You should always use OAuth 2.0 for authentication within extensions. Never pass the username/password because an attacker can simply steal such information.
An example from Chromium regarding OAuth in extensions is Tutorial: OAuth.
Additionally, there’s an experimental API available for OAuth 2.0, which is supposed to make the whole process a little easier. There’s a comprehensive blog post, OAuth 2.0 from Chrome Extensions.