Reputation: 7037
Google idToken Refresh
I'm using Node google-auth-library package to verify idToken at my API server according to Google:
await googlelib.verifyIdToken(
{
idToken: myToken,
audience: myGoogleClientID,
},
(e, pass) => {...}
Because idToken expires in one hour, will be cumbersome to have users log in hourly. I've searched the documents, class OAuth2Client has refreshAccessToken() no refreshIdToken(). How to refresh an expired idToken()?
Note, the only Google APIs I'm using is the Authentication.
Upvotes: 0
Views: 867
Answers (2)
Reputation: 191
It sounds like you require offline access. You can use the one-time code to exchange it for a refresh token that can be used anytime.
$('#signinButton').click(function() {
auth2.grantOfflineAccess().then(signInCallback);
});
In the response, you will have a JSON object with an authorization code:
{"code":"4/yU4cQZTMnnMtetyFcIWNItG32eKxxxgXXX-Z4yyJJJo.4qHskT-UtugceFc0ZRONyF4z7U4UmAI"}
This one-time should be done in the back-end and you should persist the refresh token.
You should use google-auth-library to complete this workflow in the back-end. For this, you'll use the authentication code to get a refresh token. However, as this is an offline workflow, you also need to verify the integrity of the provided code as the documentation explains:
const { OAuth2Client } = require('google-auth-library');
/**
* Create a new OAuth2Client, and go through the OAuth2 content
* workflow. Return the refresh token.
*/
function getRefreshToken(code, scope) {
return new Promise((resolve, reject) => {
// Create an oAuth client to authorize the API call. Secrets should be
// downloaded from the Google Developers Console.
const oAuth2Client = new OAuth2Client(
YOUR_CLIENT_ID,
YOUR_CLIENT_SECRET,
YOUR_REDIRECT_URL
);
// Generate the url that will be used for the consent dialog.
await oAuth2Client.generateAuthUrl({
access_type: 'offline',
scope,
});
// Verify the integrity of the idToken through the authentication
// code and use the user information contained in the token
const { tokens } = await client.getToken(code);
const ticket = await client.verifyIdToken({
idToken: tokens.id_token!,
audience: keys.web.client_secret,
});
idInfo = ticket.getPayload();
return tokens.refresh_token;
})
}
With this refresh token, you can create a Google API's client with the googleapis library anytime.
Take a look at my gist to review the workflow.
Upvotes: 2
Reputation: 7037
After hours of research, believe the solution is simply manage our own session.
Upvotes: 0
Related Questions
- Google OAuth2 API Refresh Tokens
- NodeJs Google API oauth2client refresh_token used too late googleapi
- NodeJS, How to get new token with refresh token using google api?
- Getting error on using refreshToken for googleAPI to get new access token
- can't get refresh token for google api. Node js
- Refresh token of google api do not work properly in nodejs
- Using google oauth2 node library, can't get new access token with refresh token
- Google Authentication Token return doesn't contain refresh_token
- Nodejs Google OAuth API refreshaccesstoken()
- how to use the refreshAccessToken method to generate a new accesstoken in google-api-nodejs-client