Using Google Drive access token from multiple devices

Question

Today - Users' Google Drive access tokens - which are obtained when a user authenticates the app - are kept in my backend, linked to the authenticated user. So when a user authenticates once from any platform - he will have the same Google Drive access from any other platform or device he uses, since the access token are kept in the backend.

We want to allow each client to use the Drive SDK in order to communicate directly with Google Drive services where it seems fit, requiring the clients hold and use the connected user's Drive access key.

We're looking for a way to give the user a "seamless" Drive connection.

Is there an alternative where the user will not have to authenticate my app per device? Can an access token be shared from one device to another?

--

EDIT : leaving refresh token out of the scope of the question - let's assume that when the token expires, the client would use my backend API to refresh the access token (so the Backend holds the refresh token)

P.S. - I asked similar question for the Dropbox service - Using Dropbox access token from multiple devices

Answer 1

Despite it not being a finite answer -

We eventually came to the conclusion that it's better for each device to hold its own auth tokens. And while it's technically possible to persist those in a backend - it raises a security risk and reduces user's control over his 'actual connected devices' through our app to the 3rd party provider.

We did figure that the user will have to 'grant permissions' only during his first usage, given that the same Google Drive application is used for in all platforms.