I am trying to sign in with google using
IAuthResult user = await FirebaseAuth.Instance.SignInWithCredentialAsync(credential as AuthCredential);
then I can get the idToken using
var token = user.User.GetIdToken(false);
but there is no way to get the refresh token to store it in order to check if it is valid or not.
Any suggestion?
You don't actually need to use the refresh token yourself. This is handled behind the scenes from the Firebase SDK so you will remain connected so long as you do not sign out. The tokes expire after one hour but they will be automatically refreshed. You can revoke a refresh token using the Admin SDK. https://firebase.google.com/docs/auth/admin/manage-sessions
Related
I am working on project using Next JS + NextAuth package. For user authentication we are using NextAuth with Custom Credentials provider. I am making a sign in REst API request to Firebase to get the user logged in and saving all necessary bits like Firebase tokens(access and refresh) in JWT.
The flow works.
Where i am stuck: Changing user password.
Password change is pretty straight forward using firebase client SDK. But I am using Firebase API:
https://firebase.google.com/docs/reference/rest/auth#section-change-password
the flow to change password requires:
Provide latest access token in API request above.
If the latest Access token is not provided, the API would send back error like: TOKEN TOO OLD or RE AUTHENTICATE
So this to work, we need to reauthenticate the user prior to making that change password request.
What I have managed to do:
When user request password change, user needs to provide current password.
Using the current password, i would re sign in user using API end point:
https://firebase.google.com/docs/reference/rest/auth#section-sign-in-email-password
This would work but now I need to update the latest access token in the JWT using NextAuth.
At this point i am stuck:
Refreshing the JWT using Next Auth; as soon as the user is re-signed-in and again when password is changed and new access token is sent back from Firebase.
When I try to refresh the JWT with new access token (etc) token using NextAuth client side callback: https://next-auth.js.org/tutorials/refresh-token-rotation
The application breaks due to access tokens are not synced on JWT and on firebase.
Questions:
Is my flow correct changing the user password?
Is there better way of doing this?
Any help is appreciated. Thanks
In firebase we can use signInWithPopup and get our auth provider access token by credential.accessToken.
We can only get this accessToken one time after login. But this access token is expired in one hour!
And we need to force user to login again to get access token.
What the point of this completely useless access token user experience? If we cant use it anyway.
update:
I'm developing Chrome Extension with Firebase and trying to add Google Calendar support. And I spent already several days but didn't found solution.
first GAPI is not working in Chrome Extension. I tried to use signInWithPopup and make it with REST calls but google.com oauth2 access token in firebase is expiring after one hour and there is no way to refresh it silently.
This is all Google products and why they are so hard to make work together?
update2:
provider = new firebase.auth.GoogleAuthProvider();
provider.addScope('https://www.googleapis.com/auth/calendar.events');
const result = await firebase.auth().signInWithPopup(provider)
var credential = result.credential;
// Saving **credential** somewhere for later use it in REST calls to` https://www.googleapis.com/calendar/v3/users/me/calendarList
PROBLEM this access token is expired after ONE hour.
Signing in into my firebase app via REST https://firebase.google.com/docs/reference/rest/auth only returns tokens which expire after 1 hour (3600 seconds, according to the REST response). I don't see any way to change this.
Using firebase JS SDK, the authentication persists "forever", which is what I would like to achieve. However I do not want to include the JS SDK in my app, if there is a way around it (mostly because of its size (~700kb)).
Is there a way to obtain a persistent login from the official firebase REST api?
Using firebase JS SDK, the authentication persists "forever"
This is because the JS SDK automatically takes in charge the action of getting a new user's Firebase ID token when the current one expires, by using the refresh token. See the doc.
So you need to implement this mechanism yourself when you work with the Firebase Auth REST API, by using the endpoint that allows exchanging a refresh token for an ID token.
For that you should use the refresh token you received the last time you logged in, e.g. by using the endpoint that signs in a user with email/password, or the last time you refreshed the ID token (see below).
You'll get a response which contains the new Firebase ID token and refresh token. Next time this new ID token expires, use again the refresh token, and so forth...
I can not find how should handle the auth part correctly. Basically, my backend returns me a token, and with this token, I call auth().signInWithCustomToken(token). All works fine my users have access to chat and other things. Also, on signout I call auth.signout(). But the problem is if the user does not use the app for some time and when coming to the app with refresh token if it is valid we generate new accessToken. But how to handle firebase part in this flow because user can not access chat, etc because it seems firebase token is not valid anymore. Any idea how to handle refresh token or flow in this case?
Once you've signed out with signout(), refreshing a token won't help at all. The user is fully and completely signed out. If you want to sign back in, you will need another new token to sign in with signInWithCustomToken(). Once the user is signed in, the Firebase SDK will automatically refresh a token to keep that sign-in alive for a long as needed. There is nothing you need to do for that.
I want users to have access to their Youtube playlists after signing in with Google through Firebase. I use firebase.auth().signInWithRedirect(provider) for signing in and I can get their access token with firebase.auth().getRedirectResult() and everything works perfectly just after they signed in.
The problem is that I can't get their access token back if they refresh the page. Firebase automatically signs them in again but firebase.auth().getRedirectResult() returns
{user: null, credential: undefined, operationType: undefined}
I have tried the method used in Google's OAuth 2.0 Playground but I don't know where to get the authorization code used in step 2.
I'm grateful for any help.
Firebase doesn't provide a way to refresh a Google access token. Perhaps you are better off using Google web sign in SDK to obtain the Google access token: https://developers.google.com/identity/sign-in/web/sign-in
It also refreshes that for you automatically.
You can then pass the Google access token or ID token to sign in with Firebase:
firebase.auth().signInWithCredential(firebase.auth.GoogleAuthProvider.credential(googleIdToken, googleAccessToken));