Authenticate with signInWithCredential()

Question

I'm trying to connect to the second Firebase app and authenticate with signInWithCredential(), but I don't know how to get valid idToken for the second app:

  connect(accessToken: string, config: FirebaseAppConfig) {
    let one: firebase.app.App = this.angularFireTwo.database["fbApp"];
    one.auth().currentUser.getToken()
      .then(idToken => firebase.auth.GoogleAuthProvider.credential(idToken, accessToken))
      .then(credential => {
        let two = firebase.initializeApp(config, `[${config.apiKey}]`);
        return two.auth().signInWithCredential(credential);
      })
      .catch(console.warn)
      .then(console.info);
  }

I'm getting and error from https://www.googleapis.com/identitytoolkit/v3/:

Invalid id_token in IdP response

If I use signInWithPopup() I can authenticate and connection is working:

        two.auth().signInWithPopup(new firebase.auth.GoogleAuthProvider())

Anyone knows what should I do to get valid idToken?

UPDATE:

I've been trying to figure out authentication process and, as far I understand it , it's something like this:

from config: FirebaseAppConfig firebase reads apiKey and authDomain
it contacts the servers and gets Web Client ID for enabled Google provider 123.apps.googleusercontent.com
with this Web Client ID and authDomain it contacts www.googleapis.com, which returns idToken
this idToken is then used to identify the app that's asking user for permission to access user's profile, etc.
when user agrees, callback returns user details + credential used for this authentication, which contains idToken of the web app and accessToken of the user

Now, if I use signInWithPopup() steps 2-3-4 are done in the background (popup window). I just need a way to generate idToken for the step 4, so I can use it to generate credential firebase.auth.GoogleAuthProvider.credential(idToken, accessToken) and sign-in using signInWithCredential().

I have access to everything I need to sign-in to the second app - it's; apiKey, authDomain, Web Client id 456.apps.googleusercontent.com, and user's unique accessToken.

But still can't figure out how to do it. I tried white-listing apps' one and two Web client IDs in their auth configurations, hoping that will allow them to accept each others idTokens, but that didn't work...

bojeil · Accepted Answer · 2016-10-20T18:58:58.043

9

When you call: firebase.auth.GoogleAuthProvider.credential(idToken, accessToken))

The first parameter should be a Google OAuth Id token. You are using the Firebase Id token and that is why you getting the error. Besides, if you are already logged in, why are you logging in again with signInWithCredential?

If you need to sign in with a Google credential you need either a Google OAuth Id token or a Google OAuth access token.

To duplicate Firebase OAuth sign-in state from one app to another, you get the credential from signInWithPopup result and use it to signInWithCredential in the second instance.

two.auth().signInWithPopup(new firebase.auth.GoogleAuthProvider()) .then(function(result) { return one.auth().signInWithCredential(result.credential); });

edited Oct 20 '16 at 18:58

answered Oct 17 '16 at 02:41

bojeil

29,642
4
69
76

As I said: I'm trying to connect to the second Firebase app and log in there from the first one I'm already logged into... How do I get those tokens you mention? Are they persistent or do I have to generate them somehow? – Sasxa Oct 17 '16 at 08:22
You get the credential from signInWithPopup result and use it to signInWithCredential in the second instance. two.auth().signInWithPopup(new firebase.auth.GoogleAuthProvider()).then(function(result) {return one.auth().signInWithCredential(result.credential);}); – bojeil Oct 18 '16 at 17:38
That's what I'm doing essentially, you just reversed apps. I'm logged into app **one** and trying to sign in with ***two***. Anyway, `idToken` (or credential, since: idToken + accessToken = creadential) I get from `signinWithPopup()` is the same I get from `angularfire2.login()` ([login is just a wrapper](https://github.com/angular/angularfire2/blob/master/src/auth/firebase_sdk_auth_backend.ts#L82-L88)) or in my code above `one.auth().currentUser.getToken()` - they all return same `idToken` for the *main app* that I'm already signed in, and I can't use that token to sign in with *second app*. – Sasxa Oct 18 '16 at 18:18
Actually, they're not the same... I'll investigate more (: – Sasxa Oct 18 '16 at 18:25
OK, finally got it to work. You were right, after `login()` or `signinWithPopup()`, I get valid `accessToken` and `idToken`, and they are not persistent, they change with each session. They are only available right after signin, every refresh after that will authenticate user (until session expires) and will NOT return credential. So all I had to do is save them when user signs in, and reuse them when connecting to the second app. – Sasxa Oct 18 '16 at 19:39
If you can update your answer for others, would be nice (; – Sasxa Oct 18 '16 at 19:41
I added my comments to the original answer. – bojeil Oct 20 '16 at 18:59

Authenticate with signInWithCredential()

1 Answers1