How many times can I use a refresh token obtained from google api

Question

I have developed a rails application that allows a user to login using their google account and then the application fetches the emails and parses them for information.

All this works fine, but I am facing issues with access token become invalid, hence I have been looking into refreshing the token. I found some code at: https://stackoverflow.com/a/14491560/718087

With this code I have been able to get a new access token that works. But I have a few questions:

1. How many times can I use the same refresh token I got the first time? or do I need update my refresh token as well, each time I get a new access token? note: application is setup with offline access.

2. Do I need to refresh the token before it expires or it will still return to me a valid token after the old access token has expired? This will allow me to decide an approach as to when I should refresh the tokens - a: right before fetching the emails, b: automatically before the token expires via delayed jobs or something (this would add quite a overhead though)

I have gone through the api docs but could not find answer to my these specific questions. Please excuse my overly detailed queries.

Thanks, Aditya

Answer 1

In answer to your question: "Do I need to refresh the token before it expires or it will still return to me a valid token after the old access token has expired?"

I have a rails app, and I check for expiration & refresh token existence:

if client.authorization.expired? && client.authorization.refresh_token
 #then I refresh here...

So the answer is, Yes you can (and probably should) wait until your access token expires, and then refresh it.

Answer 2

Refresh tokens never expire, unless revoked by the user. You should store it safely and permanently. You should definitely not go back and get new refresh tokens over and over, because only a certain number can be understanding per user/app combination, and eventually the older ones will stop working.