XAuth – Mozilla webappstore.sqlite

If you are wondering where Firefox stores the token from XAuth (all localStorage data), the answer is in webappstore.sqlite in your profile folder. The main idea of the XAuth is that the declared token will be accessible only from the XAuth.org domain and you don’t have the opportunity to see what exacly has been saved in your local storage.

I am an Explorer

I am always suspicious when I have to use an “Open Technology” from Google or other not so open vendors and I would like to see what EXACTLY is stored in My Computer.


So let’s explore the webappstore.sqlite. I need this Addon for that. You can download it from here.

It looks very usable:
SQLite Manager

Just Click on Database > Connect Database and choose webappstore.sqlite from your profile folder.
After that choose Tables from the sidebar tree, and Browse and Search from the main Window.


Let’s see what is inside about XAuth:

scope: gro.htuax.:http:80 // this information will be accessible from xauth.org only, using http protocol only and via port 80 only
key: talkweb.eu
value: {“token”:”1″,”expire”:1275110205930,”extend”:[“talkweb.eu”]}

Everything looks fine for now !

Another example
if you want to see, what is stored from your domain in your local storage, you can use this script for that:

<body onLoad="doShowAll()">
<script language="javascript">
function doShowAll() {
var key = "";
var showme = "<tr><td>Local name</td><td>Local value</td></tr>\n";
var i=0;
for (i=0; i<=localStorage.length-1; i++) {
key = localStorage.key(i);
showme += "<tr><td>"+key+"</td>\n<td>"+localStorage.getItem(key)+"</td></tr>\n";
if (showme == "<tr><td>Local name</td><td>Local  value</td></tr>\n"") {
showme += "<tr><td><i>empty</i></td>\n<td><i>empty</i></td></tr>\n";
document.getElementById('showme').innerHTML = showme;

<table id='showme'></table>







2 responses to “XAuth – Mozilla webappstore.sqlite”

  1. Scott Avatar

    Thanks, was wondering why this file was taking so long to sync with Synctoy (I know, a little off topic, but it relates). As an explorer myself, I wanted to know a little more about the file and came across your post. I ran your html test script and get a blank out put. As in, it loads, but the Javascript doesn’t product any output. Am I to believe there is nothing stored in the local storage? I am running the file from the local host, is that what I should be doing? Or load on my Website?


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.