I ran into an probably, to some users, confusing issue:
I'm using in my application Firebase to store the users data etc. and to have the user's data protected I use the build in Google Authentication. I recognized that I can define scopes at this signIn process, which the user can/should allow, but I although noticed that you can't ask for ALL of the Google Scopes/Services, (all with Firebase built in functionality)
so I have to use the Google JS Library as well for authentication, to access the rest of the User data (I want to show the user in my Web-App) stored on Google.
And maybe it could be kind of confusing if the Google signin popup shows twice, one auth to Firebase and another auth to Google API's.
My question is, Is there a way to, maybe hand over the access_token at the Firebase signin process (or vice versa), that I don't have the user signin twice and the Google popup shows up only once?
You can call authWithOAuthToken with the token you get back from Google auth: See https://www.firebase.com/docs/web/api/firebase/authwithoauthtoken.html. From there:
This method accepts either a single string argument for OAuth credentials (such as an OAuth 2.0 bearer access token) or an object (such as a set of OAuth 1.0a credentials). Logging in with Facebook, GitHub, and Google with an OAuth token requires just a string access token:
// Authenticate with Facebook using an existing OAuth 2.0 access token
var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.authWithOAuthToken("facebook", "<ACCESS-TOKEN>", function(error, authData) {
if (error) {
console.log("Login Failed!", error);
} else {
console.log("Authenticated successfully with payload:", authData);
}
});
The sample from the docs uses facebook, but the same applies to Google tokens.