Gmail API: permanent token access

Question

After many researches I can now retrieve my Gmail inbox with my PHP code. Now I want to know if it's possible to get a permanent token access for the API without being forced to log in with OAuth.

I'm making a small application that would retrieve 3 different Gmail inboxes and people who would work with my app won't waste their time authorizing my Gmail app to the different inboxes.

I mean, is there a way to avoid authorizing each time I try to retrieve my Gmail inbox like a permanent token access I'll get just once then store it into my database?

Thanks for your help.

Answer 1

No such thing as permanent token, but there's refresh token:

Handling authorization requests

Exchange the authorization code for an access token

The authorization code is a one-time code that your server can exchange for an access token. This access token is passed to the Gmail API to grant your application access to user data for a limited time.

If your application requires offline access, the first time your app exchanges the authorization code, it also receives a refresh token that it uses to receive a new access token after a previous token has expired. Your application stores this refresh token (generally in a database on your server) for later use.

Important: Always store user refresh tokens. If your application needs a new refresh token it must send a request with the approval_prompt query parameter set to force. This will cause the user to see a dialog to grant permission to your application again.

Here's a snippet from the Gmail API Quickstart

// Refresh the token if it's expired.
  if ($client->isAccessTokenExpired()) {
    $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
    file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
  }