Use Firebase callablle function context auth with other Google APIs

0
votes

I have a callable function in which I want to access the Sheets API, but not with the service account, I want to impersonate the user. The problem is that I don't want to send the client an authorization URL. The user has already signed into the firebase app with google on the client-side and has consented permission to all the scopes I need (including the Sheets API scope), so I was wondering if it's possible to use the auth object in the context parameter of a callable function to authenticate with other APIs on behalf of the user.

function exportSpreadsheets(data, context)
{
    const {google} = require('googleapis');

    //How do I create an OAuth2 object I can use to access the API
    //without having to send the user an authentication link?
    //Maybe using the data in context.auth.token?
    const auth = new google.auth.OAuth2();

    const sheets = google.sheets({version: 'v4', auth});

    sheets.spreadsheets.create()
    .then(x =>
    {
        console.log(x);
    });
}

I tried the above code and it doesn't work. I'm struggling a bit to understand all the OAuth2 process.

Thanks!

1
firebasefirebase-authenticationgoogle-cloud-functionsgoogle-sheets-api
You want that the automated update are "attach" to the user and not a generic service account. Am I correct? But why? In any case, if you do thing on behalf the user, it has to be agree and thus to provide you an explicit consent on this.guillaume blaquiere
I want to make the request on behalf of the user so that the created spreadsheet gets stored on the user's account (google drive). If I use the service account the spreadsheet will go to the service account's drive. But I don't want to ask permission to the user again, since on the client-side (on the browser) I've already asked for permission on those scopes.ItsaMeTuni

1 Answers

0
votes

I figured it out! The correct way to do this is to send the client's access token as a parameter to the function and use it to access the API on behalf of the user. Like this:

function exportSpreadsheet(data, context)
{
    const oauth = new google.auth.OAuth2({
        clientId: '<your-apps-client-id>',
        clientSecret: '<your-apps-client-secret>',
    });
    oauth.setCredentials(data);
    const sheets = google.sheets({version: 'v4', auth: oauth});

    //Use the API

Also, you have to send the provider's access token (which in this case is Google), not Firebase's access token.