CODEWITHSUNDEEP
phpoauthoauth-2.0google-oauth
Jonuux
Jonuux

Reputation: 531

Revoke Token OAuth 2 google api

I want to revoke Token to use it for longer time, my code begins with standart redirect -> getToken flow:

        $code = (array_key_exists('code', $_GET) ? $_GET['code'] : '');
        $access_token = json_decode(DB::getToken(), true);

        $guzzleClient = new \GuzzleHttp\Client(array( 'curl' => array( CURLOPT_SSL_VERIFYPEER => false, ), ));
        $this->client = new Google_Client();
        $this->client->setHttpClient($guzzleClient);
        $this->client->setAuthConfig('client_secret.json');
        $this->client->addScope("https://www.googleapis.com/auth/calendar");
        $this->client->setAccessType('offline');
        $this->client->setApprovalPrompt('force');
        $this->client->setAccessToken($access_token);

        if(!$code && !$access_token) {
            $auth_url = $this->client->createAuthUrl();
            header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
        }

        if($code && !$access_token) {
            $this->client->fetchAccessTokenWithAuthCode($code);
            $access_token = $this->client->getAccessToken();
            DB::saveToken($access_token);
        }

Right here I check if Access Token is expired, if yes I revoke token and expect to continue using it without problem:

        if($this->client->isAccessTokenExpired()) {
            $revoked = $this->client->revokeToken($access_token);
            if($revoked) {
                $access_token = $this->client->getAccessToken();
            }
        }

Though problem occurs and error I get Token expired or revoked error message.

What I'm doing wrong here ?

I expect after revoking, token to be valid again.

Upvotes: 1

Views: 2266

Answers (1)

Spomky-Labs
Spomky-Labs

Reputation: 16775

I expect after revoking, token to be valid again.

An expired or revoked access token cannot be used anymore. It is also useless to revoke an expired access token..

I see in your code that you ask for an offline access token. You should receive a refresh token. What you have to do is to use that refresh token o get a new access token. See that post for more information.

Upvotes: 2

Related Questions