google.cloud.firestore_v1.client.Client expires

Question

Using google.cloud.firestore_v1.client.Client to work with firebase database when intertacting with it after a while of non interaction i get :

google.api_core.exceptions.Unauthenticated: 401 Missing or invalid authentication.

Im using https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword and returnSecureToken = True, then using the response im creating Client as follows:

Client(project_id, Credentials(response['idToken'], response['refreshToken']))

what do i need to do in order to keep Client alive or refresh it when interacted after a lot of time it hasnt been interacted with so it wont throw that exception?

Answer 1

You can review the Authentication Overview, and depending on the Principal or identity you are using, you need to follow a certain process.

Google Cloud APIs use the OAuth 2.0 protocol for authenticating both user accounts and service accounts. The OAuth 2.0 authentication process determines both the principal and the application.

In this case, to Authenticate as an end user, (you can check the full documentation for more details and examples), and as stated in the Using OAuth 2.0 to Access Google APIs page, in the step 5, Refresh the access token, if necessary.

Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

To do this, you need to get the Signin with email Response Payload properties. Once your expiresIn time is done, you can use then the refreshToken value to pass it through the Exchange a refresh token for an ID token to get a new token ID.