firebase / firebase-js-sdk

Firebase Javascript SDK
https://firebase.google.com/docs/web/setup
Other
4.86k stars 896 forks source link

FR: Add API to refresh IDP access token #4850

Open rendomnet opened 3 years ago

rendomnet commented 3 years ago

Firebase has a straightforward API for auth with Google. I can get and store the AccessToken upon authentication. So it seems that is the way I should implement the auth, the new and improved Firebase way. Also, Firebase provides a nice redirect flow that works on mobile devices.

However, there is a huge problem...

This will get the Access Token.

    firebase.auth().getRedirectResult().then(function(result) {
      if (result.credential) {
        // This gives you a Google Access Token. You can use it to access the Google API.
        var token = result.credential.accessToken;
        // ...
      }

      // The signed-in user info.
      var user = result.user;
   })

The access token is available and I can use it to read/write to the drive, ...for an hour. Once that token expires, I can no longer do anything. The user is still logged into Firebase, so I can continue to use the Firebase services, but I would need to force the user to sign in again to access the drive. This won't do!

I'm looking for the equivalent of GoogleUser.reloadAuthResponse() in Firebase.

How can I do this? What is the recommended way to build a web app that accesses both Firebase services and G Suite? Are there any official examples?

My project is Chrome Extension. And auth through gapi is not working with it.

google-oss-bot commented 3 years ago

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

looptheloop88 commented 3 years ago

Firebase Authentication doesn’t monitor the Google access token refresh. You’ll need to use the GApi library to get the access token continuously.

Get the id_token from the GoogleUser.getAuthResponse() using the Google Sign-in flow, then build a credential for Firebase Authentication.

const credential = firebase.auth.GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);

Use signInWithCredential to sign in with the credential from the Google user.

firebase.auth().signInWithCredential(credential).catch((error) => {});

Please note that GApi library takes care of the token refresh for you. You can get the current access token using:

gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token

You can also force to refresh the access token using:

gapi.auth2.getAuthInstance().currentUser.get().reloadAuthResponse().then((data) => {
       // data.access_token
});
rendomnet commented 3 years ago

@looptheloop88 getIdToken() will not get provider accessToken. it will get firebase auth token.

looptheloop88 commented 3 years ago

@looptheloop88 getIdToken() will not get provider accessToken. it will get firebase auth token.

Apologies for the confusion. I have updated my answer. Currently, there's no equivalent of GoogleUser.reloadAuthResponse() in Firebase Authentication SDK. This feature is really good to have, so I will add a feature request label to this issue.

rendomnet commented 3 years ago

@looptheloop88 also about GAPI I would love to use it BUT it is notworking in Chrome extension. And because of not working GAPI I had to get access token for REST calls, but access token cant be refreshed...

yuchenshi commented 3 years ago

Hi, thanks for filing this feature request! We are unable to promise any timeline for this, but if others also have this request, adding a +1 on this issue can help us prioritize adding this to the roadmap.

(Googler-only internal tracking bug: b/187072938)

jerrythomas commented 3 years ago

Would be great if we could get the updated AccessToken in the onAuthStateChanged callback. At present when we authenticate with different providers we can get the AccessToken along with the authenticated user.

However, when we use the onAuthStateChanged callback this is not available. Only the idToken is available. This applies to third-party AccessTokens also. Having the updated AccessToken being available would really be helpful, particularly for cases like Microsoft auth, where the AccessToken can be used to access the graph api's.

JGSolutions commented 2 years ago

Any update for this feature request to get the updated accessTokens? I'm using google fit rest api that requires the access token. Which then expire no idea how to get aa new token unless they log out and log back in

@looptheloop88 So do I have to scrap the firebase google auth provider and go with this instead? https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow

JGSolutions commented 2 years ago

I would really like to have this feature request