Sign In With OAuth2 Via Firebase Rest Api Getting Rejected
I'm trying to Sign in a user with OAuth2 via the firebase rest API, from google apps script. I'm using the apps-script-oauth2 library and have retrieved an access token with service.getAccessToken() (see getAccessToken docs).
However when I post to the auth endpoint with the following code:
var oAuthService= getOAuthService();
const createUserWithOAuthUrl = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=' + <API_KEY>
const accessToken = oAuthService.getAccessToken()
Logger.log(accessToken)
const requestUri = 'https://script.google.com/macros/d/' + SCRIPT_ID + '/usercallback'
const payload = JSON.stringify({"postBody": "access_token=" + accessToken + "&providerId=google.com","requestUri":requestUri,"returnIdpCredential":true,"returnSecureToken":true})
Logger.log(payload)
const result = UrlFetchApp.fetch(createUserWithOAuthUrl, {
method: 'post',
contentType: 'application/json',
muteHttpExceptions: true,
// headers: {
// Authorization: 'Bearer ' + accessToken
// },
payload : payload
});
I get this error:
"error": {
"code": 400,
"message": "INVALID_IDP_RESPONSE : Failed to fetch resource from https://www.googleapis.com/oauth2/v1/userinfo, http status: 401, http response: {\n \"error\": {\n \"code\": 401,\n \"message\": \"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.\",\n \"status\": \"UNAUTHENTICATED\"\n }\n}\n",
The OAuth process seems to go well as I go through the account selection/scopes review flow and get an authorized prompt.
I've followed the firebase rest auth api docs and it looks like the way I'm doing this is correct, so I'm confused why it's being rejected. Any thoughts? Is there some way I can test the validity of my access_token? I've console logged it and it certainly looks token like.
Answer
OK so I just figured it out, it had to do with scopes.
Basically during the firebase sign in with OAuth process an automated call to the https://www.googleapis.com/oauth2/v1/userinfo api is made. This requires the following scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
I suppose firebase wanted specific user details to add to the user account. Not sure why it complained about tokens instead of scopes, definitely threw me off there!
Related Questions
- → How can I query Firebase for an equalTo boolean parameter?
- → How can I access nested data in Firebase with React?
- → Firebase simple blog (confused with security rules)
- → Removing item in Firebase with React, re-render returns item undefined
- → AngularJS Unknown Provider Error (Firebase & AngularFire)
- → How do you pass top level component state down to Routes using react-router?
- → "this" is null in firebase query function in reactjs
- → Angular Module Failed to Load
- → Multiple dex files define Lcom/google/android/gms/internal/zzrx;
- → Joining Firebase tables in React
- → How can I make add firepad to my reactjs project?
- → How to use Cloud Functions for Firebase to prerender pages for SEO?
- → React.js component has null state?