Reputation: 8687
Do I need to refresh Google access token after a specific amount of time?
I'm using Google calendar nodejs api to create a calendar invite for an app that connects doctors with patients. Here's my code:
const defer = Q.defer();
oauth2Client.setCredentials({
refresh_token: options.refreshToken,
});
let calendar = google.calendar({
version: "v3",
auth: oauth2Client,
});
calendar.events.insert(
{
auth: oauth2Client,
singleEvents: true,
calendarId: "primary",
resource: {
start: {
dateTime: new Date(options.startDate),
timeZone: "utc",
},
end: {
dateTime: new Date(options.endDate),
timeZone: "utc",
},
attendees: [
{
email: options.user.email,
},
{
email: options.mentor.email,
},
],
reminders: {
useDefault: false,
overrides: [
{
method: "email",
minutes: 15,
},
{
method: "email",
minutes: 60,
},
{
method: "popup",
minutes: 10,
},
]
},
colorId: 4,
sendUpdates: "all",
status: "confirmed",
},
},
(err, res) => {
if (err) {
console.dir("Error " + err);
defer.reject(err);
} else {
defer.resolve(res.data);
}
}
);
return defer.promise;
I had the doctor go through oauth2 to get access to his Google account.
After a while, I get the error "invalid_grant" when I try to run the code above. I'm guessing the token expired, but that can't be because I'm using the refresh token in the request above not the access token and the user hasn't revoked access.
Am I supposed to refresh the token after some time? What I'm I doing wrong?
Upvotes: 2
Views: 2765
Answers (1)
Reputation: 117281
refreshing access.
The client library you are using will handle refreshing your access token as long as there is a valid refresh token available to it. Access tokens expire after one hour. So its probably refreshing it without you realising it.
Anwser: invalid_grant error
invalid_grant its most often caused these days because your refresh token has expired. Refresh tokens for apps that are still in the testing phase expire after seven days.
They key here is going to be to set your app in to production. Once the app is in production your refresh token will no longer expire.
Clearing up confusing caused in comments
there is a limit of 50 refresh tokens per account per clientId,
This statement is unclear. There is a limit of 50 outstanding refresh tokens "per user + per client". The missing key here is the+.
- There is no limit to the number of Users your application can authorize - - There is no limit to the number of refresh tokens your application can create.
- There is a limit to the number of outstanding refresh tokens a user can have to an application.
When I run your app I get a refresh token, If : run it again and show the consent screen and authorize it again I now have two refresh tokens. They will both work. I can do this up to 50 times at which point I now have 50 outstanding working refresh tokens. if I do it again then the first one will be expired and I will again have 50 outstanding refresh tokens.
The actual comment from googles documentation is oauth2
There is currently a limit of 50 refresh tokens per Google Account per OAuth 2.0 client ID.
The key here being per Google Account per OAuth 2.0 client ID Each user has a google account. Refresh tokens are based upon the users google account and the client id for the app requesting authorization.
Refresh tokens expiring
After the app is no longer in test. Refresh tokens for the most part do not expire. The key here is most part as long as you use it at least once every six months it will not expire. As long as the user does not revoke the access of the app it will continue to work.
Upvotes: 3
Related Questions
- Do Google refresh tokens expire?
- Google OAuth2 API Refresh Tokens
- Google idToken Refresh
- Access token not getting refreshed automatically Google node sdk
- Do we need to refresh tokens when using a google service account
- Google Refresh Tokens Lifetime
- How long is the refresh token valid?
- Is Google API's access token never expiring?
- Does OAuth 2.0 refresh token expires at all?
- OAuth 2.0 - When should an access token be renewed with refresh token?