Reputation: 43
I want to use Google API refresh tokens forever
There is a process to obtain a refresh token via OAuth authentication for Google API, and then obtain an access token from the refresh token to validate the receipt.
The other day the refresh token suddenly expired and the receipt validation failed. Our service stopped processing billing. Below is the error when it failed.
{
"error": "invalid_grant",
"error_description": "Token has been expired or revoked."
}
I thought refresh tokens reset their expiration date each time they are used, so why did they expire? I don't think the following rules apply.
You must write your code to anticipate the possibility that a granted refresh token might no longer work. these reasons:
- The user has revoked your app's access.
- The refresh token has not been used for six months.
- The user changed passwords and the refresh token contains Gmail scopes.
- The user account has exceeded a maximum number of granted (live) refresh tokens.
- The user belongs to a Google Cloud Platform organization that has session control policies in effect. (https://developers.google.com/identity/protocols/oauth2)
I want to use the refresh token forever. Thank you in advance.
Upvotes: 4
Views: 10903
Answers (3)
Reputation: 9
By last answer...
- It means we can used one refresh token for 6 month. right ?
- And after 6 month we have to update refresh token. right ?
Upvotes: 0
Reputation: 582
Thank you for this interesting conversation. It looks like in my case, after having got an access_token and a refresh_token, which I use regulary to invoke the Gmail API, it no longer works after 6 months.
Could someone point me to a code example in Node, showing how to update the tokens on a regular basis? (I store them in a database, and wonder how to update the record appropriately via the google.auth.OAuth2 API).
I have made hundreds of searches but could not find anything else than "you should refresh your tokens" :)
It looks like
oauth2Client.on('tokens', (tokens) => {
logger.info("tokens=%o", tokens)
})
is only invoked once when establishing the connection, so it will not help.
I have also tried:
let x = await oauth2Client.refreshToken(database_refresh_token)
let refreshedToken = x.tokens.access_token
To store the new refreshed token in the database, but this does not help after 6 months. FYI, thanks to oauth2Client.getTokenInfo(refreshedToken) I can see that refreshedToken expires in 1 hour.
Finally, is there a way to test, without having to wait for 6 months?
Many thanks!
Upvotes: 2
Reputation: 117321
Refresh tokens do not expire by design there are a few things that can cause them to expire as you have listed. However there is one you have not listed.
If you check the docs for Experation you will find it also says.
If your app is in testing set it to production and your refresh token will stop expiring.
So as long as your app is in production, the user does not revoke your access, and they have less then 50 outstanding refresh tokens for that user, and you have used it at least once in the last six months. (gmail scope the user does not change their password). The refresh token should not be expiring.
That being said your system should be designed to handle a refresh token expiring and request access of the user again. or notifying the admin if this is a backend system.
Upvotes: 14
Related Questions
- Google OAuth2 API Refresh Tokens
- 'Token has been expired or revoked' - Google OAuth2 Refresh token gets expired in a few days
- How to get refresh token while using Google API JS Client
- my app is not able to receive refresh token from Google anymore
- Google oauthplayground make refresh token not expire
- Since couple of days Refresh token has been automatically expired
- How to stop Google from revoking my refresh token?
- Google Refresh Tokens Lifetime
- google api refresh token not working
- Google Oauth refresh Token