ActiveToken Returns OAuth Access Token on iOS but Returns JWT on Android

[briandotdev]

Describe the bug I'm not able to locate in the docs a definition of what the expected behavior is. However, I've noticed that this library performs differently on iOS than it does on Android. When using CrossGoogleClient.Current.ActiveToken to retrieve the active token after a successful Google Login I've noticed that on iOS this property returns an OAuth Access token however on Android it returns a JWT.

The difference here being that an OAuth Access Token must still be exchanged with the Google authorization server in order to obtain an authorized bearer token. While a JWT is a fully signed authorization that can be used as the bearer token on some Google APIs.

I am using a back end server that abides by the OAuth protocol and thus does not know or use JWTs. I would like to receive the OAuth Access Token under both iOS and Android implementations.

To Reproduce

user = new UserModel();

GoogleResponse<GoogleUser> googleUser = await _googleClientManager.LoginAsync();

user.Name = googleUser.Data.Name;
user.EmailId = googleUser.Data.Email;
user.Picture = googleUser.Data.Picture.ToString();
user.Provider = "google";
user.ProviderId = googleUser.Data.Id;
user.ProviderToken = CrossGoogleClient.Current.ActiveToken;

Supporting Documentation Google API Docs for GoogleSignInAccount show that getIdToken() will return a JWT and [getServerAuthCode()](https://developers.google.com/android/reference/com/google/android/gms/auth/api/signin/GoogleSignInAccount.html#getServerAuthCode()) will return a "one-time server auth code to send to your web server which can be exchanged for access token".

[natsoragge]

I'm having the same problem, but I need JWT for Android and iOS instead of the access token. 😕 It would be nice if we could have both tokens.

[briandotdev]

In my mind there should be a method for each.

I come from the world of interpreted languages where I can just dive into the dependency code and start playing around. I tried to pull down the source and figure out how to get my own locally compiled Nuget package working but couldn't figure it out.

If someone out there knows how and wants to submit a PR for this I'd be grateful. Otherwise if no action on this thread I will probably go directly with Xamarin.Auth.

[natsoragge]

You can download the code directly from Github if you want to. Just extract the Shared folder to your PCL project and the specific GoogleClientManager to each platform. This way you'll be able to make the changes you need. Uninstall the Nuget package to avoid conflicts and install any needed dependencies (in my case, I needed Xamarin.GooglePlayServices.Auth for Android and Xamarin.Google.iOS.SignIn for iOS)

[maxyhi]

has there been a update on this issue?

[Pujolsluis]

Hey Guys!

I agree, this would be a nice improvement for the plugin, and I would love to review and go over the PR once you have this going, @briandotdev as @natsoragge explained you can simply download the project and add the managers to a test Xamarin project and test your changes there, once you have the new methods going you can modify your forked plugin project and shoot a PR from GitHub (:

[vincentcastagna]

@Pujolsluis

I'm trying to run the project, but I have some issues when rebuilding it with nuget restore. "Cannot load details for GoogleClient" => nuget package restore failed.

Seems like VS cannot load the .csproj

error NETSDK1013: The TargetFramework value 'MonoAndroid80/90/81' was not recognized. It may be misspelled. If not, then the TargetFrameworkIdentifier and/or TargetFrameworkVersion properties must be specified explicitly.

I checked the Microsoft.NET.TargetFrameworkInference.targets in case there were typo issue but .. no.

I'd like to do a PR to expose the OAuthCode.

EDIT : So, from my understanding, the ID token (JWT) is enough to process the google sign in through backend.

As stated by google :

Pass this client ID to the requestIdToken or requestServerAuthCode method when you create the GoogleSignInOptions object.

Then you just have from the backend to check the integrity of the token here :

https://oauth2.googleapis.com/tokeninfo?id_token=XYZ123

A question remains on my side. I have created a WebApplication in the google cloud console api, that I'm using to initialize the plugin => in this case, I don't see the need of firebase ? One does not need google-services.json in this case. I can get a JWT w/o it. This part is very unclear to me and either from the documentation, if you can light me :) !