Interacting with Google Cloud APIs
After signing the user in, I have an additional "Register Gmail" function.
I want to configure my server code (Edge Runtime) to retrieve, store, and automatically refresh a server managed access and refresh token, so that it can interact with Google Cloud APIs using the user's credentials.
Can I use Supabase Auth for this, or will I have to implement my own PKCE flow manually with a separate client ID?
5 Replies
Supabase will return on any sign up or in with Oauth the provider token and refresh token. It is only stored in the session info until the first refresh of the Supabase JWT. It is up to you to store it and then properly refresh or handle access after that.
See the scopes and provider token here https://supabase.com/docs/reference/javascript/auth-signinwithotp and the note section.
JavaScript: Sign in a user through OTP | Supabase Docs
Supabase API reference for JavaScript: Sign in a user through OTP
What I understand then is that I can skip re implementing the authentication flow and just manage the refresh myself?
If the provider has a refresh token, then that is my understanding.
But that is up to you to deal with process (and storage) of provider tokens as needed.
@garyaustin How do I check which scopes were granted?
Based on this: https://developers.google.com/identity/protocols/oauth2/native-app#check-granted-scopes, Google should return a "scope" field on the response.
But since I'm delegating it through Supabase, there's no clear indication on how I can access that field
Google for Developers
OAuth 2.0 for iOS & Desktop Apps | Google for Developers
Sorry not something I've used. If not clear from docs, or your testing, then start a new topic on just that and see if a user who has done this has advice.