javascript - Getting unique ClientID from chrome extension?

Question

I'm developing chrome extension. I need the ability to identify each client as a unique client.

I can't store guid in a cookie since cookie can be deleted. I need something to be read from the system itself which is unique.

Now - I know that JS doesn't has access to client resources ( local resources) but - and here is my question :

Question

Does chrome extensions Js's provide API for getting unique client information ( I dont care what data - as long as it is unique).

Edit :

Just to clarify :

The user will be shown a unique key ( which is a hash data of his computer). this code will be sent to me , and I will provide matching result which the user will be sent (via email) and only then - he will be able to use the extension.

(no , not all countries support extension payment via wallet , im at one of those countries)

Answer 1

To uniquely identify a user, I would suggest to generate a random token and store it in your extension's storage (chrome.storage). The userid has to be generated only once, when the token does not exist in storage.

For example:

function getRandomToken() {
    // E.g. 8 * 32 = 256 bits token
    var randomPool = new Uint8Array(32);
    crypto.getRandomValues(randomPool);
    var hex = '';
    for (var i = 0; i < randomPool.length; ++i) {
        hex += randomPool[i].toString(16);
    }
    // E.g. db18458e2782b2b77e36769c569e263a53885a9944dd0a861e5064eac16f1a
    return hex;
}

chrome.storage.sync.get('userid', function(items) {
    var userid = items.userid;
    if (userid) {
        useToken(userid);
    } else {
        userid = getRandomToken();
        chrome.storage.sync.set({userid: userid}, function() {
            useToken(userid);
        });
    }
    function useToken(userid) {
        // TODO: Use user id for authentication or whatever you want.
    }
});

This mechanism relies on chrome.storage.sync, which is quite reliable. This stored ID will only be lost in the following scenarios:

• The user re-installs the extension. Local storage will be cleared when uninstalling the extension.
• One of the storage quotas has been exceeded (read the documentation).
  This is not going to happen because the only write operation occurs at the first run of your extension.
• Chrome's storage gets corrupted and fails to save the data.
  Even if the user does not have Chrome Sync enabled, data will still be saved locally. There have been bugs with Chrome's internals that resulted in data loss, but these are incidents.
• The user has opened the developer tools for your extension page and ran chrome.storage.sync.clear() or something similar.
  You cannot protect against users who possess the knowledge to mess with the internals of Chrome extensions.

---

The previous method is sufficient if you want to uniquely identify a user. If you really want to get a hardware-based ID, use chrome.storage.cpu and chrome.storage.memory as well. I don't see any benefits in using these additional sources though, because they can change if the user replaces hardware, and they are not unique either (two identical laptops would report the same values, for instance).