Getting access to Google APIs for your users with Firebase Auth
--
How to authenticate users on your Firebase app and access google APIs on their behalf with OAuth 2 access tokens
Firebase Auth is pretty convenient as it allows you to effortlessly authenticate users with other identity providers such as Google.
In the Firebase docs, there is even an example showing you how to add additional scopes and retrieve an access_token to access various Google APIs.
If you’re trying to build an app that lets your users access their data with Google APIs, such as Drive, Calendar, or any of the other scopes listed here, you might think:
“Wow, that’s perfect! I can just use Firebase Auth to authenticate my users with Google, then save their access token to access these APIs whenever I want!”.
Sorry to crush your dreams, but that’s wrong. Unfortunately, the access token you get back is short-lived and will expire in an hour.
If you want your users to actually like your app, you may want to avoid asking them to re-authenticate every hour — one might say this wouldn’t constitute what we could refer to as a “good user experience”.
So, you cannot go with the built-in firebase signInWithPopup or signInWithRedirect options. You will have to build a custom sign-in flow, which is, as you have guessed, more complicated.
The thing is, to be able to refresh the access token after it has expired, you will need to use a refresh_token, and the default Firebase GoogleAuth flow will not give you that.
So you want to create a custom sign-in flow that will call Google APIs directly to get that coveted refresh token, and that will as a bonus return a custom authentication token that you will pass to Firebase auth to authenticate users on your app. Two birds one stone, yay!
