Google Javascript API: What happen after access token expire?

Question

I have a client-side web app (no backend) that uses Google Javascript API. I have an issue regarding the access-token that I got after the login is successful.

From the callback, we can see that the access-token is set to expire in 1 hour.

expires_in: "3600"

Question is, how can I "get a new token"? From the documentation, I'm under the impression that after the token is invalid, we have to (and I quote) perform a new re-authorization flow with immediate set to true to get an up-to-date access token.

Source: https://developers.google.com/+/web/api/javascript

However, when I tried to call again the auth method:

gapi.auth.authorize(parameters, callback)

I got the token object, but there's no access-token inside.

{
    client_id: "{my_client_id}.apps.googleusercontent.com"
    cookie_policy: undefined
    expires_at: "1370371466"
    expires_in: "86400"
    g_user_cookie_policy: undefined
    issued_at: "1370285066"
    response_type: "token"
    scope: "https://www.googleapis.com/auth/plus.login https://gdata.youtube.com"
}

Am I missing something? How do we usually get a refreshed token after one expired?

Answer 1

On client side, access token is temporary. This is by default online access to user resources. In order to get access tokens again, you need to redirect user for permissions again.

In the OAuth protocol, your app requests authorization to access resources which are identified by scopes, and assuming the user is authenticated and approves, your app receives short-lived access tokens which let it access those resources, and (optionally or more precisely on server side) refresh tokens to allow long-term access.

for server side apps and for offline access of user resource you need to have refresh token Refer to: Google Analytics API Automated Login

Also read: https://developers.google.com/accounts/docs/OAuth2WebServer

https://developers.google.com/accounts/docs/OAuth2UserAgent