2

I am using google_sign_in_web 0.10.2 https://pub.dev/packages/google_sign_in_web and following the posted example

Here is some of the relevant code:

GoogleSignIn _googleSignIn = GoogleSignIn(
  scopes: [
    'email',
    'https://www.googleapis.com/auth/contacts.readonly',
  ],
);


  @override
  void initState() {
    super.initState();
            _googleSignIn.onCurrentUserChanged.listen((GoogleSignInAccount? account) {
          setState(() {
            _currentUser = account;
          });
          if (_currentUser != null) {
            _handleGetContact(_currentUser!);
          }
        });
        _googleSignIn.signInSilently();
      }

I can't find a method to exchange the authorization code for refresh and access tokens

Edit: Ok, I found the access token:

Once you have the _currentUser as above you do

final authentication = await _currentUser.authentication;

print(authentication.accessToken);

I still need the refresh token

user3808307
  • 2,270
  • 9
  • 45
  • 99
  • Seems that the refresh token is not available through Google sign in: https://github.com/firebase/flutterfire/issues/1079. – user18309290 Sep 04 '22 at 18:05
  • possible Duplicate https://stackoverflow.com/q/62230448/1841839 – Linda Lawton - DaImTo Sep 05 '22 at 10:49
  • @DaImTo the answer does not say how get the refresh_token, only posts an alternative. To me that is no good, I need the refresh_token explicitly – user3808307 Sep 05 '22 at 12:59
  • 1
    Signin is authentication it contains an id token and an access token. Oauth2 is authorization and gets you an access token and a refresh token. If you want access to the users google contacts then you need to use oauth2 to request authorization, not signin. – Linda Lawton - DaImTo Sep 05 '22 at 13:33
  • @DaImTo can you tell me the technical difference between one and the other? – user3808307 Sep 05 '22 at 22:26
  • 1
    Openid Connect or Signin or authorization, proves that a user is the one behind the machine. A user had to have logged in to result in an id token you will only have access to the users profile information. Oauth2 is how we request authorization for our applications to access private user data. you are given an access token which grants your application access to the users data for a limited time. There is no way to know the calls are coming from the user and not something automated in your application. The refresh token can also be given which will allow your app to access the data – Linda Lawton - DaImTo Sep 06 '22 at 06:56
  • 1
    Authentication, User is present and signs in. Authorization grants an application access to a users data, no user need be present when the application accesses the data. – Linda Lawton - DaImTo Sep 06 '22 at 06:59

1 Answers1

0

GoogleSignIn provides the idToken beside the accessToken.

final GoogleSignInAuthentication googleSignInAuthentication =
        await googleSignInAccount.authentication;

googleSignInAuthentication.accessToken
googleSignInAuthentication.idToken

Please refer to this answer https://stackoverflow.com/a/62230577/14729495

Franz
  • 600
  • 1
  • 4
  • 12