search

Cap-go / capacitor-social-login

One plugin to make login with Google,Apple,Facebook and so on, simple and fast to implement
https://capgo.app
13 stars 3 forks source link

In iOS for Google Login, getAuthorizationCode(...) should not returned JWT but serverAuthCode #35

Open AndrewBargan opened 3 hours ago

AndrewBargan commented 3 hours ago

Hi there,

I've noticed that after logging in to Google and retrieving server code like this

    await SocialLogin.initialize({
      google: {
        webClientId: "XXXXX",
        iOSClientId: "YYYY",
        iOSServerClientId: "ZZZ"
      },
    });

    const loginRes = await SocialLogin.login({
      provider: "google",
      options: {
        scopes: [
          "profile",
          "email",
          "https://www.googleapis.com/auth/calendar",
          "https://www.googleapis.com/auth/calendar.events",
          "https://www.googleapis.com/auth/calendar.settings.readonly",
        ],
        grantOfflineAccess: true,
      },
    });

    const authorizationCodeRes = await SocialLogin.getAuthorizationCode({ provider: 'google' });

Access token is in loginRes.result.accessToken.token which is fine but it is equal to authorizationCodeRes.jwt (these string values start with 'ya29.a0...'). So SocialLogin.getAuthorizationCode(...) should not return JWT which is already accessible in the result of SocialLogin.login(...). It should return Authorization Code (its string value starts with '4/0AVG7fi...') which will be exchanged on the Back-end for the Refresh Token.

Or you could return refreshToken somehow. We need it on the server side to refresh our accessToken for further requests to Google API

riderx commented 2 hours ago

Hey Andrew thanks for the feedback the plugin now return accessToken on login as expected, thanks

AndrewBargan commented 2 hours ago

Everything was fine with accessToken. But we also need refreshToken which will be used on the server side to update the accessToken. As you may know accessToken expires and needs to be updated periodically. So could you please also return refreshToken or maybe server authorization code which will be further exchanged for refreshToken on the server side?

AndrewBargan commented 2 hours ago

As an example

You'll get to the "Exchange authorization code for tokens" page where as you can see there is a "Authorization code" field. We need your plugin to return either the authorization code, so our back-end server can fetch the Access Token and Refresh Token, or both the Access Token (which the plugin already returns) and the Refresh Token (which it currently does not return)