I'm trying to fetch google api data within my firebase app.
After login using firebase.auth().signInWithPopup, i get accessToken and idToken.
What I'm trying to do is after sign in, redirect to another page and fetch album data from google photos api with accessToken.
Here is my code for sign-in
export const signInWithGoogle = async () => {
try {
const response: any = await auth.signInWithPopup(provider);
const { accessToken, idToken } = response.credential;
localStorage.setItem('accessToken', accessToken);
localStorage.setItem('idToken', idToken);
} catch(e) {
console.log(e)
}
}
and this is what I'm gonna do in redirected page
const onClick = async (e) => {
const accessToken = localStorage.getItem('accessToken');
const response = await fetch('https://photoslibrary.googleapis.com/v1/albums', {
headers: {
Authorization: `Bearer ${accessToken}`,
},
})
console.log(await response.json());
}
I actually get right data with above code but is it a good idea to store access token to local storage? If it's not safe, how do I get access token in redirected page? or what is suggested/best practice for requesting google api in client side?
