S
Supabase2mo ago
bryan

Interacting with Google Cloud APIs

After signing the user in, I have an additional "Register Gmail" function. I want to configure my server code (Edge Runtime) to retrieve, store, and automatically refresh a server managed access and refresh token, so that it can interact with Google Cloud APIs using the user's credentials. Can I use Supabase Auth for this, or will I have to implement my own PKCE flow manually with a separate client ID?
5 Replies
garyaustin
garyaustin2mo ago
Supabase will return on any sign up or in with Oauth the provider token and refresh token. It is only stored in the session info until the first refresh of the Supabase JWT. It is up to you to store it and then properly refresh or handle access after that. See the scopes and provider token here https://supabase.com/docs/reference/javascript/auth-signinwithotp and the note section.
JavaScript: Sign in a user through OTP | Supabase Docs
Supabase API reference for JavaScript: Sign in a user through OTP
bryan
bryanOP2mo ago
What I understand then is that I can skip re implementing the authentication flow and just manage the refresh myself?
garyaustin
garyaustin2mo ago
If the provider has a refresh token, then that is my understanding. But that is up to you to deal with process (and storage) of provider tokens as needed.
bryan
bryanOP2mo ago
@garyaustin How do I check which scopes were granted? Based on this: https://developers.google.com/identity/protocols/oauth2/native-app#check-granted-scopes, Google should return a "scope" field on the response. But since I'm delegating it through Supabase, there's no clear indication on how I can access that field
garyaustin
garyaustin2mo ago
Sorry not something I've used. If not clear from docs, or your testing, then start a new topic on just that and see if a user who has done this has advice.

Did you find this page helpful?