Using firebase google auth and google fit api with single OAuth2 token - firebase

I am currently working on a simple web app that will make an GET call to a user's google fit data.
To reduce the complexity of the app, I plan to host it on firebase and take full advantage of cloud functions, firestore and the authentication tools.
So far, I have managed to read my google fit data using googleapis node library on the frontend by passing the fitness scope https://www.googleapis.com/auth/fitness.activity.read
as part of the google sign in button.
If I were to use firebase's google auth implementation, this would have a different client ID / different scopes than the credentials I made for reading the google fit data.
It seems if I want to use firebase AND google fit, the user would have to login using firebase's google auth so I can authenticate database writes to my app, and also grant me access to their google fit data from within the app.
If there a way this could be combined so I could use a single token to authenticate and read google fit data?

Looks like I just had to dig a bit deeper, you can add scopes to your google auth provider instance.
https://firebase.google.com/docs/auth/web/google-signin
var provider = new firebase.auth.GoogleAuthProvider();
provider.addScope('https://www.googleapis.com/auth/fitness.activity.read');
firebase.auth().signInWithPopup(provider).then(function(result) {
var token = result.credential.accessToken;
var user = result.user;
})
Then to make the fitness reading, use the access token returned in the Authorization header
Authorization: `Bearer ${accessToken}`
axios.post('https://www.googleapis.com/fitness/v1/users/me/dataset:aggregate?alt=json', data, axiosconfig)
Note: If you want to do background requests to a users data while they are not in the app (offline in oauth2 terms), you will need to use firebase in conjunction with gapis js library.

Related

How to Connect Zapier to Firebase API with Oath2

I'm creating a Zapier Partner integration into my Firestore app.
I want Zapier to send data to Firestore.
It could go through a Firebase API.
Firestore data is structured relative to a users Id. I.e. /users/{userId}
What is the correct set of steps to ensure that a request from Zapier to store data in the API is for the correct user?
I assumed:
I need to add a OAuth 2.0 Client to my API section in Google Cloud (which gives me a ClientId and secret)
I need to unpack the token coming into the API to ensure that it relates to a valid user
Honestly OAuth2 plus the disparate technologies make it a bit fuzzy to see a clear path to implementation.
Many thanks.

Accessing Google Sheet to Create a sheet(GCP)

I want to Fetch data from firestore and append all the data in a new Google sheet.
Creating sheet is where i am finding problem.
as far as i have researched, i ve found out there are 3 methods to access google api,
1)API key
2)Service account
3)Oauth
Ignoring API key,
While using service account, i have found out that sheet which is getting created will be owned by service account so no one else can remove it.
when using Oauth, i have used OAuth json credential from GCP , in which when i try to use it in local host, it shows me Google's Logging screen, but when i deploy it in app engine, it doesnt redirect it to logging screen.
https://developers.google.com/sheets/api/quickstart/nodejs
this is the document where i find the approach.
One more method i have found i.e. Access token. i.e. putting access token in
const sheets = google.sheets({ version: "v4",headers:{ Authorization:`Bearer ${accessToken}` }});
but that wont be possible, as in Front end i am using
auth.onAuthStateChanged
which doesnt provide me Access token just the ID token.
Please help!
Based on your auth.onAuthStateChanged code it looks like you're using Firebase Authentication to sign in on the frontend.
Firebase Authentication is based around JWT ID tokens, which are not the same as OAuth tokens. You can't use such an ID token to make calls to the Google Sheets API.
If you're signing in with Google or another OAuth provider on the frontend, you can capture the OAuth token from that provider before you sign in to Firebase with it, and then use the OAuth token to call the Google Sheets API.

Firebase Storage REST call: How to set auth.uid manually and make Strorage Rules apply

Currently, I am using a Firebase Service Account to access Firebase Storage via REST calls.
However, Storage is based on Security Rules which do not apply to the Service Account, which seems to have super powers.
Is there a way to get rid of the Service Account and use a proper user-id instead, thus making the Storage Security Rules work properly?
Background
I am using Flutter-desktop (windows) and there is no library available to access Firebase Storage properly. Thus, I have to use REST calls.
Firebase Auth however is working properly via the flutter_auth_desktop plugin which provides an id-token.
FirebaseAuth.instance.currentUser!
.getIdToken()
.then((token) => token);
But I have no idea how to incorporate that into the REST calls, these approached do not work:
...(url)...&auth=$accessToken
or
headers: {'Authorization': "$accessToken"}
or
headers: {'Authorization': "Bearer $accessToken"}

I need to send product details to Google shopping Content API but first i need to generate oAuth token.How i will do it through function app

I need to send product details to Google shopping Content API but for using that i need to generate oAuth token with refresh token throgh Azure data factory.I have generated service account and client-secret json .How i will do it through function app?
Firstly, we need to understand that functions should not be used to do UI-related actions. In any app service the pop up for the login ( which allows to provide the credentials) will not be supported.
E.g. : To avoid this scenario , in case of AD auth we may use service principle where we feed the required credential to acquire the token. So if we want to use the google auth SDK we need to connect to the concerned team ( Google team) to understand if this is feasible at all.
For this you may check the Server-To-Server Service Account Authentication, as below:
https://cloud.google.com/docs/authentication/production
In case you need any assistance in this, we would recommend you to reach out to the concerned support team.

Firebase Admin SDK create user using providers

I am trying to create a REST API for my app using Firebase Cloud Functions. I know how to use Admin SDK in Cloud Functions. It does have API to createUser. My front end app lets users sign in using Google and Facebook but I am not sure how to put it all together.
My app has successfully implemented Sign in with Google and Sign in with Facebook but how and what data do I transfer over to Cloud Functions (or any REST API Server for that matter) so that it could create a user in Firebase with appropriate provider.
Update for more explanation
I am creating an app for iOS and Android with some sort of cloud based backend. Right now I am experimenting with Firebase but I do not intend to tightly couple my apps to Firebase and hence do not want to pull Firebase-iOS and Firebase-Android SDKs into my app code. I want the ability and freedom to switch my backend over to AWS or Azure without changing frontend code.
The one (and only?) way is to create a server that will expose REST API endpoints and do the work on my behalf that usually SDK does. To achieve this, I am using Cloud Functions but that shouldn't matter as long as I have API to talk to actual cloud.
After putting that explanation, now my question is how do I let my users login to app using external providers like Google and Facebook and still achieve what I am trying to do. When I let users sign in with providers, I do not have their password to send to backend to create a new email/password user.
The sample code that best illustrates what you want to do here on GitHub.
It shows how to create an Express app that handles HTTP request pages. Learn more about Express to configure it for wildcards are needed.
It accepts and checks authentication tokens in HTTP requests from Firebase Authentication to validate the end user responsible for the request.

Resources