0

I'm using Firebase Authentication to log in users with Google in my web app. I want to access Google Calendar API on behalf of the user.

Currently, Firebase gives me a Firebase ID token and a temporary Google access token (that expires after an hour) via GoogleAuthProvider.credentialFromResult(result).accessToken, but it does not provide a refresh token.

const handleGoogleLogin = async () => {
    const provider = new GoogleAuthProvider();
    provider.addScope("https://www.googleapis.com/auth/calendar.events");
    provider.setCustomParameters({
        approval_prompt: 'force',
        access_type: 'offline'
    });
    const result = await signInWithPopup(auth, provider);
    const credential = GoogleAuthProvider.credentialFromResult(result);
    console.log(credential);
};

My goal is to be able to create calendar events on behalf of the user without asking them to explicitly approve OAuth consent every time.

Is there a way to use only Firebase Authentication to obtain a long-lived access token or refresh token for Google APIs? I’d like to understand if Firebase can act as a complete bridge to Google APIs, or if OAuth is always required.

Improve this question

1 Answer 1

Reset to default
0

Based on the Firebase documentation for signInWithPopup, this example from the documentation on GoogleAuthProvider seems to do what you want:

// Sign in using a redirect.
const provider = new GoogleAuthProvider();
// Start a sign in process for an unauthenticated user.
provider.addScope('profile');
provider.addScope('email');
await signInWithRedirect(auth, provider);
// This will trigger a full page redirect away from your app

// After returning from the redirect when your app initializes you can obtain the result
const result = await getRedirectResult(auth);
if (result) {
  // This is the signed-in user
  const user = result.user;
  // This gives you a Google Access Token.
  const credential = GoogleAuthProvider.credentialFromResult(result);
  const token = credential.accessToken;
}

So you can use credentialFromResult to get the OAuth credentials that were used, and then get the access token from there.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I get an access token but it expires after an hour, I also need a refresh token, but it seems i can only get it using OAuth
Firebase's own ID token expires after an hour, but I don't think the access token expires that quickly. If it does for you, edit your question to show how you determined that. From the comments here it seems that getting the refresh token from the GoogleAuthProvider in Firebase is not supported, and you'd need to use a GApi call for that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.