Reputation: 1745
How can I create long-lived tokens with Firebase Node.js SDK
I'm trying to implement the Authorization Code Flow to link actions on google with my firebase users:
https://developers.google.com/actions/identity/oauth2-code-flow
So far I've understood the flow as follows:
1 - User access the application and is redirected to the authorization url endpoint
2 - User signs in and google receives an authorization token
3 - Google sends this authorization token to the token url endpoint and gets an access token a refresh_token and a expiration time
4 - Google sends the refresh token to get a new access token when the access token is going to expire and gets a new acess token and a new expiration time
Did I get everything right?
As authorization token and access token I'm using the custom tokens from Firebase. My question is, how can I implement the refresh token? I cannot get this token from the Firebase Node.js SDK server side.
How can I greate long-lived tokens with Firebase Node.js SDK?
Is there another approach?
Upvotes: 0
Views: 2848
Answers (1)
Reputation: 589
Yes, you got the OAuth2 process right.
The Firebase Admin SDK lets you sign the user in to your Firebase service using generated custom tokens. Though the custom token expires within 1 hour, once user is signed-in, they should be authenticated indefinitely (i.e. until user signs out). As such, there is really no need for SDK to generate refresh token.
I'd suggest a different approach. Use Actions on Google's SignIn helper intent to get user's info, such as email, name etc. Using this info, you will be able to sign the user in to Firebase as follows (referenced from the "Create Custom Token" Firebase doc):
var uid = "some-uid";
admin.auth().createCustomToken(uid)
// token == custom token
.then(function(token) {
firebase.auth().signInWithCustomToken(token).catch(function(error)
{
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
})
.catch(function(error) {
console.log("Error creating custom token:", error);
});
References:
- "How to use refresh token?" from Firebase's GitHub
- "Create custom tokens" from Firebase's docs
- "Request Signin helper" from Actions on Google docs
Upvotes: 2
Related Questions
- How can I store a bearer token and it's expiration date using Firebase cloud functions?
- Create firebase auth token which never expires
- How to handle Firebase expiring authentication tokens on React Native
- Create a custom token using firebase-admin in NodeJS
- How to store access tokens in Firebase back-end?
- Explicit renewal of session tokens in Firebase JS SDK
- Firebase auth set custom expiration time for custom token
- Firebase tokens expiration and best practice for handling refresh tokens
- Firestore Custom Tokens
- Firebase REST auth when creating token with node.js admin sdk