Google drive SDK refresh token identifier

Question

I have web server. Each clients are coming on server and they have access to their Google drive files.

I have written implementation of Google drive API but I have problems with tokens.

Question 1 When one person starts accessing to her Google drive, server needs a access token. Firstly she asks person if she really needs to access the document, and if person clicks "Allow Access" Server returns Access token and Refresh Token. Server Saves Refresh Token of current user.

Then if the same person comes again, Server sees her refresh token, and automatically generates a new access token. User does not have to click "Allow Access" again because we can generate Access Token using Refresh Token. is it correct? because Refresh token lives for ever if we don't revoke it by hand (I don't know how to revoke but I know that it lives forever if we don't do anything)

Question 2 if above is correct - how to save that Refresh token on server? In the other hand, I need identifier of user, don't I?. because if another person comes, I should generate her access token using her refresh token. and I should find if I have her refresh token in the DB. but How to see If I don't have any identifier?

I don't have any identifier of user on API: https://developers.google.com/drive/v2/reference/about#resource

Answer 1

1) that is correct, your app receives an access token and a refresh token the first time the user grants access to it. The access token is short-lived while the refresh token rarely expires, unless the user manually revokes it. When the user comes back to your app, if you have a stored refresh token, you can use it to retrieve an access token without any user interaction

2) you should use a permanent storage solution such as a database. The key should be the user ID retrieved from the User Info service.

For more details, check https://developers.google.com/drive/about-auth