Reputation: 167
How to refresh Google Service account which expires after 1 hour?
I am using Google Drive API(C#) with service account as mentioned in
https://developers.google.com/drive/delegation
I am able to work with DriveService object, but after 1 hr, it errors out with exception: "The remote server returned an error: (401) Unauthorized."
I know, by setting "access_type" to "offline" we could solve this problem, but I am not able to set this property for DriveService object.
Does anyone know how to refresh this Google Drive Service object?
Thanks in advance
Upvotes: 1
Views: 4788
Answers (2)
Reputation: 2457
Service accounts come with a private key - and that's their moral equivalent/superset of the refresh token that is returned as a result of a user-driven consent flow.
When a user consents to offline access (via a web server or similar OAuth flow) a refresh token is returned that can be swapped (along with the client secret) at any time for an access token.
In the same manner a service account private key can be used to sign an assertion that can also be swapped for an access token - that's useful for cases where no user is present to accept a consent screen, or where you are performing work on behalf of other users in your organization.
Once you get an access token it is treated in the same way - and is expected to expire after 1 hour, at which time a new access token will need to be requested, which for a service account means creating and signing a new assertion.
Generally noticing that the access token is expired and requesting a new one is taken care of for you by the Google client libraries - although I'm not familiar with the C# version. If you could share your code that creates the DriveService object that would be helpful.
Upvotes: 3
Reputation: 6800
When you set offline access mode, your app gets a refresh token when the user logs in for the first time.
access_type :: Indicates if your application needs to access a Google API when the user is not present at the browser. This parameter defaults to online. If your application needs to refresh access tokens when the user is not present at the browser, then use offline. This will result in your application obtaining a refresh token the first time your application exchanges an authorization code for a user.
You later use this refresh token to obtain a new access token, once the current access token expires. Basically, your app would then hit the token exchange endpoint (POST to https://accounts.google.com/o/oauth2/token) with the refresh token and your client credentials - google with then issue a (refresh token + access token) pair to you.
See this link for further clarification.
EDIT -
I checked the Service Account documentation and found a sample C# app that fetches and uses refresh tokens too. See it here.
I hope this one helps.
Upvotes: 1
Related Questions
- Google Identity Services : How to refresh access_token for Google API after one hour?
- Google Oauth "Service Account", how to refresh token?
- GoogleDrive 7 days refresh token
- When does Refresh Token expires for Google Drive API?
- GoogleAPI oauth2 refresh token expires in 1 hour
- Google OAuth2 refresh expires & does not renew
- Google Refresh Tokens Lifetime
- google drive api access token expires in ~12h even when i use refresh token
- Google Oauth refresh Token
- How to refresh Token in GoogleCredential