Need to enable server side access for IOS app

Question

Currently when an iOS App is created for Google auth., it generates only a Client-ID.

At iOS-end I am using the Client-IDs of both the apps(IOS and WEb) to authenticate the user and generate the refresh token.

According to the documentation of Google,the access token generated is short lived. So whenever we need to re-generate access token of a user, at Server-end we use the client-id and client-secret of Web-app.

But, whenever I am trying to generate a new access token with the refresh token, client-id(web app) and client-secret(web-app), it gives "unauthorized client" error which means that the refresh token is not in Sync with the Client-ID and Client-Secret.

Please let me know the combination of client-id and client-secret that I should use at the server end to re-generate access_token of the user. Also, Can anyone can guide me on steps to generate the iOS app and the web app which can be used to generate the refresh token while authenticating the user.

Answer 1

The refresh token is limited to a particular client/app. Your iOS and web apps have different client IDs, so the refresh token from one cannot be used by the other.

On the iOS client side, only the client ID and the refresh token (that was initially given to the same client) are needed to get a new access token (for the same iOS client). There is no client secret for iOS client. If you use Google Sign-In iOS SDK, this is handled automatically for you.

If you would like your client side to convey the sign-in user to your backend server, see https://developers.google.com/identity/sign-in/ios/backend-auth .

If your backend server also need an access token itself, set up server-side access as in: https://developers.google.com/identity/sign-in/ios/offline-access