Firebase管理员-获取Google OAuth令牌 [英] Firebase admin - get Google OAuth token

问题描述

我有一个Web应用程序，用户可以在其中使用sign in with Google.

I have a web application where users can sign in with Google.

在登录过程中，我添加了一个可以访问Google日历的范围.

To the sign-in process, I add a scope to be able to access Google Calendar.

现在用户已登录，我想-在服务器端-获取其当前的Google访问令牌，以便发出请求并获取其事件列表.

Now that the user is signed in, I would like to - in server-side - get their current Google access token in order to make a request and get a list of their events.

是否有一种方法可以获取当前的OAuth令牌(无需刷新令牌)，以便我在服务器端完全实现此目的?

Is there a way to get the current OAuth token (no need for refresh token) in order for me to make this completely on the server-side?

推荐答案

关于OAuth 2.0的一些知识

每当用户通过Google或第3方(Authorization Code)登录到您的应用/网站时，此授权码都会交换为AccessToken& RefreshToken.

A little about OAuth 2.0

Whenever a user signs up to your app/website via Google or 3rd Party, an Authorization Code, this Authorization Code is exchanged for an AccessToken & RefreshToken.

通过Google发送的AccessToken通常有效期为60分钟.

The AccessToken sent via Google are valid generally for 60 minutes.

我们将其分为两部分:

您可以将firebase和gapi一起使用来实现.将为您提供AccessToken，可以将其发送回服务器以添加到日历中.

You can use firebase along with gapi to achieve that. You'll be provided with the AccessToken that can be sent back to server to add to calendar.

有关实施的更多信息

Firebase& gapi的大多数方法都在内部处理AuthorizationCode流.他们甚至在60分钟后进一步刷新AccessToken.对于大多数开发人员而言，这是有益的，因为他们将不必担心管理所有令牌.

Firebase & gapi's most method handle the AuthorizationCode flow internally. They even further refresh the AccessToken after 60 minutes. This is beneficial for most developers as they won't have a headache of managing all the tokens.

此方法可隐藏RefreshToken& AuthorizationCode来自开发者.即使您的服务器具有访问令牌，它也无法刷新它，并且将被视为无用.

This method but, hides RefreshToken & AuthorizationCode from the developer. That is even if your server has the access token, it won't be able to refresh it and it would be deemed useless.

要实现完全脱机访问，在获取AuthorizationCode的初始请求中，您将需要发送HTTP GET参数

To achieve complete offline access, in the initial request to get AuthorizationCode you will need to send a HTTP GET parameter access_type to offline

GAPI为您提供了 grantOfflineAccess()方法，其中返回AuthorizationCode，以后可在服务器上使用该AuthorizationCode来获取访问令牌&刷新令牌.

GAPI provides you with grantOfflineAccess() method which returns the AuthorizationCode that can be later used on your server to fetch access token & refresh token.

注意:如果要在数据库中存储AuthorizationCode，请确保它是安全的.由于安全原因而设置了Firebase中的限制.通常不与AuthorizationCode对话会更安全.

Note: If you are storing AuthorizationCode in your database, make sure it is secure. The limitation in Firebase are set due to security reason. It is more secure to not talk with AuthorizationCode generally.

更多链接

• https://developers.google.com/identity/protocols/oauth2 /web-server
• https://developers.google.com/identity/sign-in /web/reference
• https://developers.google.com/identity /sign-in/web/server-side-flow
• https://developers.google.com/identity/sign -in/web/backend-auth
• 使用Firebase身份验证进行身份验证后获取Google Access令牌

• https://developers.google.com/identity/protocols/oauth2/web-server
• https://developers.google.com/identity/sign-in/web/reference
• https://developers.google.com/identity/sign-in/web/server-side-flow
• https://developers.google.com/identity/sign-in/web/backend-auth
• Retrieve Google Access Token after authenticated using Firebase Authentication

这篇关于Firebase管理员-获取Google OAuth令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！