Using Google APIs with google provider login

[Justin Bailey]

I've gotten login working with the user's google account and added the drive scope to the login request.

Now I can't figure how to actually interact with the drive api using the accessToken returned by firebase.

I'm attempting to upload a file to the user's drive account using $http()

function insertFile(fileData) {

  var boundary = '-------314159265358979323846';

  var delimiter = "\r\n--" + boundary + "\r\n";

  var close_delim = "\r\n--" + boundary + "--";

  var reader = new FileReader();

  reader.readAsBinaryString(fileData);

  reader.onload = function(e) {

    var contentType = fileData.type || 'application/octet-stream';

    var metadata = {

      'title': fileData.fileName,

      'mimeType': contentType

    };

    var base64Data = btoa(reader.result);

    var multipartRequestBody =

      delimiter +

      'Content-Type: application/json\r\n\r\n' +

      JSON.stringify(metadata) +

      delimiter +

      'Content-Type: ' + contentType + '\r\n' +

      'Content-Transfer-Encoding: base64\r\n' +

      '\r\n' +

      base64Data +

      close_delim;            

    $http({

      method: 'POST',

      url: 'https://www.googleapis.com/upload/drive/v2/files?uploadType=multipart',

      params: {uploadType: 'multipart'},

      data: multipartRequestBody,

      headers: {

        Authorization: 'Bearer ' + user.accessToken,

        "Content-Type": 'multipart/mixed; boundary="' + boundary + '"'

      }

    })

  }

}

'user' is the object returned by firebase simple login. I've verified that it contains an accessToken proporty via the console.
'fileData' is being passed as an argument after being obtained from the angular-file-upload module.

[Jacob Wenger]

Hey Justin,

I am not familiar with Google's drive API and answering questions regarding their API is outside the purview of Firebase support, but I can give you some advice. The access token returned from Simple Login can and should be used to access other Google APIs. There are a few gotchas though:

1. Google returns access tokens which expire after 1 hour. So if you are using a cached access token, it may no longer be valid. You will have to call login again via Firebase to get a new access token.
2. You probably need to make sure that the Drive API is enabled for your app in the Google Developers Console. Click on your project, then go to the "APIs & auth" section, and then make sure the "Drive API" is enabled.

If you still have questions, please tell us what error you are seeing so we know what went wrong. Are you getting a permissions denied error? Invalid request error? Some other error?

Good luck,

Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Justin Bailey]

It looks like my token had already expired by the time I got to testing the API call. I didn't have a logout button on my test page yet. oh well. 1 problem fixed.

By calling Firebase login again, do you mean the user must to be redirected to Google to sign back in every hour? Is there any way to get a refreshed token from firebase or would this require doing something on server side?

[Jacob Wenger]

Hi Justin,

I apologize for the extremely long time it took for me to get back to you. I had this email in my inbox and I just never responded to it. I hope you are still working on your Firebase project and have been able to figure out a workaround for this problem.

As for your question about logging in every hour, it does unfortunately mean sending them back to Google to login every hour. We know this is not ideal, but it should be relatively seamless if you use authWithOAuthRedirect() and the user is only logged into one Google account at a time. Otherwise, this will definitely be an annoyance for users.

I did some investigation into long-lived access tokens for all of our providers, including Google. Google only returns a one hour access token when you go through their login flow. We do also receive a refresh token the very first time a user logs in. This refresh token, along with the apps ID and secret, can be used to generate a new, one hour access token. You can continue to do this for as long as you want, always generating a new hour long access token. Since the request requires the app's ID and secret, it must be done from your own server, not from the client.

At this point, we do not return the refresh token to you as a developer. We discussed internally if this is something we want to return, and we have decided against it. The main selling point of our login feature is that you don't need to set up your own server to use it. However, in order to use the refresh token properly and securely, you would need to have your own server. By that point, you mind as well have done the whole OAuth process yourself. As a result, we do not have plans to send back the refresh token.

We have ideas in the longterm to potentially store access tokens for all users and providers and keep them up-to-date automatically for you, so you don't have to do any work. I don't know if this will actually happen or when it will land, but it is something we are considering. Keep tuned! 

Let me know if you have any followup questions. I'd be happy to discuss this further. I promise I'll be more responsive to your next email!

Jacob

[Justin Bailey]

Would it make sense if you added a method to request a refreshed provider token from Firebase as long as the Firebase auth token was still valid? It would remove any need to provide the refresh token directly.

My current work around to the problem is to have the user login again every 55ish minutes with a timeout method and the popup version of the redirect so that they aren't taken out of the app at least.

Justin

--
You received this message because you are subscribed to a topic in the Google Groups "Firebase Google Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebase-talk/wAcJFfQlFeg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebase-tal...@googlegroups.com.

[Jacob Wenger]

Hey Justin,

I think that kind of API is a bit clunky and only really makes sense in the context of the Google provider, not the other ones. As I said, we do plan to address this exact issue in the future, but we want it to be a complete solution, not a patchwork one. For the time being, you will have to either implement the OAuth flow yourself or go with the workaround that you are currently using.

Sorry that I don't have a better answer for the time being.

Jacob