'Is it possible to inject a custom authentication library into a chrome extension background script?

I'm in the process of building a chrome extension that needs to leverage my companies internal SSO system. I'm using a background script because I need to make a CORS call to a service that can return an auth token. I've developed a library that can handle this for me but based on what I have read there is no way to inject it into a background script. I could relax the Content Policy to allow for it but the documentation states that they strongly recommend not doing this because of XSS vulnerabilities. My question is: Is there a way to inject my library into the background script without altering the content policy?

//manifest.json

{
  "name": "Learning",
  "version": "1.0",
  "description": "Chrome extension to enable xAPI",
  "background": {
    "scripts": ["tx.js", "tx-auth.js", "main.js"],
    "persistent": true
  },
  "permissions": [
    "activeTab",
    "tabs"
  ],
  "content_scripts": [
    {
      "run_at": "document_end",
      "matches": ["http://*/*", "https://*/*"],
      "js": ["interactionProfile.js", "tx.js", "all.js"]
    },
    {
      "run_at": "document_end",
      "matches": ["*://*.youtube.com/*"],
      "js": ["interactionProfile.js", "tx.js", "youtube.js"]
    }
  ],
  "browser_action": {
    "default_popup": "main.html"
  },
  "manifest_version": 2
}
// all.js

console.log('all')

const iframe = document.createElement('iframe');
iframe.setAttribute('src', "http:****/identification");
iframe.style.display = "none";
document.body.appendChild(iframe);


chrome.runtime.sendMessage({contentScriptQuery: '', create: tx.default.create}, (tx) => {
    console.log(tx)
})
chrome.runtime.onMessage.addListener(
    function(request, sender, sendResponse) {
        request.create({
            endpoint: '*****',
            username: '*****',
            password: '*****',
            allowfail: false,
            env: "sandbox",
            xapiEndpoint: '******'
        }).then((tx) => sendResponse(tx));
        return true;
    });


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source