使用 Firebase Auth 访问 Google Calendar API [英] Using Firebase Auth to access the Google Calendar API

问题描述

我正在使用 AngularJS、Firebase (SDK v3) 和 Google Calendar API 构建网络应用程序.我正在使用 Google OAuth 对用户进行身份验证.我的目的是能够从 Firebase 中的数据库节点创建日历事件.到目前为止，我已经设法通过以下方式请求访问日历范围:

I am building a web application using AngularJS, Firebase (SDK v3) and Google Calendar API. I'm authenticating users using Google OAuth. My purpose is to be able to create calendar events from database nodes in Firebase. So far I've managed to request access to the calendar scope with:

_authProvider = new firebase.auth.GoogleAuthProvider();
// Get permission to manage Calendar
_authProvider.addScope("https://www.googleapis.com/auth/calendar");
_fbAuthObject.signInWithRedirect(_authProvider);

我正在使用重定向流进行身份验证，因此身份验证重定向可用作:

I'm authenticating with the redirect flow so the authentication redirect is available as:

_fbAuthObject.getRedirectResult()
    .then(function _readToken(result) {
      if (result.credential) {
        _googleToken = result.credential.accessToken;
        var authHeader = 'Bearer '+ _googleToken;

        // Just a test call to the api, returns 200 OK 
        $http({
          method: 'GET',
          headers: {
            'Authorization': authHeader
          },
          url: 'https://www.googleapis.com/calendar/v3/users/me/calendarList/primary'
        })
          .then(function success(response) {
            console.log('Cal response', response);
          },
          function error(response) {
            console.log('Error', response);
          });

但是，在初始登录之外，似乎无法通过 Firebase SDK 获取 Google 访问令牌.似乎只能访问 Firebase JWT 令牌，不能与 Calendar API 一起使用.我可以存储访问令牌，但这不会解决刷新令牌等时的问题.对用户进行两次身份验证?

However, it seems like outside the initial login it's not possible to get the Google access token through the Firebase SDK. It seems only possible to access the Firebase JWT token, no use with the Calendar API. I could store the access token, but this wouldn't resolve the problems when refreshing the token, etc. Is there any way to get the current Google Access token with Firebase SDK and if not, what other solutions is there to the problem without having to authenticate the user twice?

更新 1:

似乎其他人在 Facebook 身份验证方面遇到了类似问题.在这个问题上有一个链接到 Firebase 文档，说明 Firebase 身份验证不再保留访问令牌.那么我该如何处理令牌刷新呢?这个真的没有答案吗?

Seems like someone else has struggled with similar problems with Facebook authentication. On that question there was a link to the Firebase documentation stating that Firebase Authentication no longer persists the access token. So how can I handle token refreshes? Is there really no answer to this?

更新 2:

因此，我联系了 Firebase 支持并提出了有关此问题的功能请求，他们给了我以下答复:

So, I contacted Firebase Support with a feature request about this problem and they gave me the following answer:

感谢您抽出宝贵时间给我们写信.

Thanks for taking your time to write us.

我明白你的意思，这确实是一个很好的建议.我们非常清楚，许多用户(例如您自己)都希望 OAuth 功能能够在刷新时访问令牌.我们正在探索潜在的解决方案，但我不能保证这是否会很快可用.不过，我们会继续考虑您的反馈意见.持续改进对我们的社区非常重要，因此感谢您提出这一点！

I've got your point here, this is indeed a good suggestion. We're definitely aware that many users, such as yourself, would like OAuth feature that will access token upon refresh. We're exploring potential solutions, but I cannot guarantee if this will be available anytime soon. We'll keep your feedback in consideration moving forward though. Continuous improvement is very important for our community, so thanks for bringing this up!

请密切关注我们的发行说明以获取任何进一步更新.

Keep an eye out on our release notes for any further updates.

因此，目前似乎无法通过 Firebase SDK 获得访问令牌.我仍在努力寻找解决方法，因此如果有人对有效解决方案有任何想法，我会很高兴听到他们的想法.当然，如果我自己找到可行的解决方案，我会在这里发布.

So It seems like the access tokens are not available through the Firebase SDK at the moment. I'm still trying to find a workaround, so if anyone has ideas about a valid solution I'd be glad to hear them. And of course, I'll be posting it here if I ever find a working solution myself.

推荐答案

我终于通过使用 Google APIs JavaScript 客户端处理 Firebase 之外的身份验证解决了这个问题.此解决方案需要将 Google 身份验证客户端包含为 此处记录.手动处理 Firebase 登录流程记录在 此处.

I finally got around this problem by handling the authentication outside Firebase with the Google APIs JavaScript client. This solution requires including the Google auth client as documented here. Manually handling the Firebase sign-in flow is documented here.

gapi.auth2.getAuthInstance().signIn()
    .then(function _firebaseSignIn(googleUser) {
      var unsubscribe = firebase.auth().onAuthStateChanged(function(firebaseUser) {
        unsubscribe();
        // Check if we are already signed-in Firebase with the correct user.
        if (!_isUserEqual(googleUser, firebaseUser)) {
          // Build Firebase credential with the Google ID token.
          var credential = firebase.auth.GoogleAuthProvider.credential(
            googleUser.getAuthResponse().id_token);

          // Sign in with credential from the Google user.
          return firebase.auth().signInWithCredential(credential)
            .then(function(result) {
              // other stuff...
            });

_isUserEqual 函数:

The _isUserEqual function:

function _isUserEqual(googleUser, firebaseUser) {
  if (firebaseUser) {
    var providerData = firebaseUser.providerData;
    for (var i = 0; i < providerData.length; i++) {
      if (providerData[i].providerId === firebase.auth.GoogleAuthProvider.PROVIDER_ID &&
        providerData[i].uid === googleUser.getBasicProfile().getId()) {
        // We don't need to reauth the Firebase connection.
        return true;
      }
    }
  }
  return false;
}

现在我可以像这样引用访问令牌:

Now I can reference the access token like this:

var user = gapi.auth2.getAuthInstance().currentUser.get();
return user.getAuthResponse().access_token;

这对我来说仍然不是理想的解决方案，但它目前有效，而且我能够对 Firebase 和 Calendar API 进行身份验证.

This still isn't the ideal solution for me, but it works for now, and I'm able to authenticate to both Firebase and the Calendar API.

这篇关于使用 Firebase Auth 访问 Google Calendar API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！