JSON Web Token (JWT) into local storage for your application.

Problem Scenario

You want to run a web application in a Chromium browser in kiosk mode, which restricts user access to the operating system and other applications. Additionally, you need to ensure that a JWT is stored in local storage for authentication purposes. The original code provided might be unclear or improperly structured for this purpose.

Original Code Example

chromium --kiosk --app=https://yourapp.com

Revised Code

To better achieve your goals, we can revise the approach using a more comprehensive script. Here’s a clearer example that includes the necessary modifications:

#!/bin/bash

# Define the URL of your web application
APP_URL="https://yourapp.com"

# JWT token
JWT_TOKEN="your_jwt_token"

# Start Chromium in kiosk mode
chromium --kiosk --app="$APP_URL" --disable-infobars --user-data-dir="/tmp/chromium-kiosk" &

# Wait for Chromium to start
sleep 5

# Inject JWT into local storage
chromium --user-data-dir="/tmp/chromium-kiosk" \
--app="$APP_URL" --disable-infobars \
--no-sandbox --disable-dev-shm-usage \
--remote-debugging-port=9222 &

# Use the Chrome DevTools Protocol to inject the JWT into local storage
curl -X POST http://localhost:9222/session/$(curl -s http://localhost:9222/sessions | jq -r '.[] | .id')/execute \
-d '{ "script": "localStorage.setItem(\"token\", \"'"$JWT_TOKEN"'\" );" }'

Explanation of the Code

1. Define the Application URL: The variable APP_URL holds the URL of the web application you want to run.

2. JWT Token: The variable JWT_TOKEN should contain the JWT string needed for authentication.

3. Kiosk Mode Activation: The chromium command starts Chromium in kiosk mode, using a specific user data directory to ensure that the session is isolated.

4. Wait for Startup: The sleep command is necessary to give Chromium time to fully launch before executing further commands.

5. Remote Debugging: By enabling --remote-debugging-port=9222, you can control and inject scripts into the running Chromium instance.

6. Injecting JWT: Using curl, we send a command to the Chromium instance to execute a script that stores the JWT in local storage.

Analysis and Practical Examples

The above script illustrates an effective way to manage web applications in kiosk mode while handling authentication through JWTs. This method is particularly useful in environments such as:

• Retail Environments: Running point-of-sale systems that require secure access.
• Public Terminals: Locking down systems to allow only specific web applications.
• Interactive Displays: Creating engaging user experiences without allowing interference with other applications.

Additional Considerations

• Security: Make sure to handle your JWT securely. Do not expose sensitive tokens in your client-side code.
• Error Handling: The current script lacks error handling. Consider adding checks to verify successful execution of commands.
• Clean Up: Ensure that temporary user data directories do not accumulate over time by implementing a cleanup routine.

Useful Resources

• JSON Web Tokens (JWT) Introduction
• Chromium Command Line Switches
• Chrome DevTools Protocol

By utilizing the information in this article, you'll be able to create a controlled kiosk environment while securely managing authentication using JWTs in your web applications. This method not only enhances the user experience but also strengthens security in public access scenarios.