Reputation: 2254
User Google Api with Firebase auth
I have successfully verified the user ID Token on my node.js backend (as described here), and now I want to access the Google Spreadsheets API on behalf of that user, but I can't seem to find information about how to do it.
Thanks in advance for your time.
Upvotes: 2
Views: 2708
Answers (3)
Reputation: 3
I was struggling with the same problem, later I realised that the access tokens of firebase and OAuth2 were different, but it is possible to grab the OAuth2 Token using firebase/auth library.
Use signInWithPopUp(), and pass the "result" that it returns to the credentialFromResult(), and there you go you get an OAuthCredential.
signInWithPopup(auth,provider).then((result)=>{
const OAuthCredential = GoogleAuthProvider.credentialFromResult(result)
console.log(OAuthCredential) //here you can get the access token.
navigate('/dashboard')
}).catch((error)=>{
alert(error)
})
Upvotes: 0
Reputation: 380
I'm currently working on a similar implementation and might be able to share some information from what I've learned. First, an overview of tokens used in Firebase you find here. What you need in order to access a Google API is an OAuth2 token. The standard token you obtain from the Firebase login, however, is a Firebase ID token, not an OAuth2 token.
There is an OAuth2 token involved when you use Sign In with Google on Firebase Auth but like mentioned by Frank van Puffelen and also in this StackOverflow answer, Firebase Authentication "does not manage OAuth tokens for users". And as far as I understand you just cannot get to the OAuth2 tokens within Firebase Auth.
EDIT: I just came across the last example in the docs for handling the Google sign in flow, where it says
Then, you can also retrieve the Google provider's OAuth token by calling getRedirectResult when your page loads
I did not try this as I use the Google Sign In library but it seems that it is now possible to retrieve the OAuth2 token also directly from a Google Sign In with the Firebase Auth library. This corresponds to client-side authorization as you do not obtain a refresh token here.
What you can do, however, is to use the "Sign In With Google" library. It separates between authentication (who someone is, like Google account) and authorization (granting access to data, like calling a Google API). For obtaining the token to call Google APIs you need to implement the authorization flow. Here you have two options:
- client-side authorization, called "implicit flow" where the token you obtain from the user giving consent in the google pop up is only a short-lived access token.
- server-side authorization, called "authorization code flow" where you obtain a refresh token that you store in your database and use for obtaining access tokens over a longer period of time.
A very helpful comparison of both authorization flows you find here. Which one you use is up to you. In any case, you end up with the access token you need in order to call a Google API on behalf of the user.
And now back to Firebase: Since you want to log your user also into Firebase, you can use the "manual" authentication with Firebase by passing the token you obtained from the Google Sign In library to signInWithCredential:
function handleCredentialResponse(response) {
// Build Firebase credential with the Google ID token.
const idToken = response.credential;
const credential = GoogleAuthProvider.credential(idToken);
// Sign in with credential from the Google user.
signInWithCredential(auth, credential).catch((error) => {
// Handle Errors here.
const errorCode = error.code;
const errorMessage = error.message;
// The email of the user's account used.
const email = error.email;
// The credential that was used.
const credential = GoogleAuthProvider.credentialFromError(error);
// ...
});
}
Upvotes: 4
Reputation: 598807
To access a Google Spreadsheet you need an OAuth token for a Google user.
An ID token from Firebase Authentication identifies a Firebase user.
The two token types are not the same and each have their own set of users. You can't use a Firebase ID token to allow that Firebase Authentication user to access a Google Spreadsheet (or any other API that requires a OAuth token).
To access the Google Spreadsheet as that user, you'll need to use their OAuth token, which is the same token you used when signing the user in to Firebase on the client.
Upvotes: 0
Related Questions
- Use Google authentication token with Firebase
- OAuth2 access token via rest/http
- Firebase Google Sign In Implementation
- Firebase Auth and Google Sign-in
- Google Sign In with Firebase Android
- User login in Firebase
- How to Approach Google Sign-In With Firebase?
- Google sign in and Firebase authentication relationship?
- firebase unauth with google doesn't allow change of user
- Sign in with different google account Firebase iOS