7
votes

I am using Firebase to authenticate with GitHub, Twitter and Facebook and I know I can get the provider access token upon authenticating like so

firebase.auth().signInWithPopup(provider).then(function(result) {
  // This gives you a Facebook Access Token. You can use it to access the Facebook API.
  var token = result.credential.accessToken;
  // The signed-in user info.
  var user = result.user;
  // ...
}

However I redirect the user to a secure area after authenticating with React Router 4, in this secure area I need to retrieve the providers access tokens so I can access GitHub, Twitter and Facebook API (for Twitter I also need to get the "secret" string).

I can set an authentication state observer (below) in the secure area to get basic user details, even which providers the user has linked, however this does not give me the access tokens that I need to connect to the respective provider APIs

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    // User is signed in.
    var displayName = user.displayName;
    var providerData = user.providerData;
    // ...
  }

I should mention that I allow the user to link multiple auth providers so I need all of the access token (https://firebase.google.com/docs/auth/web/account-linking)

Thanks

1
Hey.. so is it possible to get provider specific accessToken from Firebase?iMDroid
@iMDroid yes you can get the access tokens, however only when the user authenticates (firebase.google.com/docs/auth/web/…). After the user is authenticated you cannot retrieve the access tokens. What I ended up doing was saving the access tokens to Firebase database then reading them whenever I need to connect to, lets say, Twitter API. Take a look at how I hande authentication here github.com/esausilva/profile-updater/blob/…esausilva
Okay.. Thanks for the help :)iMDroid

1 Answers

4
votes

Unfortunately, Firebase Auth does not manage OAuth access tokens for users. After OAuth sign in via popup/redirect, the access token is returned but no new access tokens will be returned afterwards. If you need this feature, you would need to use native SDKs for Facebook/Google, etc to sign in the user and then signInWithCredential with the OAuth credential to Firebase. Those SDKs will manage the OAuth tokens for you and update you with the new access tokens upon expiration. If you think this is an important feature that Firebase should support please make your case and file a feature request. You can use the Firebase forum: https://groups.google.com/forum/#!forum/firebase-talk or request this via Firebase official support channels.