XAuth – Mozilla webappstore.sqlite

May 28, 2010
By Bogomil Shopov
Post Image

If you are wondering where Firefox stores the token from XAuth (all localStorage data), the answer is in webappstore.sqlite in your profile folder. The main idea of the XAuth is that the declared token will be accessible only from the XAuth.org domain and you don’t have the opportunity to see what exacly has been saved in your local storage.

I am an Explorer

I am always suspicious when I have to use an “Open Technology” from Google or other not so open vendors and I would like to see what EXACTLY is stored in My Computer.


So let’s explore the webappstore.sqlite. I need this Addon for that. You can download it from here.

It looks very usable:
SQLite Manager

Just Click on Database > Connect Database and choose webappstore.sqlite from your profile folder.
After that choose Tables from the sidebar tree, and Browse and Search from the main Window.


Let’s see what is inside about XAuth:

scope: gro.htuax.:http:80 // this information will be accessible from xauth.org only, using http protocol only and via port 80 only
key: talkweb.eu
value: {“token”:”1″,”expire”:1275110205930,”extend”:[“talkweb.eu”]}

Everything looks fine for now !

Another example
if you want to see, what is stored from your domain in your local storage, you can use this script for that:

<body onLoad="doShowAll()">
<script language="javascript">
function doShowAll() {
var key = "";
var showme = "<tr><td>Local name</td><td>Local value</td></tr>\n";
var i=0;
for (i=0; i<=localStorage.length-1; i++) {
key = localStorage.key(i);
showme += "<tr><td>"+key+"</td>\n<td>"+localStorage.getItem(key)+"</td></tr>\n";
if (showme == "<tr><td>Local name</td><td>Local  value</td></tr>\n"") {
showme += "<tr><td><i>empty</i></td>\n<td><i>empty</i></td></tr>\n";
document.getElementById('showme').innerHTML = showme;

<table id='showme'></table>

Bogomil Shopov

I care about privacy, ethical design, and freedom in many aspects. I spend 20+ years working as a web developer and architect, analyst, manager, and product owner/manager in different environments, several countries, and multiple software industries like Healthcare and Hospitality. I wore many hats, and I use the knowledge gathered to optimize the flow of value across complex systems.


  • Scott

    September 30, 2011 at 8:28 pm

    Thanks, was wondering why this file was taking so long to sync with Synctoy (I know, a little off topic, but it relates). As an explorer myself, I wanted to know a little more about the file and came across your post. I ran your html test script and get a blank out put. As in, it loads, but the Javascript doesn’t product any output. Am I to believe there is nothing stored in the local storage? I am running the file from the local host, is that what I should be doing? Or load on my Website?



Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.