Firebaseui-web: Offline access support
Hi,
Thank you for a great opensource library. I have have a use case that is not fully supported at the moment.
I am looking to implement something that might be described as a hybrid auth solution, with both my front-end web client and back-end needing to access firebase and other google apis on my users behalf even when not signed in. Here are some links that describe similar use cases:
https://github.com/dart-lang/googleapis_auth/issues/5
https://developers.google.com/identity/protocols/CrossClientAuth - Android app obtains offline access for web back-end
I think I can just about create the auth request manually to be able to do this:
Although now it seems I have to include a 'nonce'.
I was wondering if this could be natively supported by this library by allowing something like:
signInOptions: [
{
provider: firebase.auth.GoogleAuthProvider.PROVIDER_ID,
scopes: ['openid','https://www.googleapis.com/auth/calendar','profile','email'],
acess_type:'offline',
response_type:'code token id_token'
}
],
/* acess_type:'offline' <-- not sure this is needed until server needs to get access token using autherization code */
Oh I should mention I have tried implementing:
But no matter what I tried this seems to always trigger a popup, which is far from ideal, considering the used should have already accepted permission from a redirect flow moments before, and this is a mobile first web app.
Unless you have any ideas I am stuck doing this manually for now!
Jeevsxp
All 12 comments
You are better off using Google OAuth library for this. Firebase Auth does not return the authorization code for you, or the refresh token. It only returns a one time OAuth access token.
bojeil-google
on 24 Mar 2017
As mentioned I have already tried implementing the Google OAuth library, but no matter what I do I keep getting a popup that the user needs to interact with.
Can we implement this better here?
Jeevsxp
on 24 Mar 2017
I don't understand what you are asking for. The user has to provide consent via the OAuth popup. Not sure how you want to get this done without user interaction.
bojeil-google
on 24 Mar 2017
So this permission can't be included in the initial redirect??
Jeevsxp
on 24 Mar 2017
I believe if you were able to add/modify:
response_type:'code token id_token'
in the initial request url you would get the auth_token, id_token and autherisation_code
You also probably need to add:
acess_type:'offline'
but I have not confirmed this yet
auth parameters reference:
https://developers.google.com/identity/protocols/OpenIDConnect#authenticationuriparameters
Jeevsxp
on 24 Mar 2017
@Jeevsxp, you can refer to my response on your question in Google Sign-In issues. You cannot obtain any sort of token or code without having first the user consent to grant access to your application.
Are you saying that you would like to get token, id_token and code in the same response, in only one popup? This is not supported by Firebase, but will soon be in GSI (see here).
TMSCH
on 24 Mar 2017
@TMSCH I would prefer a redirect consent flow but essentially yes, one consent step instead of many to get token, id_token and code
Also I would like to use the code to get access_token and refresh_token on the back-end. I don't ask much do 馃槈
Jeevsxp
on 24 Mar 2017
@Jeevsxp Firebase is not meant for this usage unfortunately. GSI will soon offer this though.
TMSCH
on 24 Mar 2017
My app with drive api and sheet api working for the user's drive spreadsheet export in csv for chart functionality. Everything is working correctly. But now I want - User can access his spread sheets without login again & again(Only first time login required - as first time authentication). After first time authentication the consent screen appears asked for access to sheets and offline access. But never prompt for login again. Even If the user logged out from gmail account in the browser.
Only first time login required for subsequent app usage allow user to view his sheets without login promp. I use this functionality in javascript
Sharma-Ravin
on 15 May 2017
@Sharma-Ravin not sure of your exact requirements, as you may not need offline access. If you do it is more than likely that your use case is covered by this or the Google API Client Library
This issue is specifically about getting access tokens for offline access using this library, as an alternative to the Google API Client Library. As at time of posting it was not possible to get this in one redirect auth flow step.
Track here for progress on this issue
Jeevsxp
on 4 Jun 2017
Hey guys, I was just wondering if there are any plans from you in regards adding support for access_type=offline as part of the signInOptions, so we can receive back the refresh token to then send it to back-end?
...
signInOptions: [{
provider: firebase.auth.GoogleAuthProvider.PROVIDER_ID,
scopes: ['https://www.googleapis.com/auth/gmail.readonly'],
customParameters: { access_type: 'offline' }
}]
...
I appreciate that we can use another library and then send sign in with credentials retrieved on Firebase, but I just like the all-in-one approach Firebase presents itself and thought it would be one thing less to worry (less plumbing) when creating apps.
Thanks in advance and all the best
zanona
on 8 Jun 2017
There are currently no plans to support that. You are better off using the dedicated Google sign-in library for that and then use the returned OAuth credential to sign in with signInWithCredential, etc. Regarding the refresh token being returned, I will relay your request to the Firebase Auth team.
bojeil-google
on 8 Jun 2017
Related issues
ee92
路
4Comments
cdharris
路
5Comments
mesqueeb
路
5Comments
deepfriedbrain
路
5Comments
mahsa2
路
4Comments
Most helpful comment
There are currently no plans to support that. You are better off using the dedicated Google sign-in library for that and then use the returned OAuth credential to sign in with signInWithCredential, etc. Regarding the refresh token being returned, I will relay your request to the Firebase Auth team.