Reputation: 4118
Handle Google api calendar removed access
I am using this googleapis nodejs client for calendar, and everything works perfect except that if I remove access from google account security settings, calendar is still connected. Is there any method to check for removed access from google account? How to handle those cases?
Upvotes: 2
Views: 533
Answers (1)
Reputation: 117176
When a user runs your application the first time they are presented with a consent form. Which asks them to grant permission for your application to access their Google calendar data. From this point on when ever your application runs the user may have to login again but they will not have to grant your application permission. If you have a refresh token you will be able to use that when ever you like to request a new access token. the access token will be valid for one hour.
Now if you request a new access Token as stated its valid for one hour. This is true even if the user goes to Google Account security for their account and removes the consent for an application access their data.
Your still going to be able to access their data while any access tokens you have currently are valid. If the user tries to use your application again they will have to consent permission. If you try to use the refresh token it will no longer work.
Access tokens work for one hour they are not reauthorized during that time its assumed that they are valid. (This may in fact depend upon the scope and API in question and how googles policy server works.)
access token are designed to be self contained permission systems. As long as you have an access token for the correct scope most apis assume that you have access. However in the event this method is accessing critical data then they may have a policy server setup. This server could be doing an extra check on an access token to ensure that the user still has access even though they have a valid access token. However doing this can be very time consuming and resource heavy as reevaluating every call to ensure that the user still has access. It kind of defeats the purpose of having access tokens that are valid for an hour in the first place.
Upvotes: 1
Related Questions
- Calendar API v3 - Handling Deleted Events For One-Way Sync
- Deleting events in Google Calander API
- Google Calendar - Permission to Access
- Google OAuth, handle a revoked authorization
- nodejs client for google resource calendar APIs
- Google Calendar API V3 Delete API
- How to handle Google API access_token expired without using google-api-nodejs-client?
- Google Calendar API Nodejs - Service Account - Delegation
- Google Calendar feed api deleted events
- Ongoing Access to Google Calendar API