虽然不是来自 chrome 扩展，但我正在构建类似的东西，可以在终端上工作.我最终绕过了设计并通过自己的令牌身份验证创建，这将允许用户仅访问我需要的一个控制器#action.这样一来，如果令牌被盗，您就可以最大限度地减少损失.

Although not from a chrome extension, I was building something similar that would work from terminal. I ended up bypassing devise and creating by own token authentication that would allow users to access just the one controller#action I needed. That way you can minimize the damage if the token gets stolen.

所以无论如何，我会允许用户在 rails 应用程序界面中生成(和重新生成)令牌，并使它的扩展程序在第一次启动时要求令牌.我会将令牌本身存储在 localStorage 中.

So anyway, I would allow users to generate (and regenerate) tokens within the rails app interface and make it so that the extension asks for the token on the very first launch. I'd store the token itself in localStorage.